1. 25 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      FloatTypedArrayAdaptor::toJSValue should almost certainly not use jsNumber()... · 1fb752ad
      fpizlo@apple.com authored
      FloatTypedArrayAdaptor::toJSValue should almost certainly not use jsNumber() since that attempts int conversions
      https://bugs.webkit.org/show_bug.cgi?id=120228
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      It turns out that there were three problems:
              
      - Using jsNumber() meant that we were converting doubles to integers and then
        possibly back again whenever doing a set() between floating point arrays.
              
      - Slow-path accesses to double typed arrays were slower than necessary because
        of the to-int conversion attempt.
              
      - The use of JSValue as an intermediate for converting between differen types
        in typedArray.set() resulted in worse code than I had previously expected.
              
      This patch solves the problem by using template double-dispatch to ensure that
      that C++ compiler sees the simplest possible combination of casts between any
      combination of typed array types, while still preserving JS and typed array
      conversion semantics. Conversions are done as follows:
              
          SourceAdaptor::convertTo<TargetAdaptor>(value)
              
      Internally, convertTo() calls one of three possible methods on TargetAdaptor,
      with one method for each of int32_t, uint32_t, and double. This means that the
      C++ compiler will at worst see a widening cast to one of those types followed
      by a narrowing conversion (not necessarily a cast - may have clamping or the
      JS toInt32() function).
              
      This change doesn't just affect typedArray.set(); it also affects slow-path
      accesses to typed arrays as well. This patch also adds a bunch of new test
      coverage.
              
      This change is a ~50% speed-up on typedArray.set() involving floating point
      types.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/GenericTypedArrayView.h:
      (JSC::GenericTypedArrayView::set):
      * runtime/JSDataViewPrototype.cpp:
      (JSC::setData):
      * runtime/JSGenericTypedArrayView.h:
      (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
      (JSC::JSGenericTypedArrayView::setIndexQuickly):
      * runtime/JSGenericTypedArrayViewInlines.h:
      (JSC::::setWithSpecificType):
      (JSC::::set):
      * runtime/ToNativeFromValue.h: Added.
      (JSC::toNativeFromValue):
      * runtime/TypedArrayAdaptors.h:
      (JSC::IntegralTypedArrayAdaptor::toJSValue):
      (JSC::IntegralTypedArrayAdaptor::toDouble):
      (JSC::IntegralTypedArrayAdaptor::toNativeFromInt32):
      (JSC::IntegralTypedArrayAdaptor::toNativeFromUint32):
      (JSC::IntegralTypedArrayAdaptor::toNativeFromDouble):
      (JSC::IntegralTypedArrayAdaptor::convertTo):
      (JSC::FloatTypedArrayAdaptor::toJSValue):
      (JSC::FloatTypedArrayAdaptor::toDouble):
      (JSC::FloatTypedArrayAdaptor::toNativeFromInt32):
      (JSC::FloatTypedArrayAdaptor::toNativeFromUint32):
      (JSC::FloatTypedArrayAdaptor::toNativeFromDouble):
      (JSC::FloatTypedArrayAdaptor::convertTo):
      (JSC::Uint8ClampedAdaptor::toJSValue):
      (JSC::Uint8ClampedAdaptor::toDouble):
      (JSC::Uint8ClampedAdaptor::toNativeFromInt32):
      (JSC::Uint8ClampedAdaptor::toNativeFromUint32):
      (JSC::Uint8ClampedAdaptor::toNativeFromDouble):
      (JSC::Uint8ClampedAdaptor::convertTo):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
              
      Add coverage for three things:
              
      - Typed array accesses with corner-case values.
              
      - Typed array set() (i.e. copy) between arrays of different types.
              
      - Performance of typedArray.set() involving different types.
              
      This required some changes to our test harnesses, since they previously
      couldn't consistently do numerical array comparisons in a reliable way.
      
      * fast/js/regress/Float32Array-to-Float64Array-set-expected.txt: Added.
      * fast/js/regress/Float32Array-to-Float64Array-set.html: Added.
      * fast/js/regress/Float64Array-to-Int16Array-set-expected.txt: Added.
      * fast/js/regress/Float64Array-to-Int16Array-set.html: Added.
      * fast/js/regress/Int16Array-to-Int32Array-set-expected.txt: Added.
      * fast/js/regress/Int16Array-to-Int32Array-set.html: Added.
      * fast/js/regress/script-tests/Float32Array-to-Float64Array-set.js: Added.
      * fast/js/regress/script-tests/Float64Array-to-Int16Array-set.js: Added.
      * fast/js/regress/script-tests/Int16Array-to-Int32Array-set.js: Added.
      * fast/js/resources/js-test-pre.js:
      (areNumbersEqual):
      (areArraysEqual):
      (isResultCorrect):
      * fast/js/resources/standalone-pre.js:
      (areNumbersEqual):
      (areArraysEqual):
      (isTypedArray):
      (isResultCorrect):
      (stringify):
      (shouldBe):
      * fast/js/script-tests/typed-array-access.js: Added.
      (bitsToString):
      (bitsToValue):
      (valueToBits):
      (roundTrip):
      * fast/js/script-tests/typed-array-set-different-types.js: Added.
      (MyRandom):
      (.reference):
      (.usingConstruct):
      * fast/js/typed-array-access-expected.txt: Added.
      * fast/js/typed-array-access.html: Added.
      * fast/js/typed-array-set-different-types-expected.txt: Added.
      * fast/js/typed-array-set-different-types.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154569 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1fb752ad
  2. 20 Aug, 2013 1 commit
    • achristensen@apple.com's avatar
      Use PlatformArchitecture to distinguish between 32-bit and 64-bit builds on Windows. · 64923f13
      achristensen@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119512
      
      Reviewed by Brent Fulgham.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
      * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
      * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
      * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
      * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
      Replaced obj32, bin32, and lib32 with macros for 64-bit build.
      
      Source/ThirdParty: 
      
      * gtest/msvc/gtest-md.vcxproj:
      Replaced obj32, bin32, and lib32 with macros for 64-bit build.
      
      Source/WebCore: 
      
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * WebCore.vcxproj/WebCoreCommon.props:
      * WebCore.vcxproj/WebCoreGeneratedCommon.props:
      * WebCore.vcxproj/WebCoreTestSupport.vcxproj:
      * WebCore.vcxproj/WebCoreTestSupport.vcxproj.filters:
      Replaced obj32, bin32, and lib32 with macros for 64-bit build.
      
      Source/WebKit: 
      
      * WebKit.vcxproj/Interfaces/InterfacesCommon.props:
      * WebKit.vcxproj/WebKit/WebKit.vcxproj:
      * WebKit.vcxproj/WebKit/WebKit.vcxproj.filters:
      * WebKit.vcxproj/WebKit/WebKitCommon.props:
      * WebKit.vcxproj/WebKitExportGenerator/WebKitExportGenerator.vcxproj:
      * WebKit.vcxproj/WebKitExportGenerator/WebKitExportGenerator.vcxproj.filters:
      * WebKit.vcxproj/WebKitGUID/WebKitGUID.vcxproj:
      * WebKit.vcxproj/WebKitGUID/WebKitGUID.vcxproj.filters:
      * WebKit.vcxproj/WebKitGUID/WebKitGUIDCommon.props:
      Replaced obj32, bin32, and lib32 with macros for 64-bit build.
      
      Source/WTF: 
      
      * WTF.vcxproj/WTFGeneratedCommon.props:
      Replaced obj32, bin32, and lib32 with macros for 64-bit build.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154333 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      64923f13
  3. 15 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      Typed arrays should be rewritten · 0e0d9312
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119064
      
      .: 
      
      Reviewed by Oliver Hunt.
      
      Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
      
      * Source/autotools/symbols.filter:
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Typed arrays were previously deficient in several major ways:
              
      - They were defined separately in WebCore and in the jsc shell. The two
        implementations were different, and the jsc shell one was basically wrong.
        The WebCore one was quite awful, also.
              
      - Typed arrays were not visible to the JIT except through some weird hooks.
        For example, the JIT could not ask "what is the Structure that this typed
        array would have if I just allocated it from this global object". Also,
        it was difficult to wire any of the typed array intrinsics, because most
        of the functionality wasn't visible anywhere in JSC.
              
      - Typed array allocation was brain-dead. Allocating a typed array involved
        two JS objects, two GC weak handles, and three malloc allocations.
              
      - Neutering. It involved keeping tabs on all native views but not the view
        wrappers, even though the native views can autoneuter just by asking the
        buffer if it was neutered anytime you touch them; while the JS view
        wrappers are the ones that you really want to reach out to.
              
      - Common case-ing. Most typed arrays have one buffer and one view, and
        usually nobody touches the buffer. Yet we created all of that stuff
        anyway, using data structures optimized for the case where you had a lot
        of views.
              
      - Semantic goofs. Typed arrays should, in the future, behave like ES
        features rather than DOM features, for example when it comes to exceptions.
        Firefox already does this and I agree with them.
              
      This patch cleanses our codebase of these sins:
              
      - Typed arrays are almost entirely defined in JSC. Only the lifecycle
        management of native references to buffers is left to WebCore.
              
      - Allocating a typed array requires either two GC allocations (a cell and a
        copied storage vector) or one GC allocation, a malloc allocation, and a
        weak handle (a cell and a malloc'd storage vector, plus a finalizer for the
        latter). The latter is only used for oversize arrays. Remember that before
        it was 7 allocations no matter what.
              
      - Typed arrays require just 4 words of overhead: Structure*, Butterfly*,
        mode/length, void* vector. Before it was a lot more than that - remember,
        there were five additional objects that did absolutely nothing for anybody.
              
      - Native views aren't tracked by the buffer, or by the wrappers. They are
        transient. In the future we'll probably switch to not even having them be
        malloc'd.
              
      - Native array buffers have an efficient way of tracking all of their JS view
        wrappers, both for neutering, and for lifecycle management. The GC
        special-cases native array buffers. This saves a bunch of grief; for example
        it means that a JS view wrapper can refer to its buffer via the butterfly,
        which would be dead by the time we went to finalize.
              
      - Typed array semantics now match Firefox, which also happens to be where the
        standards are going. The discussion on webkit-dev seemed to confirm that
        Chrome is also heading in this direction. This includes making
        Uint8ClampedArray not a subtype of Uint8Array, and getting rid of
        ArrayBufferView as a JS-visible construct.
              
      This is up to a 10x speed-up on programs that allocate a lot of typed arrays.
      It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for
      further typed array optimizations in the JSC JITs, including inlining typed
      array allocation, inlining more of the accessors, reducing the cost of type
      checks, etc.
              
      An additional property of this patch is that typed arrays are mostly
      implemented using templates. This deduplicates a bunch of code, but does mean
      that we need some hacks for exporting s_info's of template classes. See
      JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly
      low-impact compared to code duplication.
              
      Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h: Removed.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ByValInfo.h:
      (JSC::hasOptimizableIndexingForClassInfo):
      (JSC::jitArrayModeForClassInfo):
      (JSC::typedArrayTypeForJITArrayMode):
      * bytecode/SpeculatedType.cpp:
      (JSC::speculationFromClassInfo):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::toTypedArrayType):
      * dfg/DFGArrayMode.h:
      (JSC::DFG::ArrayMode::typedArrayType):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/CopyToken.h:
      * heap/DeferGC.h:
      (JSC::DeferGCForAWhile::DeferGCForAWhile):
      (JSC::DeferGCForAWhile::~DeferGCForAWhile):
      * heap/GCIncomingRefCounted.h: Added.
      (JSC::GCIncomingRefCounted::GCIncomingRefCounted):
      (JSC::GCIncomingRefCounted::~GCIncomingRefCounted):
      (JSC::GCIncomingRefCounted::numberOfIncomingReferences):
      (JSC::GCIncomingRefCounted::incomingReferenceAt):
      (JSC::GCIncomingRefCounted::singletonFlag):
      (JSC::GCIncomingRefCounted::hasVectorOfCells):
      (JSC::GCIncomingRefCounted::hasAnyIncoming):
      (JSC::GCIncomingRefCounted::hasSingleton):
      (JSC::GCIncomingRefCounted::singleton):
      (JSC::GCIncomingRefCounted::vectorOfCells):
      * heap/GCIncomingRefCountedInlines.h: Added.
      (JSC::::addIncomingReference):
      (JSC::::filterIncomingReferences):
      * heap/GCIncomingRefCountedSet.h: Added.
      (JSC::GCIncomingRefCountedSet::size):
      * heap/GCIncomingRefCountedSetInlines.h: Added.
      (JSC::::GCIncomingRefCountedSet):
      (JSC::::~GCIncomingRefCountedSet):
      (JSC::::addReference):
      (JSC::::sweep):
      (JSC::::removeAll):
      (JSC::::removeDead):
      * heap/Heap.cpp:
      (JSC::Heap::addReference):
      (JSC::Heap::extraSize):
      (JSC::Heap::size):
      (JSC::Heap::capacity):
      (JSC::Heap::collect):
      (JSC::Heap::decrementDeferralDepth):
      (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
      * heap/Heap.h:
      * interpreter/CallFrame.h:
      (JSC::ExecState::dataViewTable):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      (JSC::JIT::emitIntTypedArrayGetByVal):
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      (JSC::JIT::emitIntTypedArrayPutByVal):
      (JSC::JIT::emitFloatTypedArrayPutByVal):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * runtime/ArrayBuffer.cpp:
      (JSC::ArrayBuffer::transfer):
      * runtime/ArrayBuffer.h:
      (JSC::ArrayBuffer::createAdopted):
      (JSC::ArrayBuffer::ArrayBuffer):
      (JSC::ArrayBuffer::gcSizeEstimateInBytes):
      (JSC::ArrayBuffer::pin):
      (JSC::ArrayBuffer::unpin):
      (JSC::ArrayBufferContents::tryAllocate):
      * runtime/ArrayBufferView.cpp:
      (JSC::ArrayBufferView::ArrayBufferView):
      (JSC::ArrayBufferView::~ArrayBufferView):
      (JSC::ArrayBufferView::setNeuterable):
      * runtime/ArrayBufferView.h:
      (JSC::ArrayBufferView::isNeutered):
      (JSC::ArrayBufferView::buffer):
      (JSC::ArrayBufferView::baseAddress):
      (JSC::ArrayBufferView::byteOffset):
      (JSC::ArrayBufferView::verifySubRange):
      (JSC::ArrayBufferView::clampOffsetAndNumElements):
      (JSC::ArrayBufferView::calculateOffsetAndLength):
      * runtime/ClassInfo.h:
      * runtime/CommonIdentifiers.h:
      * runtime/DataView.cpp: Added.
      (JSC::DataView::DataView):
      (JSC::DataView::create):
      (JSC::DataView::wrap):
      * runtime/DataView.h: Added.
      (JSC::DataView::byteLength):
      (JSC::DataView::getType):
      (JSC::DataView::get):
      (JSC::DataView::set):
      * runtime/Float32Array.h:
      * runtime/Float64Array.h:
      * runtime/GenericTypedArrayView.h: Added.
      (JSC::GenericTypedArrayView::data):
      (JSC::GenericTypedArrayView::set):
      (JSC::GenericTypedArrayView::setRange):
      (JSC::GenericTypedArrayView::zeroRange):
      (JSC::GenericTypedArrayView::zeroFill):
      (JSC::GenericTypedArrayView::length):
      (JSC::GenericTypedArrayView::byteLength):
      (JSC::GenericTypedArrayView::item):
      (JSC::GenericTypedArrayView::checkInboundData):
      (JSC::GenericTypedArrayView::getType):
      * runtime/GenericTypedArrayViewInlines.h: Added.
      (JSC::::GenericTypedArrayView):
      (JSC::::create):
      (JSC::::createUninitialized):
      (JSC::::subarray):
      (JSC::::wrap):
      * runtime/IndexingHeader.h:
      (JSC::IndexingHeader::arrayBuffer):
      (JSC::IndexingHeader::setArrayBuffer):
      * runtime/Int16Array.h:
      * runtime/Int32Array.h:
      * runtime/Int8Array.h:
      * runtime/JSArrayBuffer.cpp: Added.
      (JSC::JSArrayBuffer::JSArrayBuffer):
      (JSC::JSArrayBuffer::finishCreation):
      (JSC::JSArrayBuffer::create):
      (JSC::JSArrayBuffer::createStructure):
      (JSC::JSArrayBuffer::getOwnPropertySlot):
      (JSC::JSArrayBuffer::getOwnPropertyDescriptor):
      (JSC::JSArrayBuffer::put):
      (JSC::JSArrayBuffer::defineOwnProperty):
      (JSC::JSArrayBuffer::deleteProperty):
      (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):
      * runtime/JSArrayBuffer.h: Added.
      (JSC::JSArrayBuffer::impl):
      (JSC::toArrayBuffer):
      * runtime/JSArrayBufferConstructor.cpp: Added.
      (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor):
      (JSC::JSArrayBufferConstructor::finishCreation):
      (JSC::JSArrayBufferConstructor::create):
      (JSC::JSArrayBufferConstructor::createStructure):
      (JSC::constructArrayBuffer):
      (JSC::JSArrayBufferConstructor::getConstructData):
      (JSC::JSArrayBufferConstructor::getCallData):
      * runtime/JSArrayBufferConstructor.h: Added.
      * runtime/JSArrayBufferPrototype.cpp: Added.
      (JSC::arrayBufferProtoFuncSlice):
      (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype):
      (JSC::JSArrayBufferPrototype::finishCreation):
      (JSC::JSArrayBufferPrototype::create):
      (JSC::JSArrayBufferPrototype::createStructure):
      * runtime/JSArrayBufferPrototype.h: Added.
      * runtime/JSArrayBufferView.cpp: Added.
      (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
      (JSC::JSArrayBufferView::JSArrayBufferView):
      (JSC::JSArrayBufferView::finishCreation):
      (JSC::JSArrayBufferView::getOwnPropertySlot):
      (JSC::JSArrayBufferView::getOwnPropertyDescriptor):
      (JSC::JSArrayBufferView::put):
      (JSC::JSArrayBufferView::defineOwnProperty):
      (JSC::JSArrayBufferView::deleteProperty):
      (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
      (JSC::JSArrayBufferView::finalize):
      * runtime/JSArrayBufferView.h: Added.
      (JSC::JSArrayBufferView::sizeOf):
      (JSC::JSArrayBufferView::ConstructionContext::operator!):
      (JSC::JSArrayBufferView::ConstructionContext::structure):
      (JSC::JSArrayBufferView::ConstructionContext::vector):
      (JSC::JSArrayBufferView::ConstructionContext::length):
      (JSC::JSArrayBufferView::ConstructionContext::mode):
      (JSC::JSArrayBufferView::ConstructionContext::butterfly):
      (JSC::JSArrayBufferView::mode):
      (JSC::JSArrayBufferView::vector):
      (JSC::JSArrayBufferView::length):
      (JSC::JSArrayBufferView::offsetOfVector):
      (JSC::JSArrayBufferView::offsetOfLength):
      (JSC::JSArrayBufferView::offsetOfMode):
      * runtime/JSArrayBufferViewInlines.h: Added.
      (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary):
      (JSC::JSArrayBufferView::buffer):
      (JSC::JSArrayBufferView::impl):
      (JSC::JSArrayBufferView::neuter):
      (JSC::JSArrayBufferView::byteOffset):
      * runtime/JSCell.cpp:
      (JSC::JSCell::slowDownAndWasteMemory):
      (JSC::JSCell::getTypedArrayImpl):
      * runtime/JSCell.h:
      * runtime/JSDataView.cpp: Added.
      (JSC::JSDataView::JSDataView):
      (JSC::JSDataView::create):
      (JSC::JSDataView::createUninitialized):
      (JSC::JSDataView::set):
      (JSC::JSDataView::typedImpl):
      (JSC::JSDataView::getOwnPropertySlot):
      (JSC::JSDataView::getOwnPropertyDescriptor):
      (JSC::JSDataView::slowDownAndWasteMemory):
      (JSC::JSDataView::getTypedArrayImpl):
      (JSC::JSDataView::createStructure):
      * runtime/JSDataView.h: Added.
      * runtime/JSDataViewPrototype.cpp: Added.
      (JSC::JSDataViewPrototype::JSDataViewPrototype):
      (JSC::JSDataViewPrototype::create):
      (JSC::JSDataViewPrototype::createStructure):
      (JSC::JSDataViewPrototype::getOwnPropertySlot):
      (JSC::JSDataViewPrototype::getOwnPropertyDescriptor):
      (JSC::getData):
      (JSC::setData):
      (JSC::dataViewProtoFuncGetInt8):
      (JSC::dataViewProtoFuncGetInt16):
      (JSC::dataViewProtoFuncGetInt32):
      (JSC::dataViewProtoFuncGetUint8):
      (JSC::dataViewProtoFuncGetUint16):
      (JSC::dataViewProtoFuncGetUint32):
      (JSC::dataViewProtoFuncGetFloat32):
      (JSC::dataViewProtoFuncGetFloat64):
      (JSC::dataViewProtoFuncSetInt8):
      (JSC::dataViewProtoFuncSetInt16):
      (JSC::dataViewProtoFuncSetInt32):
      (JSC::dataViewProtoFuncSetUint8):
      (JSC::dataViewProtoFuncSetUint16):
      (JSC::dataViewProtoFuncSetUint32):
      (JSC::dataViewProtoFuncSetFloat32):
      (JSC::dataViewProtoFuncSetFloat64):
      * runtime/JSDataViewPrototype.h: Added.
      * runtime/JSFloat32Array.h: Added.
      * runtime/JSFloat64Array.h: Added.
      * runtime/JSGenericTypedArrayView.h: Added.
      (JSC::JSGenericTypedArrayView::byteLength):
      (JSC::JSGenericTypedArrayView::byteSize):
      (JSC::JSGenericTypedArrayView::typedVector):
      (JSC::JSGenericTypedArrayView::canGetIndexQuickly):
      (JSC::JSGenericTypedArrayView::canSetIndexQuickly):
      (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue):
      (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble):
      (JSC::JSGenericTypedArrayView::getIndexQuickly):
      (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue):
      (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
      (JSC::JSGenericTypedArrayView::setIndexQuickly):
      (JSC::JSGenericTypedArrayView::canAccessRangeQuickly):
      (JSC::JSGenericTypedArrayView::typedImpl):
      (JSC::JSGenericTypedArrayView::createStructure):
      (JSC::JSGenericTypedArrayView::info):
      (JSC::toNativeTypedView):
      * runtime/JSGenericTypedArrayViewConstructor.h: Added.
      * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added.
      (JSC::::JSGenericTypedArrayViewConstructor):
      (JSC::::finishCreation):
      (JSC::::create):
      (JSC::::createStructure):
      (JSC::constructGenericTypedArrayView):
      (JSC::::getConstructData):
      (JSC::::getCallData):
      * runtime/JSGenericTypedArrayViewInlines.h: Added.
      (JSC::::JSGenericTypedArrayView):
      (JSC::::create):
      (JSC::::createUninitialized):
      (JSC::::validateRange):
      (JSC::::setWithSpecificType):
      (JSC::::set):
      (JSC::::getOwnPropertySlot):
      (JSC::::getOwnPropertyDescriptor):
      (JSC::::put):
      (JSC::::defineOwnProperty):
      (JSC::::deleteProperty):
      (JSC::::getOwnPropertySlotByIndex):
      (JSC::::putByIndex):
      (JSC::::deletePropertyByIndex):
      (JSC::::getOwnNonIndexPropertyNames):
      (JSC::::getOwnPropertyNames):
      (JSC::::visitChildren):
      (JSC::::copyBackingStore):
      (JSC::::slowDownAndWasteMemory):
      (JSC::::getTypedArrayImpl):
      * runtime/JSGenericTypedArrayViewPrototype.h: Added.
      * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added.
      (JSC::genericTypedArrayViewProtoFuncSet):
      (JSC::genericTypedArrayViewProtoFuncSubarray):
      (JSC::::JSGenericTypedArrayViewPrototype):
      (JSC::::finishCreation):
      (JSC::::create):
      (JSC::::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::arrayBufferPrototype):
      (JSC::JSGlobalObject::arrayBufferStructure):
      (JSC::JSGlobalObject::typedArrayStructure):
      * runtime/JSInt16Array.h: Added.
      * runtime/JSInt32Array.h: Added.
      * runtime/JSInt8Array.h: Added.
      * runtime/JSTypedArrayConstructors.cpp: Added.
      * runtime/JSTypedArrayConstructors.h: Added.
      * runtime/JSTypedArrayPrototypes.cpp: Added.
      * runtime/JSTypedArrayPrototypes.h: Added.
      * runtime/JSTypedArrays.cpp: Added.
      * runtime/JSTypedArrays.h: Added.
      * runtime/JSUint16Array.h: Added.
      * runtime/JSUint32Array.h: Added.
      * runtime/JSUint8Array.h: Added.
      * runtime/JSUint8ClampedArray.h: Added.
      * runtime/Operations.h:
      * runtime/Options.h:
      * runtime/SimpleTypedArrayController.cpp: Added.
      (JSC::SimpleTypedArrayController::SimpleTypedArrayController):
      (JSC::SimpleTypedArrayController::~SimpleTypedArrayController):
      (JSC::SimpleTypedArrayController::toJS):
      * runtime/SimpleTypedArrayController.h: Added.
      * runtime/Structure.h:
      (JSC::Structure::couldHaveIndexingHeader):
      * runtime/StructureInlines.h:
      (JSC::Structure::hasIndexingHeader):
      * runtime/TypedArrayAdaptors.h: Added.
      (JSC::IntegralTypedArrayAdaptor::toNative):
      (JSC::IntegralTypedArrayAdaptor::toJSValue):
      (JSC::IntegralTypedArrayAdaptor::toDouble):
      (JSC::FloatTypedArrayAdaptor::toNative):
      (JSC::FloatTypedArrayAdaptor::toJSValue):
      (JSC::FloatTypedArrayAdaptor::toDouble):
      (JSC::Uint8ClampedAdaptor::toNative):
      (JSC::Uint8ClampedAdaptor::toJSValue):
      (JSC::Uint8ClampedAdaptor::toDouble):
      (JSC::Uint8ClampedAdaptor::clamp):
      * runtime/TypedArrayController.cpp: Added.
      (JSC::TypedArrayController::TypedArrayController):
      (JSC::TypedArrayController::~TypedArrayController):
      * runtime/TypedArrayController.h: Added.
      * runtime/TypedArrayDescriptor.h: Removed.
      * runtime/TypedArrayInlines.h: Added.
      * runtime/TypedArrayType.cpp: Added.
      (JSC::classInfoForType):
      (WTF::printInternal):
      * runtime/TypedArrayType.h: Added.
      (JSC::toIndex):
      (JSC::isTypedView):
      (JSC::elementSize):
      (JSC::isInt):
      (JSC::isFloat):
      (JSC::isSigned):
      (JSC::isClamped):
      * runtime/TypedArrays.h: Added.
      * runtime/Uint16Array.h:
      * runtime/Uint32Array.h:
      * runtime/Uint8Array.h:
      * runtime/Uint8ClampedArray.h:
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::VM::~VM):
      * runtime/VM.h:
      
      Source/WebCore: 
      
      Reviewed by Oliver Hunt.
      
      Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a
      client of them. There is only one layering violation: WebCore installs a
      WebCoreTypedArrayController on VM, which makes the
      ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default,
      JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer
      alive but if ArrayBuffer is kept alive from native code then the
      JSArrayByffer may die. WebCoreTypedArrayController will keep the
      JSArrayBuffer alive if the ArrayBuffer is in the opaque root set.
              
      To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is
      changed to make most references to wrappers refer to JSObject* rather than
      JSDOMWrapper*.
              
      Array buffer views are now transient; the JS array buffer view wrappers
      don't own them or keep them alive. This required a bunch of changes to make
      bindings code use RefPtr<ArrayBufferView> to hold onto their views.
              
      Also there is a bunch of new code to make JSC-provided array buffers and
      views obey the toJS/to<ClassName> idiom for wrapping and unwrapping.
              
      Finally, the DataView API is now completely different: the JSDataView
      provides the same user-visible JS API but using its own internal magic; the
      C++ code that uses DataView now uses a rather different API that is not
      aware of usual DOM semantics, since it's in JSC and not WebCore. It's
      equally useful for all of WebCore's purposes, but some code had to change
      to adapt the new conventions.
              
      Some tests have been changed or rebased due to changes in behavior, that
      bring us into conformance with where the standards are going and allow us to
      match Firefox behavior.
      
      Automake work and some additional GTK changes courtesy of
      Zan Dobersek <zdobersek@igalia.com>.
              
      Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * ForwardingHeaders/runtime/DataView.h: Added.
      * ForwardingHeaders/runtime/JSArrayBuffer.h: Added.
      * ForwardingHeaders/runtime/JSArrayBufferView.h: Added.
      * ForwardingHeaders/runtime/JSDataView.h: Added.
      * ForwardingHeaders/runtime/JSTypedArrays.h: Added.
      * ForwardingHeaders/runtime/TypedArrayController.h: Added.
      * ForwardingHeaders/runtime/TypedArrayInlines.h: Added.
      * ForwardingHeaders/runtime/TypedArrays.h: Added.
      * GNUmakefile.list.am:
      * Modules/webaudio/RealtimeAnalyser.h:
      * Target.pri:
      * UseJSC.cmake:
      * WebCore.exp.in:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.xcodeproj/project.pbxproj:
      * bindings/js/DOMWrapperWorld.h:
      * bindings/js/JSArrayBufferCustom.cpp: Removed.
      * bindings/js/JSArrayBufferViewHelper.h: Removed.
      * bindings/js/JSAudioContextCustom.cpp:
      * bindings/js/JSBindingsAllInOne.cpp:
      * bindings/js/JSBlobCustom.cpp:
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSCSSValueCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSCryptoCustom.cpp:
      (WebCore::JSCrypto::getRandomValues):
      * bindings/js/JSDOMBinding.h:
      (WebCore::wrapperOwner):
      (WebCore::wrapperContext):
      (WebCore::getInlineCachedWrapper):
      (WebCore::setInlineCachedWrapper):
      (WebCore::clearInlineCachedWrapper):
      (WebCore::getCachedWrapper):
      (WebCore::cacheWrapper):
      (WebCore::uncacheWrapper):
      (WebCore::wrap):
      (WebCore::toJS):
      (WebCore::toArrayBufferView):
      (WebCore::toInt8Array):
      (WebCore::toInt16Array):
      (WebCore::toInt32Array):
      (WebCore::toUint8Array):
      (WebCore::toUint8ClampedArray):
      (WebCore::toUint16Array):
      (WebCore::toUint32Array):
      (WebCore::toFloat32Array):
      (WebCore::toFloat64Array):
      (WebCore::toDataView):
      * bindings/js/JSDataViewCustom.cpp: Removed.
      * bindings/js/JSDictionary.cpp:
      * bindings/js/JSDictionary.h:
      * bindings/js/JSDocumentCustom.cpp:
      (WebCore::JSDocument::location):
      (WebCore::toJS):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSFileReaderCustom.cpp:
      * bindings/js/JSHTMLCollectionCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSHTMLTemplateElementCustom.cpp:
      (WebCore::JSHTMLTemplateElement::content):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      * bindings/js/JSMessageEventCustom.cpp:
      * bindings/js/JSMessagePortCustom.cpp:
      * bindings/js/JSSVGPathSegCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSTrackCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::SerializedScriptValue::transferArrayBuffers):
      * bindings/js/WebCoreJSClientData.h:
      (WebCore::initNormalWorldClientData):
      * bindings/js/WebCoreTypedArrayController.cpp: Added.
      (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController):
      (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController):
      (WebCore::WebCoreTypedArrayController::toJS):
      (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
      (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
      * bindings/js/WebCoreTypedArrayController.h: Added.
      (WebCore::WebCoreTypedArrayController::wrapperOwner):
      * bindings/scripts/CodeGenerator.pm:
      (ForAllParents):
      (ParseInterface):
      (SkipIncludeHeader):
      (IsTypedArrayType):
      (IsWrapperType):
      * bindings/scripts/CodeGeneratorJS.pm:
      (AddIncludesForType):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateParametersCheck):
      (GetNativeType):
      (JSValueToNative):
      (NativeToJSValue):
      (GenerateConstructorDefinition):
      (GenerateConstructorHelperMethods):
      * fileapi/WebKitBlobBuilder.cpp:
      (WebCore::BlobBuilder::append):
      * fileapi/WebKitBlobBuilder.h:
      * html/canvas/ArrayBuffer.idl: Removed.
      * html/canvas/ArrayBufferView.idl: Removed.
      * html/canvas/DataView.cpp: Removed.
      * html/canvas/DataView.h: Removed.
      * html/canvas/DataView.idl: Removed.
      * html/canvas/Float32Array.idl: Removed.
      * html/canvas/Float64Array.idl: Removed.
      * html/canvas/Int16Array.idl: Removed.
      * html/canvas/Int32Array.idl: Removed.
      * html/canvas/Int8Array.idl: Removed.
      * html/canvas/Uint16Array.idl: Removed.
      * html/canvas/Uint32Array.idl: Removed.
      * html/canvas/Uint8Array.idl: Removed.
      * html/canvas/Uint8ClampedArray.idl: Removed.
      * html/canvas/WebGLRenderingContext.cpp:
      (WebCore::WebGLRenderingContext::readPixels):
      (WebCore::WebGLRenderingContext::validateTexFuncData):
      * page/Crypto.cpp:
      * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
      (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource):
      (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData):
      * platform/graphics/filters/FECustomFilter.h:
      * platform/graphics/filters/FEGaussianBlur.cpp:
      * platform/graphics/filters/FilterEffect.cpp:
      * testing/MockCDM.cpp:
      
      Source/WebKit2: 
      
      Reviewed by Oliver Hunt.
              
      You don't need to include JSUint8Array anymore if you just want to
      unwrap one; JSDOMBinding gives you all of the things you need.
      
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
              
      - Added the notion of a reference counted object that can be marked Deferred,
        which is like a special-purpose upref.
              
      - Added a common byte flipper.
      
      Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
      
      * GNUmakefile.list.am:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/DeferrableRefCounted.h: Added.
      (WTF::DeferrableRefCountedBase::ref):
      (WTF::DeferrableRefCountedBase::hasOneRef):
      (WTF::DeferrableRefCountedBase::refCount):
      (WTF::DeferrableRefCountedBase::isDeferred):
      (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase):
      (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase):
      (WTF::DeferrableRefCountedBase::derefBase):
      (WTF::DeferrableRefCountedBase::setIsDeferredBase):
      (WTF::DeferrableRefCounted::deref):
      (WTF::DeferrableRefCounted::setIsDeferred):
      (WTF::DeferrableRefCounted::DeferrableRefCounted):
      (WTF::DeferrableRefCounted::~DeferrableRefCounted):
      * wtf/FlipBytes.h: Added.
      (WTF::needToFlipBytesIfLittleEndian):
      (WTF::flipBytes):
      (WTF::flipBytesIfLittleEndian):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/canvas/webgl/array-set-invalid-arguments-expected.txt:
      * fast/canvas/webgl/array-set-out-of-bounds-expected.txt:
      * fast/canvas/webgl/array-unit-tests-expected.txt:
      * fast/canvas/webgl/array-unit-tests.html:
      * fast/canvas/webgl/data-view-crash-expected.txt:
      * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js:
      (checkView):
      * fast/dom/call-a-constructor-as-a-function-expected.txt:
      * fast/dom/call-a-constructor-as-a-function.html:
      * fast/js/constructor-length.html:
      * fast/js/global-constructors-attributes-dedicated-worker-expected.txt:
      * fast/js/global-constructors-attributes-expected.txt:
      * fast/js/global-constructors-attributes-shared-worker-expected.txt:
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added.
      * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added.
      * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added.
      * fast/js/regress/Int32Array-alloc-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added.
      * fast/js/regress/Int32Array-alloc-huge.html: Added.
      * fast/js/regress/Int32Array-alloc-large-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added.
      * fast/js/regress/Int32Array-alloc-large.html: Added.
      * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-long-lived.html: Added.
      * fast/js/regress/Int32Array-alloc.html: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added.
      * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc.js: Added.
      * platform/mac/fast/js/constructor-length-expected.txt:
      * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html:
      * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e0d9312
  4. 05 Aug, 2013 2 commits
    • oliver@apple.com's avatar
      Move TypedArray implementation into JSC · df606084
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119489
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      Move TypedArray implementation into JSC in advance of re-implementation
      
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/ArrayBuffer.cpp: Renamed from Source/WTF/wtf/ArrayBuffer.cpp.
      (JSC::ArrayBuffer::transfer):
      (JSC::ArrayBuffer::addView):
      (JSC::ArrayBuffer::removeView):
      * runtime/ArrayBuffer.h: Renamed from Source/WTF/wtf/ArrayBuffer.h.
      (JSC::ArrayBufferContents::ArrayBufferContents):
      (JSC::ArrayBufferContents::data):
      (JSC::ArrayBufferContents::sizeInBytes):
      (JSC::ArrayBufferContents::transfer):
      (JSC::ArrayBufferContents::copyTo):
      (JSC::ArrayBuffer::isNeutered):
      (JSC::ArrayBuffer::~ArrayBuffer):
      (JSC::ArrayBuffer::clampValue):
      (JSC::ArrayBuffer::create):
      (JSC::ArrayBuffer::createUninitialized):
      (JSC::ArrayBuffer::ArrayBuffer):
      (JSC::ArrayBuffer::data):
      (JSC::ArrayBuffer::byteLength):
      (JSC::ArrayBuffer::slice):
      (JSC::ArrayBuffer::sliceImpl):
      (JSC::ArrayBuffer::clampIndex):
      (JSC::ArrayBufferContents::tryAllocate):
      (JSC::ArrayBufferContents::~ArrayBufferContents):
      * runtime/ArrayBufferView.cpp: Renamed from Source/WTF/wtf/ArrayBufferView.cpp.
      (JSC::ArrayBufferView::ArrayBufferView):
      (JSC::ArrayBufferView::~ArrayBufferView):
      (JSC::ArrayBufferView::neuter):
      * runtime/ArrayBufferView.h: Renamed from Source/WTF/wtf/ArrayBufferView.h.
      (JSC::ArrayBufferView::buffer):
      (JSC::ArrayBufferView::baseAddress):
      (JSC::ArrayBufferView::byteOffset):
      (JSC::ArrayBufferView::setNeuterable):
      (JSC::ArrayBufferView::isNeuterable):
      (JSC::ArrayBufferView::verifySubRange):
      (JSC::ArrayBufferView::clampOffsetAndNumElements):
      (JSC::ArrayBufferView::setImpl):
      (JSC::ArrayBufferView::setRangeImpl):
      (JSC::ArrayBufferView::zeroRangeImpl):
      (JSC::ArrayBufferView::calculateOffsetAndLength):
      * runtime/Float32Array.h: Renamed from Source/WTF/wtf/Float32Array.h.
      (JSC::Float32Array::set):
      (JSC::Float32Array::getType):
      (JSC::Float32Array::create):
      (JSC::Float32Array::createUninitialized):
      (JSC::Float32Array::Float32Array):
      (JSC::Float32Array::subarray):
      * runtime/Float64Array.h: Renamed from Source/WTF/wtf/Float64Array.h.
      (JSC::Float64Array::set):
      (JSC::Float64Array::getType):
      (JSC::Float64Array::create):
      (JSC::Float64Array::createUninitialized):
      (JSC::Float64Array::Float64Array):
      (JSC::Float64Array::subarray):
      * runtime/Int16Array.h: Renamed from Source/WTF/wtf/Int16Array.h.
      (JSC::Int16Array::getType):
      (JSC::Int16Array::create):
      (JSC::Int16Array::createUninitialized):
      (JSC::Int16Array::Int16Array):
      (JSC::Int16Array::subarray):
      * runtime/Int32Array.h: Renamed from Source/WTF/wtf/Int32Array.h.
      (JSC::Int32Array::getType):
      (JSC::Int32Array::create):
      (JSC::Int32Array::createUninitialized):
      (JSC::Int32Array::Int32Array):
      (JSC::Int32Array::subarray):
      * runtime/Int8Array.h: Renamed from Source/WTF/wtf/Int8Array.h.
      (JSC::Int8Array::getType):
      (JSC::Int8Array::create):
      (JSC::Int8Array::createUninitialized):
      (JSC::Int8Array::Int8Array):
      (JSC::Int8Array::subarray):
      * runtime/IntegralTypedArrayBase.h: Renamed from Source/WTF/wtf/IntegralTypedArrayBase.h.
      (JSC::IntegralTypedArrayBase::set):
      (JSC::IntegralTypedArrayBase::IntegralTypedArrayBase):
      * runtime/TypedArrayBase.h: Renamed from Source/WTF/wtf/TypedArrayBase.h.
      (JSC::TypedArrayBase::data):
      (JSC::TypedArrayBase::set):
      (JSC::TypedArrayBase::setRange):
      (JSC::TypedArrayBase::zeroRange):
      (JSC::TypedArrayBase::length):
      (JSC::TypedArrayBase::byteLength):
      (JSC::TypedArrayBase::item):
      (JSC::TypedArrayBase::checkInboundData):
      (JSC::TypedArrayBase::TypedArrayBase):
      (JSC::TypedArrayBase::create):
      (JSC::TypedArrayBase::createUninitialized):
      (JSC::TypedArrayBase::subarrayImpl):
      (JSC::TypedArrayBase::neuter):
      * runtime/Uint16Array.h: Renamed from Source/WTF/wtf/Uint16Array.h.
      (JSC::Uint16Array::getType):
      (JSC::Uint16Array::create):
      (JSC::Uint16Array::createUninitialized):
      (JSC::Uint16Array::Uint16Array):
      (JSC::Uint16Array::subarray):
      * runtime/Uint32Array.h: Renamed from Source/WTF/wtf/Uint32Array.h.
      (JSC::Uint32Array::getType):
      (JSC::Uint32Array::create):
      (JSC::Uint32Array::createUninitialized):
      (JSC::Uint32Array::Uint32Array):
      (JSC::Uint32Array::subarray):
      * runtime/Uint8Array.h: Renamed from Source/WTF/wtf/Uint8Array.h.
      (JSC::Uint8Array::getType):
      (JSC::Uint8Array::create):
      (JSC::Uint8Array::createUninitialized):
      (JSC::Uint8Array::Uint8Array):
      (JSC::Uint8Array::subarray):
      * runtime/Uint8ClampedArray.h: Renamed from Source/WTF/wtf/Uint8ClampedArray.h.
      (JSC::Uint8ClampedArray::getType):
      (JSC::Uint8ClampedArray::create):
      (JSC::Uint8ClampedArray::createUninitialized):
      (JSC::Uint8ClampedArray::zeroFill):
      (JSC::Uint8ClampedArray::set):
      (JSC::Uint8ClampedArray::Uint8ClampedArray):
      (JSC::Uint8ClampedArray::subarray):
      * runtime/VM.h:
      
      Source/WebCore:
      
      Update WebCore for new location of TypedArray implementation.
      
      * ForwardingHeaders/runtime/ArrayBuffer.h: Added.
      * ForwardingHeaders/runtime/ArrayBufferView.h: Added.
      * ForwardingHeaders/runtime/Float32Array.h: Added.
      * ForwardingHeaders/runtime/Float64Array.h: Added.
      * ForwardingHeaders/runtime/Int16Array.h: Added.
      * ForwardingHeaders/runtime/Int32Array.h: Added.
      * ForwardingHeaders/runtime/Int8Array.h: Added.
      * ForwardingHeaders/runtime/IntegralTypedArrayBase.h: Added.
      * ForwardingHeaders/runtime/TypedArrayBase.h: Added.
      * ForwardingHeaders/runtime/Uint16Array.h: Added.
      * ForwardingHeaders/runtime/Uint32Array.h: Added.
      * ForwardingHeaders/runtime/Uint8Array.h: Added.
      * ForwardingHeaders/runtime/Uint8ClampedArray.h: Added.
      * Modules/webaudio/AnalyserNode.h:
      (WebCore::AnalyserNode::getFloatFrequencyData):
      (WebCore::AnalyserNode::getByteFrequencyData):
      (WebCore::AnalyserNode::getByteTimeDomainData):
      * Modules/webaudio/AsyncAudioDecoder.cpp:
      * Modules/webaudio/AsyncAudioDecoder.h:
      (WebCore::AsyncAudioDecoder::DecodingTask::audioData):
      * Modules/webaudio/AudioBuffer.h:
      * Modules/webaudio/AudioContext.cpp:
      * Modules/webaudio/AudioParam.h:
      * Modules/webaudio/AudioParamTimeline.h:
      * Modules/webaudio/PeriodicWave.h:
      * Modules/webaudio/RealtimeAnalyser.cpp:
      * Modules/webaudio/RealtimeAnalyser.h:
      * Modules/webaudio/ScriptProcessorNode.cpp:
      * Modules/webaudio/WaveShaperProcessor.h:
      * Modules/websockets/ThreadableWebSocketChannel.h:
      * Modules/websockets/WebSocket.cpp:
      * Modules/websockets/WebSocket.h:
      * Modules/websockets/WebSocketChannel.cpp:
      * Modules/websockets/WebSocketChannel.h:
      * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
      * Modules/websockets/WorkerThreadableWebSocketChannel.h:
      * WebCore.exp.in:
      * bindings/js/JSArrayBufferCustom.cpp:
      * bindings/js/JSArrayBufferViewHelper.h:
      * bindings/js/JSAudioContextCustom.cpp:
      * bindings/js/JSCryptoCustom.cpp:
      * bindings/js/JSDictionary.h:
      * bindings/js/JSFileReaderCustom.cpp:
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::SerializedScriptValue::transferArrayBuffers):
      * bindings/js/SerializedScriptValue.h:
      * bindings/scripts/CodeGeneratorJS.pm:
      (AddIncludesForType):
      (GenerateHeader):
      (NativeToJSValue):
      * dom/MessageEvent.h:
      * fileapi/FileReader.cpp:
      * fileapi/FileReader.h:
      * fileapi/FileReaderLoader.cpp:
      * fileapi/FileReaderLoader.h:
      * fileapi/FileReaderSync.cpp:
      * fileapi/FileReaderSync.h:
      * fileapi/WebKitBlobBuilder.cpp:
      * fileapi/WebKitBlobBuilder.h:
      * html/HTMLMediaElement.cpp:
      * html/ImageData.h:
      * html/canvas/ArrayBuffer.idl:
      * html/canvas/ArrayBufferView.idl:
      * html/canvas/CanvasRenderingContext2D.cpp:
      * html/canvas/DataView.h:
      * html/canvas/Float32Array.idl:
      * html/canvas/Float64Array.idl:
      * html/canvas/Int16Array.idl:
      * html/canvas/Int32Array.idl:
      * html/canvas/Int8Array.idl:
      * html/canvas/Uint16Array.idl:
      * html/canvas/Uint32Array.idl:
      * html/canvas/Uint8Array.idl:
      * html/canvas/Uint8ClampedArray.idl:
      * html/canvas/WebGLBuffer.h:
      (WebCore::WebGLBuffer::elementArrayBuffer):
      * html/canvas/WebGLGetInfo.cpp:
      * html/canvas/WebGLGetInfo.h:
      * html/canvas/WebGLRenderingContext.cpp:
      * html/canvas/WebGLRenderingContext.h:
      * inspector/InspectorMemoryAgent.cpp:
      * page/Crypto.cpp:
      * page/Crypto.h:
      * platform/graphics/GraphicsContext3D.cpp:
      * platform/graphics/ImageBuffer.h:
      * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
      * platform/graphics/cg/ImageBufferDataCG.h:
      * platform/graphics/filters/FEBlend.cpp:
      * platform/graphics/filters/FEColorMatrix.cpp:
      * platform/graphics/filters/FEComponentTransfer.cpp:
      * platform/graphics/filters/FEComposite.cpp:
      * platform/graphics/filters/FEConvolveMatrix.cpp:
      * platform/graphics/filters/FECustomFilter.cpp:
      * platform/graphics/filters/FEDisplacementMap.cpp:
      * platform/graphics/filters/FEDropShadow.cpp:
      * platform/graphics/filters/FEGaussianBlur.cpp:
      * platform/graphics/filters/FELighting.h:
      * platform/graphics/filters/FEMorphology.cpp:
      * platform/graphics/filters/FETurbulence.cpp:
      * platform/graphics/filters/FilterEffect.cpp:
      * platform/graphics/filters/FilterEffect.h:
      * platform/graphics/mac/GraphicsContext3DMac.mm:
      * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
      * testing/Internals.h:
      * xml/XMLHttpRequest.cpp:
      * xml/XMLHttpRequest.h:
      (WebCore::XMLHttpRequest::optionalResponseArrayBuffer):
      
      Source/WTF:
      
      Remove TypedArray implementation from WTF
      
      * GNUmakefile.list.am:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/Forward.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153728 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      df606084
    • fpizlo@apple.com's avatar
      Copied space should be able to handle more than one copied backing store per JSCell · 05937580
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119471
      
      Reviewed by Mark Hahnenberg.
              
      This allows a cell to call copyLater() multiple times for multiple different
      backing stores, and then have copyBackingStore() called exactly once for each
      of those. A token tells it which backing store to copy. All backing stores
      must be named using the CopyToken, an enumeration which currently cannot
      exceed eight entries.
              
      When copyBackingStore() is called, it's up to the callee to (a) use the token
      to decide what to copy and (b) call its base class's copyBackingStore() in
      case the base class had something that needed copying. The only exception is
      that JSCell never asks anything to be copied, and so if your base is JSCell
      then you don't have to do anything.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/CopiedBlock.h:
      * heap/CopiedBlockInlines.h:
      (JSC::CopiedBlock::reportLiveBytes):
      * heap/CopyToken.h: Added.
      * heap/CopyVisitor.cpp:
      (JSC::CopyVisitor::copyFromShared):
      * heap/CopyVisitor.h:
      * heap/CopyVisitorInlines.h:
      (JSC::CopyVisitor::visitItem):
      * heap/CopyWorkList.h:
      (JSC::CopyWorklistItem::CopyWorklistItem):
      (JSC::CopyWorklistItem::cell):
      (JSC::CopyWorklistItem::token):
      (JSC::CopyWorkListSegment::get):
      (JSC::CopyWorkListSegment::append):
      (JSC::CopyWorkListSegment::data):
      (JSC::CopyWorkListIterator::get):
      (JSC::CopyWorkListIterator::operator*):
      (JSC::CopyWorkListIterator::operator->):
      (JSC::CopyWorkList::append):
      * heap/SlotVisitor.h:
      * heap/SlotVisitorInlines.h:
      (JSC::SlotVisitor::copyLater):
      * runtime/ClassInfo.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::copyBackingStore):
      * runtime/JSCell.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::copyBackingStore):
      * runtime/JSObject.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153720 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      05937580
  5. 25 Jul, 2013 4 commits
  6. 24 Jul, 2013 7 commits
    • oliver@apple.com's avatar
      fourthTier: Refactor ObjCCallbackFunction to inherit directly from InternalFunction · 5109edb6
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117595
      
      Reviewed by Geoffrey Garen.
      
      * API/APICallbackFunction.h: Added. New struct that allows JSCallbackFunction and
      ObjCCallbackFunction to share their host call() implementation through the magic of
      templates.
      (JSC::APICallbackFunction::call):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::getCallData): Changed to get the template-ized version of
      the host function.
      * API/JSCallbackFunction.h:
      * API/ObjCCallbackFunction.h: Now inherits directly from InternalFunction.
      * API/ObjCCallbackFunction.mm:
      (JSC::ObjCCallbackFunction::ObjCCallbackFunction):
      (JSC::ObjCCallbackFunction::getCallData): Ditto.
      * GNUmakefile.list.am: Build files!
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153233 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5109edb6
    • oliver@apple.com's avatar
      fourthTier: Re-worked non-local variable resolution · 58c86752
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117375
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      This patch has two goals:
      
      (1) Simplicity.
      
          * Net removes 15 opcodes.
          * Net removes 2,000 lines of code.
          * Removes setPair() from the DFG: All DFG nodes have 1 result register now.
      
      (2) Performance.
      
          * 2%-3% speedup on SunSpider (20% in LLInt and Baseline JIT)
          * 2% speedup on v8-spider
          * 10% speedup on js-regress-hashmap*
          * Amusing 2X speedup on js-regress-poly-stricteq
      
      The bytecode now separates the scope chain resolution opcode from the
      scope access opcode.
      
          OLD:
              get_scoped_var  r0, 1, 0
              inc             r0
              put_scoped_var  1, 0, r0
      
          NEW:
              resolve_scope   r0, x(@id0)
              get_from_scope  r1, r0, x(@id0)
              inc             r1
              put_to_scope    r0, x(@id0), r1
      
      Also, we link non-local variable resolution opcodes at CodeBlock link
      time instead of time of first opcode execution.
      
      This means that we can represent all possible non-local variable
      resolutions using just three opcodes, and any optimizations in these
      opcodes naturally apply across-the-board.
      
      * API/JSCTestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles):
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri: Build!
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode): Updated for removed things.
      
      (JSC::CodeBlock::CodeBlock): Always provide the full scope chain when
      creating a CodeBlock, so we can perform non-local variable resolution.
      
      Added code to perform linking for these opcodes. This is where we figure
      out which non-local variable resolutions are optimizable, and how.
      
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::noticeIncomingCall):
      (JSC::CodeBlock::optimizeAfterWarmUp):
      (JSC::CodeBlock::optimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeSoon): Updated for removed things.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::needsActivation):
      (JSC::GlobalCodeBlock::GlobalCodeBlock):
      (JSC::ProgramCodeBlock::ProgramCodeBlock):
      (JSC::EvalCodeBlock::EvalCodeBlock):
      (JSC::FunctionCodeBlock::FunctionCodeBlock):
      * bytecode/EvalCodeCache.h:
      (JSC::EvalCodeCache::getSlow): Updated for interface changes.
      
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFor): Treat global object access as
      optimizable even though the global object has a custom property access
      callback. This is what we've always done since, otherwise, we can't
      optimize globals. (In future, we probably want to figure out a more
      targeted policy than "any property access callback means no
      optimization".)
      
      * bytecode/GlobalResolveInfo.h: Removed.
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFor): Like GetByIdStatus.
      
      * bytecode/ResolveGlobalStatus.cpp: Removed.
      * bytecode/ResolveGlobalStatus.h: Removed.
      * bytecode/ResolveOperation.h: Removed.
      
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h: Don't provide a scope chain to unlinked
      code blocks. Giving a scope to an unscoped compilation unit invites
      programming errors.
      
      * bytecode/Watchpoint.h:
      (JSC::WatchpointSet::addressOfIsInvalidated):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolveCallee):
      (JSC::BytecodeGenerator::local):
      (JSC::BytecodeGenerator::constLocal):
      (JSC::BytecodeGenerator::resolveType):
      (JSC::BytecodeGenerator::emitResolveScope):
      (JSC::BytecodeGenerator::emitGetFromScope):
      (JSC::BytecodeGenerator::emitPutToScope):
      (JSC::BytecodeGenerator::emitInstanceOf):
      (JSC::BytecodeGenerator::emitPushWithScope):
      (JSC::BytecodeGenerator::emitPopScope):
      (JSC::BytecodeGenerator::pushFinallyContext):
      (JSC::BytecodeGenerator::emitComplexPopScopes):
      (JSC::BytecodeGenerator::popTryAndEmitCatch):
      (JSC::BytecodeGenerator::emitPushNameScope):
      (JSC::BytecodeGenerator::isArgumentNumber):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::Local::Local):
      (JSC::Local::operator bool):
      (JSC::Local::get):
      (JSC::Local::isReadOnly):
      (JSC::BytecodeGenerator::scopeDepth):
      (JSC::BytecodeGenerator::shouldOptimizeLocals):
      (JSC::BytecodeGenerator::canOptimizeNonLocals): Refactored the bytecode
      generator to resolve all variables within local scope, as if there
      were no non-local scope. This helps provide a separation of concerns:
      unlinked bytecode is always scope-free, and the linking stage links
      in the provided scope.
      
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ResolveNode::isPure):
      (JSC::ResolveNode::emitBytecode):
      (JSC::EvalFunctionCallNode::emitBytecode):
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixNode::emitResolve):
      (JSC::DeleteResolveNode::emitBytecode):
      (JSC::TypeOfResolveNode::emitBytecode):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      (JSC::ForInNode::emitBytecode): A bunch of this codegen is no longer
      necessary, since it's redundant with the linking stage.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
      (JSC::DFG::ByteCodeParser::handlePutByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock): Updated for interface changes.
      Notably, we can reuse existing DFG nodes -- but the mapping between
      bytecode and DFG nodes has changed, and some nodes and corner cases have
      been removed.
      
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::varInjectionWatchpointElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE): Added CSE for var injection
      watchpoints. Even though watchpoints are "free", they're quite common
      inside code that's subject to var injection, so I figured we'd save a
      little memory.
      
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * dfg/DFGCapabilities.h: Removed detection for old forms.
      
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCode.cpp:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
      (JSC::DFG::Node::hasVarNumber):
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::hasHeapPrediction):
      * dfg/DFGNodeType.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.h:
      (JSC::DFG::dfgResetGetByID):
      (JSC::DFG::dfgResetPutByID):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation): Removed some unneeded things,
      and updated for renames.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): The two primary changes here are:
      
      (1) Use a watchpoint for var injection instead of looping over the scope
      chain and checking. This is more efficient and much easier to model in
      code generation.
      
      (2) I've eliminated the notion of an optimized global assignment that
      needs to check for whether it should fire a watchpiont. Instead, we
      fire pre-emptively at the point of optimization. This removes a bunch
      of edge cases, and it seems like a more honest representation of
      the fact that our new optimization contradicts our old one.
      
      * dfg/DFGTypeCheckHoistingPhase.cpp:
      (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
      (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
      * heap/DFGCodeBlocks.cpp:
      (JSC::DFGCodeBlocks::jettison):
      * interpreter/CallFrame.h:
      (JSC::ExecState::trueCallFrame): Removed stuff that's unused now, and
      fixed the build.
      
      * interpreter/Interpreter.cpp:
      (JSC::eval):
      (JSC::getBytecodeOffsetForCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::throwException): Updated exception scope tracking
      to match the rest of our linking strategy: The unlinked bytecode compiles
      exception scope as if non-local scope did not exist, and we add in
      non-local scope at link time. This means that we can restore the right
      scope depth based on a simple number, without checking the contents of
      the scope chain.
      
      (JSC::Interpreter::execute): Make sure to establish the full scope chain
      before linking eval code. We now require the full scope chain at link
      time, in order to link non-local variable resolution opcodes.
      
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emit_op_add):
      * jit/JITCode.cpp:
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emitSlow_op_bitxor):
      (JSC::JIT::emitSlow_op_bitor):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emitSlow_op_to_primitive):
      (JSC::JIT::emit_op_strcat):
      (JSC::JIT::emitSlow_op_create_this):
      (JSC::JIT::emitSlow_op_to_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitVarInjectionCheck):
      (JSC::JIT::emitResolveClosure):
      (JSC::JIT::emit_op_resolve_scope):
      (JSC::JIT::emitSlow_op_resolve_scope):
      (JSC::JIT::emitLoadWithStructureCheck):
      (JSC::JIT::emitGetGlobalProperty):
      (JSC::JIT::emitGetGlobalVar):
      (JSC::JIT::emitGetClosureVar):
      (JSC::JIT::emit_op_get_from_scope):
      (JSC::JIT::emitSlow_op_get_from_scope):
      (JSC::JIT::emitPutGlobalProperty):
      (JSC::JIT::emitPutGlobalVar):
      (JSC::JIT::emitPutClosureVar):
      (JSC::JIT::emit_op_put_to_scope):
      (JSC::JIT::emitSlow_op_put_to_scope):
      (JSC::JIT::emit_op_init_global_const):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emitVarInjectionCheck):
      (JSC::JIT::emitResolveClosure):
      (JSC::JIT::emit_op_resolve_scope):
      (JSC::JIT::emitSlow_op_resolve_scope):
      (JSC::JIT::emitLoadWithStructureCheck):
      (JSC::JIT::emitGetGlobalProperty):
      (JSC::JIT::emitGetGlobalVar):
      (JSC::JIT::emitGetClosureVar):
      (JSC::JIT::emit_op_get_from_scope):
      (JSC::JIT::emitSlow_op_get_from_scope):
      (JSC::JIT::emitPutGlobalProperty):
      (JSC::JIT::emitPutGlobalVar):
      (JSC::JIT::emitPutClosureVar):
      (JSC::JIT::emit_op_put_to_scope):
      (JSC::JIT::emitSlow_op_put_to_scope):
      (JSC::JIT::emit_op_init_global_const):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h: Re-wrote baseline JIT codegen for our new variable
      resolution model.
      
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntSlowPaths.cpp:
      * llint/LLIntSlowPaths.h:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Ditto for LLInt.
      
      * offlineasm/x86.rb: Fixed a pre-existing encoding bug for a syntactic
      form that we never used before.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncToLocaleString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      (JSC::arrayProtoFuncIndexOf):
      (JSC::arrayProtoFuncLastIndexOf): Fixed some pre-existing bugs in
      'this' value conversion, which I made much more common by removing
      special cases in bytecode generation.
      
      These functions need to invoke toThis() because they observe the 'this'
      value. Also, toLocaleString() is specified to accept non-array 'this'
      values.
      
      (Most other host functions don't need this fix because they perform
      strict 'this' checking, which never coerces unexpected types.)
      
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      * runtime/CodeCache.h: Don't supply a scope to the unlinked code cache.
      Unlinked code is supposed to be scope-free, so let's have the compiler
      help verify that.
      
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::create):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::EvalExecutable::numVariables):
      (JSC::EvalExecutable::numberOfFunctionDecls):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecutionImpl):
      (JSC::prepareFunctionForExecutionImpl):
      (JSC::installOptimizedCode): Fiddled with executable initialization so
      that we can always generate a full scope chain before we go to link a
      code block. We need this because code block linking now depends on the
      scope chain to link non-local variable resolution opcodes.
      
      * runtime/JSActivation.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::varInjectionWatchpoint):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
      * runtime/JSNameScope.h:
      * runtime/JSScope.cpp:
      (JSC::abstractAccess):
      (JSC::JSScope::objectAtScope):
      (JSC::JSScope::depth):
      (JSC::JSScope::resolve):
      (JSC::JSScope::abstractResolve): Updated to match changes explained above.
      
      * runtime/JSScope.h:
      (JSC::makeType):
      (JSC::needsVarInjectionChecks):
      (JSC::ResolveOp::ResolveOp):
      (JSC::ResolveModeAndType::ResolveModeAndType):
      (JSC::ResolveModeAndType::mode):
      (JSC::ResolveModeAndType::type):
      (JSC::ResolveModeAndType::operand): Removed the old variable resolution
      state machine, since it's unused now. Added logic for performing abstract
      variable resolution at link time. This is used by codeblock linking.
      
      * runtime/ObjectPrototype.cpp:
      (JSC::objectProtoFuncValueOf):
      (JSC::objectProtoFuncHasOwnProperty):
      (JSC::objectProtoFuncIsPrototypeOf):
      (JSC::objectProtoFuncDefineGetter):
      (JSC::objectProtoFuncDefineSetter):
      (JSC::objectProtoFuncLookupGetter):
      (JSC::objectProtoFuncLookupSetter):
      (JSC::objectProtoFuncPropertyIsEnumerable):
      (JSC::objectProtoFuncToLocaleString):
      (JSC::objectProtoFuncToString): Fixed some pre-existing bugs in
      'this' value conversion, which I made much more common by removing
      special cases in bytecode generation.
      
      These functions need to invoke toThis() because they observe the 'this'
      value.
      
      * runtime/StringPrototype.cpp:
      (JSC::checkObjectCoercible):
      (JSC::stringProtoFuncReplace):
      (JSC::stringProtoFuncCharAt):
      (JSC::stringProtoFuncCharCodeAt):
      (JSC::stringProtoFuncConcat):
      (JSC::stringProtoFuncIndexOf):
      (JSC::stringProtoFuncLastIndexOf):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSlice):
      (JSC::stringProtoFuncSplit):
      (JSC::stringProtoFuncSubstr):
      (JSC::stringProtoFuncSubstring):
      (JSC::stringProtoFuncToLowerCase):
      (JSC::stringProtoFuncToUpperCase):
      (JSC::stringProtoFuncLocaleCompare):
      (JSC::stringProtoFuncBig):
      (JSC::stringProtoFuncSmall):
      (JSC::stringProtoFuncBlink):
      (JSC::stringProtoFuncBold):
      (JSC::stringProtoFuncFixed):
      (JSC::stringProtoFuncItalics):
      (JSC::stringProtoFuncStrike):
      (JSC::stringProtoFuncSub):
      (JSC::stringProtoFuncSup):
      (JSC::stringProtoFuncFontcolor):
      (JSC::stringProtoFuncFontsize):
      (JSC::stringProtoFuncAnchor):
      (JSC::stringProtoFuncLink):
      (JSC::trimString): Fixed some pre-existing bugs in
      'this' value conversion, which I made much more common by removing
      special cases in bytecode generation.
      
      These functions need to invoke toThis() because they observe the 'this'
      value.
      
      * runtime/StructureRareData.cpp:
      * runtime/VM.cpp:
      (JSC::VM::~VM):
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::slot): Modified to reduce casting in client code.
      
      LayoutTests:
      
      This patch removed special-case 'this' resolution from bytecode, making
      some pre-existing edge cases in 'this' value treatment much more common.
      
      I updated the test results below, and added some tests, to match bug
      fixes for these cases.
      
      * fast/js/script-tests/array-functions-non-arrays.js:
      * fast/js/array-functions-non-arrays-expected.txt: As specified, it's
      not an error to pass a non-array to toLocaleString. Our new result
      matches Firefox and Chrome.
      
      * fast/js/array-prototype-properties-expected.txt: Updated for slightly
      clearer error message.
      
      * fast/js/basic-strict-mode-expected.txt: Updated for slightly more
      standard error message.
      
      * fast/js/object-prototype-toString-expected.txt: Added.
      * fast/js/object-prototype-toString.html: Added. This test demonstrates
      why we now fail a Sputnik test below, while Firefox and Chrome pass it.
      (The test doesn't test what it thinks it tests, and this test verifies
      that we get right what it does think it tests.)
      
      * fast/js/string-prototype-function-this-expected.txt: Added.
      * fast/js/string-prototype-function-this.html: Added. This test shows
      that we CheckObjectCoercible in string prototype functions. (We used
      to get this wrong, but Sputnik tests made it seem like we got it right
      because they didn't test the dynamic scope case.)
      
      * sputnik/Conformance/11_Expressions/11.1_Primary_Expressions/11.1.1_The_this_Keyword/S11.1.1_A2-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.3_Array_prototype_toLocaleString/S15.4.4.3_A2_T1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.6_String.prototype.concat/S15.5.4.6_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A1_T3-expected.txt:
      
      Updated to show failing results. Firefox and Chrome also fail these
      tests, and the ES5 spec seems to mandate failure. Because these tests
      resolve a String.prototype function at global scope, the 'this' value
      for the call is an environment record. Logically, an environment record
      converts to 'undefined' at the call site, and should then fail the
      CheckObjectCoercible test.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153221 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      58c86752
    • oliver@apple.com's avatar
      fourthTier: Introducing the StackIterator class. · 2b2e1324
      oliver@apple.com authored
      This was a non trivial merge as trunk has changed computation of line and column information
      
      Introducing the StackIterator class.
      https://bugs.webkit.org/show_bug.cgi?id=117390.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      The StackIterator class is meant to unify the way we iterate the JS
      stack. It also makes it so that we don't have to copy the frame data
      into the intermediate StackFrame struct before processing it.
      Unfortunately we still can't get rid of StackFrame because it is used
      to record frame information for the Exception stack that is expected
      to persist beyond when the frames have been popped off the JS stack.
      
      The StackIterator will iterate over all "logical" frames (i.e. including
      inlined frames). As it iterates the JS stack, if it encounters a DFG
      frame that has inlined frames, the iterator will canonicalize the
      inlined frames before returning. Once canonicalized, the frame can be
      read like any other frame.
      
      The StackIterator implements a Frame class that inherits from CallFrame.
      The StackIterator::Frame serves as reader of the CallFrame that makes
      it easier to access information about the frame. The StackIterator::Frame
      only adds functions, and no additional data fields.
      
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::begin):
      (JSC::CallFrame::beginAt):
      * interpreter/CallFrame.h:
      (JSC::ExecState::setInlineCallFrame):
      (ExecState):
      (JSC::ExecState::end):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::debug):
      * interpreter/Interpreter.h:
      (Interpreter):
      * interpreter/StackIterator.cpp: Added.
      (JSC::StackIterator::StackIterator):
      (JSC::StackIterator::beginAt):
      (JSC::StackIterator::gotoNextFrame):
      - Based on the deleted Interpreter::findFunctionCallFrameFromVMCode().
      (JSC::StackIterator::findFrameForFunction):
      - Based on the deleted Interpreter::retrieveCallerFromVMCode().
      (JSC::StackIterator::Frame::codeType):
      - Based on the deleted getStackFrameCodeType().
      (JSC::StackIterator::Frame::functionName):
      - Based on StackFrame::friendlyFunctionName().
      (JSC::StackIterator::Frame::sourceURL):
      - Based on StackFrame::friendlySourceURL().
      (JSC::StackIterator::Frame::toString):
      - Based on StackFrame::toString().
      (JSC::StackIterator::Frame::bytecodeOffset):
      (JSC::StackIterator::Frame::line):
      - Based on StackFrame::line().
      (JSC::StackIterator::Frame::column):
      - Based on StackFrame::column().
      (JSC::StackIterator::Frame::arguments):
      - Based on the deleted Interpreter::retrieveArgumentsFromVMCode().
      (JSC::StackIterator::Frame::retrieveExpressionInfo):
      - Based on StackFrame::expressionInfo().
      (JSC::StackIterator::Frame::logicalFrame):
      - Based on the now deleted CallFrame::trueCallFrame().
      (JSC::StackIterator::Frame::logicalCallerFrame):
      - Based on the now deleted CallFrame::trueCallerFrame().
      (JSC::jitTypeName):
      (JSC::printIndents):
      (JSC::printif):
      (JSC::StackIterator::Frame::print):
      (debugPrintCallFrame):
      - Prints the contents of the frame for debugging purposes.
        There are 2 versions that can be used as follows:
      
        1. When you have a valid StackIterator, you can print
           the current frame's content using the print instance
           method:
               iter->print(indentLevel);
      
        2. When you have a CallFrame* that you want to dump from a debugger
           console, you can print its content as follows:
               (gdb) call debugPrintCallFrame(callFrame)
      
        A sample of the output looks like this:
      
            frame 0x1510c70b0 {
               name 'shouldBe'
               sourceURL 'testapi.js'
               hostFlag 0
               isInlinedFrame 0
               callee 0x15154efb0
               returnPC 0x10ed0786d
               callerFrame 0x1510c7058
               logicalCallerFrame 0x1510c7058
               rawLocationBits 27 0x1b
               codeBlock 0x7fe79b037200
                  bytecodeOffset 27 0x1b / 210
                  line 46
                  column 20
                  jitType 3 <BaselineJIT> isOptimizingJIT 0
                  hasCodeOrigins 0
            }
      
      * interpreter/StackIterator.h: Added.
      (StackIterator::Frame):
      (JSC::StackIterator::Frame::create):
      (JSC::StackIterator::Frame::isJSFrame):
      (JSC::StackIterator::Frame::callFrame):
      * interpreter/StackIteratorPrivate.h: Added.
      (StackIterator):
      (JSC::StackIterator::operator*):
      (JSC::StackIterator::operator->):
      (JSC::StackIterator::operator==):
      (JSC::StackIterator::operator!=):
      (JSC::StackIterator::operator++):
      (JSC::StackIterator::end):
      (JSC::StackIterator::empty):
      * jsc.cpp:
      (functionJSCStack):
      * profiler/ProfileGenerator.cpp:
      (JSC::ProfileGenerator::addParentForConsoleStart):
      * profiler/ProfileNode.h:
      (ProfileNode):
      * runtime/JSFunction.cpp:
      (JSC::retrieveArguments):
      (JSC::JSFunction::argumentsGetter):
      (JSC::skipOverBoundFunctions):
      (JSC::retrieveCallerFunction):
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoGetter):
      (JSC::globalFuncProtoSetter):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetPrototypeOf):
      * runtime/Operations.h:
      
      Source/WebCore:
      
      No new tests.
      
      * ForwardingHeaders/interpreter/StackIterator.h: Added.
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153218 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2b2e1324
    • oliver@apple.com's avatar
      fourthTier: Disambiguate between CallFrame bytecodeOffset and codeOriginIndex. · c4497327
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117262.
      
      Reviewed by Geoffrey Garen.
      
      When writing to the ArgumentCount tag in CallFrame, we will set the high
      bit if the written value is a codeOriginIndex.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (JSC::CodeOrigin::isHandle):
      (JSC::CodeOrigin::encodeHandle):
      (JSC::CodeOrigin::decodeHandle):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::beginCall):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::locationAsBytecodeOffset):
      (JSC::CallFrame::setLocationAsBytecodeOffset):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallFrame):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::inlineCallFrame):
      * interpreter/CallFrameInlines.h: Added.
      (JSC::CallFrame::hasLocationAsBytecodeOffset):
      (JSC::CallFrame::hasLocationAsCodeOriginIndex):
      (JSC::CallFrame::locationAsRawBits):
      (JSC::CallFrame::setLocationAsRawBits):
      (JSC::CallFrame::locationAsBytecodeOffset):
      (JSC::CallFrame::setLocationAsBytecodeOffset):
      (JSC::CallFrame::locationAsCodeOriginIndex):
      * interpreter/Interpreter.cpp:
      (JSC::getBytecodeOffsetForCallFrame):
      (JSC::getCallerInfo):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153209 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c4497327
    • oliver@apple.com's avatar
      fourthTier: Implement a probe mechanism for JIT generated code. · e9743fd0
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=115705.
      
      Reviewed by Geoffrey Garen.
      
      The probe is in the form of a MacroAssembler pseudo instruction.
      It takes 3 arguments: a ProbeFunction, and 2 void* args.
      
      When inserted into the JIT at some code generation site, the probe
      pseudo "instruction" will emit a minimal amount of code to save the
      stack pointer, 1 (or more) scratch register(s), and the probe
      arguments into a ProbeContext record on the stack. The emitted code
      will then call a probe trampoline to do the rest of the work, which
      consists of:
      1. saving the remaining registers into the ProbeContext.
      2. calling the ProbeFunction, and passing it the ProbeContext pointer.
      3. restoring the registers from the ProbeContext after the ProbeFunction
         returns, and then returning to the JIT generated code.
      
      The ProbeContext is stack allocated and is only valid for the duration
      that the ProbeFunction is executing.
      
      If the user supplied ProbeFunction alters the register values in the
      ProbeContext, the new values will be installed into the registers upon
      returning from the probe. This can be useful for some debugging or
      testing purposes.
      
      The probe mechanism is built conditional on USE(MASM_PROBE) which is
      defined in config.h. USE(MASM_PROBE) will off by default.
      
      This changeset only implements the probe mechanism for X86 and X86_64.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/MacroAssembler.h:
      (MacroAssembler):
      (JSC::MacroAssembler::shouldBlind):
      (JSC::MacroAssembler::store32):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::trustedImm32FromPtr):
      (JSC::MacroAssemblerX86::probe):
      * assembler/MacroAssemblerX86Common.cpp: Added.
      (JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters):
      - CPU specific register dumper called by ProbeContext::dump().
      (JSC::MacroAssemblerX86Common::ProbeContext::dump):
      - Prints the ProbeContext to the DataLog.
      * assembler/MacroAssemblerX86Common.h:
      (MacroAssemblerX86Common):
      (CPUState): Added.
      (ProbeContext): Added.
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::trustedImm64FromPtr):
      (JSC::MacroAssemblerX86_64::probe):
      * assembler/X86Assembler.h:
      * config.h: Added WTF_USE_MASM_PROBE flag.
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/JITStubsX86.h:
      * jit/JITStubsX86Common.h: Added.
      * jit/JITStubsX86_64.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153162 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e9743fd0
    • oliver@apple.com's avatar
      fourthTier: Refactor JITStubs.cpp to move CPU specific parts out into their own files. · cd1c2e74
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=116135.
      
      Reviewed by Michael Saboff.
      
      This mod only moves the CPU specific parts out. There is no code change.
      Tested on debug builds of X86, X86_64, ARM and ARMv7. The SH4 and MIPS
      ports are untested. Windows port also not tested.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * jit/JITStubs.cpp:
      (JSC::performPlatformSpecificJITAssertions):
      * jit/JITStubsARM.h: Added.
      (JSC::ctiTrampoline):
      (JSC::ctiTrampolineEnd):
      (JSC::ctiVMThrowTrampoline):
      (JSC::ctiOpThrowNotCaught):
      (JSC::performARMJITAssertions):
      * jit/JITStubsARMv7.h: Added.
      (JSC::ctiTrampoline):
      (JSC::ctiVMThrowTrampoline):
      (JSC::ctiOpThrowNotCaught):
      (JSC::performARMv7JITAssertions):
      * jit/JITStubsMIPS.h: Added.
      (JSC::performMIPSJITAssertions):
      * jit/JITStubsSH4.h: Added.
      * jit/JITStubsX86.h: Added.
      * jit/JITStubsX86_64.h: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153160 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd1c2e74
    • oliver@apple.com's avatar
      fourthTier: Landing the initial FTL logic in a single commit to avoid spurious · ea77149c
      oliver@apple.com authored
      broken builds.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153121 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea77149c
  7. 22 Jul, 2013 1 commit
  8. 19 Jul, 2013 1 commit
    • achristensen@apple.com's avatar
      Added x64 configuration to Visual Studio build. · e39f7656
      achristensen@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=118888
      
      Reviewed by Brent Fulgham.
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
      * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
      * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
      * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
      * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
      * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
      * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
      
      Source/ThirdParty:
      
      * gtest/msvc/gtest-md.vcxproj:
      
      Source/WebCore:
      
      * WebCore.vcxproj/QTMovieWin/QTMovieWin.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCoreGenerated.vcxproj:
      * WebCore.vcxproj/WebCoreTestSupport.vcxproj:
      
      Source/WebKit:
      
      * WebKit.vcxproj/Interfaces/Interfaces.vcxproj:
      * WebKit.vcxproj/WebKit.sln:
      * WebKit.vcxproj/WebKit/WebKit.vcxproj:
      * WebKit.vcxproj/WebKitExportGenerator/WebKitExportGenerator.vcxproj:
      * WebKit.vcxproj/WebKitExportGenerator/WebKitExportGenerator.vcxproj.filters:
      * WebKit.vcxproj/WebKitGUID/WebKitGUID.vcxproj:
      * WebKit.vcxproj/WebKitGUID/WebKitGUID.vcxproj.filters:
      
      Source/WTF:
      
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.vcxproj/WTF.vcxproj.filters:
      * WTF.vcxproj/WTFGenerated.vcxproj:
      
      Tools:
      
      * DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTree.vcxproj:
      * DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTree.vcxproj.filters:
      * DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeLauncher.vcxproj:
      * DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiff.vcxproj:
      * DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffLauncher.vcxproj:
      * DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePlugin.vcxproj:
      * TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj:
      * WinLauncher/WinLauncher.vcxproj/WinLauncher.vcxproj:
      * WinLauncher/WinLauncher.vcxproj/WinLauncherLib.vcxproj:
      * win/AssembleBuildLogs/AssembleBuildLogs.vcxproj:
      * win/record-memory/record-memory.vcxproj:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@152921 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e39f7656
  9. 18 Jun, 2013 1 commit
  10. 26 Apr, 2013 1 commit
  11. 18 Apr, 2013 1 commit
    • ggaren@apple.com's avatar
      Renamed JSGlobalData to VM · 9a9a4b52
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114777
      
      Reviewed by Phil Pizlo.
      
      ../JavaScriptCore: 
      
      * API/APICast.h:
      (JSC):
      (toJS):
      (toRef):
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APICallbackShim::APICallbackShim):
      (JSC::APICallbackShim::~APICallbackShim):
      (APICallbackShim):
      * API/JSAPIWrapperObject.h:
      (JSAPIWrapperObject):
      * API/JSAPIWrapperObject.mm:
      (JSC::::createStructure):
      (JSC::JSAPIWrapperObject::JSAPIWrapperObject):
      (JSC::JSAPIWrapperObject::finishCreation):
      (JSC::JSAPIWrapperObject::visitChildren):
      * API/JSBase.cpp:
      (JSGarbageCollect):
      (JSReportExtraMemoryCost):
      (JSSynchronousGarbageCollectForDebugging):
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::create):
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObjectData::setPrivateProperty):
      (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
      (JSCallbackObject):
      (JSC::JSCallbackObject::setPrivateProperty):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::JSCallbackObject):
      (JSC::::finishCreation):
      (JSC::::put):
      (JSC::::staticFunctionGetter):
      * API/JSClassRef.cpp:
      (OpaqueJSClassContextData::OpaqueJSClassContextData):
      (OpaqueJSClass::contextData):
      (OpaqueJSClass::prototype):
      * API/JSClassRef.h:
      (OpaqueJSClassContextData):
      * API/JSContext.mm:
      (-[JSContext setException:]):
      (-[JSContext initWithGlobalContextRef:]):
      (+[JSContext contextWithGlobalContextRef:]):
      * API/JSContextRef.cpp:
      (JSContextGroupCreate):
      (JSContextGroupRelease):
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRetain):
      (JSGlobalContextRelease):
      (JSContextGetGroup):
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMake):
      (JSObjectMakeConstructor):
      (JSObjectMakeFunction):
      (JSObjectSetPrototype):
      (JSObjectHasProperty):
      (JSObjectGetProperty):
      (JSObjectSetProperty):
      (JSObjectDeleteProperty):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
      (OpaqueJSPropertyNameArray):
      (JSObjectCopyPropertyNames):
      (JSPropertyNameArrayRelease):
      (JSPropertyNameAccumulatorAddName):
      * API/JSScriptRef.cpp:
      (OpaqueJSScript::create):
      (OpaqueJSScript::vm):
      (OpaqueJSScript::OpaqueJSScript):
      (OpaqueJSScript):
      (parseScript):
      * API/JSVirtualMachine.mm:
      (scanExternalObjectGraph):
      * API/JSVirtualMachineInternal.h:
      (JSC):
      * API/JSWrapperMap.mm:
      (makeWrapper):
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * API/ObjCCallbackFunction.mm:
      (JSC::ObjCCallbackFunction::create):
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::identifier):
      * API/OpaqueJSString.h:
      (JSC):
      (OpaqueJSString):
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * KeywordLookupGenerator.py:
      (Trie.printSubTreeAsC):
      * Target.pri:
      * assembler/ARMAssembler.cpp:
      (JSC::ARMAssembler::executableCopy):
      * assembler/ARMAssembler.h:
      (ARMAssembler):
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/AssemblerBufferWithConstantPool.h:
      (JSC::AssemblerBufferWithConstantPool::executableCopy):
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::linkCode):
      * assembler/LinkBuffer.h:
      (JSC):
      (JSC::LinkBuffer::LinkBuffer):
      (LinkBuffer):
      * assembler/MIPSAssembler.h:
      (JSC::MIPSAssembler::executableCopy):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CallLinkInfo.h:
      (CallLinkInfo):
      * bytecode/CodeBlock.cpp:
      (JSC::dumpStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::findClosureCallForReturnPC):
      (JSC::ProgramCodeBlock::jettisonImpl):
      (JSC::EvalCodeBlock::jettisonImpl):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::predictedMachineCodeSize):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendWeakReference):
      (JSC::CodeBlock::appendWeakReferenceTransition):
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::setGlobalData):
      (JSC::CodeBlock::vm):
      (JSC::CodeBlock::valueProfileForBytecodeOffset):
      (JSC::CodeBlock::addConstant):
      (JSC::CodeBlock::setConstantRegisters):
      (CodeBlock):
      (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
      * bytecode/EvalCodeCache.h:
      (JSC::EvalCodeCache::getSlow):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC::GetByIdStatus::computeForChain):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/ObjectAllocationProfile.h:
      (JSC::ObjectAllocationProfile::initialize):
      (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
      * bytecode/PolymorphicAccessStructureList.h:
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      * bytecode/PreciseJumpTargets.cpp:
      (JSC::computePreciseJumpTargets):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (JSC):
      (PutByIdStatus):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingTool::notifyOfScope):
      * bytecode/SamplingTool.h:
      (JSC::ScriptSampleRecord::ScriptSampleRecord):
      (SamplingTool):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::initGetByIdSelf):
      (JSC::StructureStubInfo::initGetByIdProto):
      (JSC::StructureStubInfo::initGetByIdChain):
      (JSC::StructureStubInfo::initPutByIdTransition):
      (JSC::StructureStubInfo::initPutByIdReplace):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::link):
      (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::create):
      (UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::finishCreation):
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedCodeBlock::addRegExp):
      (JSC::UnlinkedCodeBlock::addConstant):
      (JSC::UnlinkedCodeBlock::addFunctionDecl):
      (JSC::UnlinkedCodeBlock::addFunctionExpr):
      (JSC::UnlinkedCodeBlock::vm):
      (UnlinkedCodeBlock):
      (JSC::UnlinkedCodeBlock::finishCreation):
      (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::create):
      (JSC::UnlinkedProgramCodeBlock::addFunctionDeclaration):
      (JSC::UnlinkedProgramCodeBlock::UnlinkedProgramCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::create):
      (JSC::UnlinkedEvalCodeBlock::UnlinkedEvalCodeBlock):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::create):
      (JSC::UnlinkedFunctionCodeBlock::UnlinkedFunctionCodeBlock):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::addConstant):
      (JSC::BytecodeGenerator::emitLoad):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::addStringConstant):
      (JSC::BytecodeGenerator::expectedFunctionForIdentifier):
      (JSC::BytecodeGenerator::emitThrowReferenceError):
      (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::vm):
      (JSC::BytecodeGenerator::propertyNames):
      (JSC::BytecodeGenerator::makeFunction):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::ArrayNode::toArgumentList):
      (JSC::ApplyFunctionCallDotNode::emitBytecode):
      (JSC::InstanceOfNode::emitBytecode):
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      (JSC::evaluateInGlobalCallFrame):
      * debugger/Debugger.h:
      (JSC):
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::DebuggerActivation):
      (JSC::DebuggerActivation::finishCreation):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::create):
      (JSC::DebuggerActivation::createStructure):
      (DebuggerActivation):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::evaluate):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::vm):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGByteCodeParser.h:
      (JSC):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::CCallHelpers):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::reportToProfiler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      (JSC::DFG::operationPutByValInternal):
      (JSC::getHostCallReturnValueWithExecState):
      * dfg/DFGPhase.h:
      (JSC::DFG::Phase::vm):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      (JSC::DFG::linkSlowFor):
      (JSC::DFG::dfgLinkFor):
      (JSC::DFG::dfgLinkSlowFor):
      (JSC::DFG::dfgLinkClosureCall):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::compileFromCharCode):
      (JSC::DFG::SpeculativeJIT::compileMakeRope):
      (JSC::DFG::SpeculativeJIT::compileStringEquality):
      (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::linkForThunkGenerator):
      (JSC::DFG::linkCallThunkGenerator):
      (JSC::DFG::linkConstructThunkGenerator):
      (JSC::DFG::linkClosureCallThunkGenerator):
      (JSC::DFG::virtualForThunkGenerator):
      (JSC::DFG::virtualCallThunkGenerator):
      (JSC::DFG::virtualConstructThunkGenerator):
      * dfg/DFGThunks.h:
      (JSC):
      (DFG):
      * heap/BlockAllocator.h:
      (JSC):
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      (JSC::CopiedSpace::tryReallocate):
      * heap/CopiedSpaceInlines.h:
      (JSC::CopiedSpace::tryAllocate):
      * heap/GCThreadSharedData.cpp:
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      * heap/GCThreadSharedData.h:
      (JSC):
      (GCThreadSharedData):
      * heap/HandleSet.cpp:
      (JSC::HandleSet::HandleSet):
      (JSC::HandleSet::~HandleSet):
      (JSC::HandleSet::grow):
      * heap/HandleSet.h:
      (JSC):
      (HandleSet):
      (JSC::HandleSet::vm):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC):
      (JSC::Heap::lastChanceToFinalize):
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::stack):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::collect):
      (JSC::Heap::isValidAllocation):
      * heap/Heap.h:
      (JSC):
      (Heap):
      (JSC::Heap::vm):
      * heap/HeapTimer.cpp:
      (JSC::HeapTimer::HeapTimer):
      (JSC::HeapTimer::timerDidFire):
      (JSC::HeapTimer::timerEvent):
      * heap/HeapTimer.h:
      (JSC):
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/Local.h:
      (Local):
      (JSC::::Local):
      (JSC::LocalStack::LocalStack):
      (JSC::LocalStack::push):
      (LocalStack):
      * heap/LocalScope.h:
      (JSC):
      (LocalScope):
      (JSC::LocalScope::LocalScope):
      * heap/MachineStackMarker.cpp:
      (JSC::MachineThreads::addCurrentThread):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::vm):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::SlotVisitor):
      (JSC::SlotVisitor::setup):
      * heap/Strong.h:
      (JSC):
      (Strong):
      (JSC::Strong::operator=):
      * heap/StrongInlines.h:
      (JSC::::Strong):
      (JSC::::set):
      * heap/SuperRegion.h:
      (JSC):
      * heap/WeakSet.cpp:
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::WeakSet):
      (JSC::WeakSet::vm):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (JSC):
      (AbstractPC):
      * interpreter/CachedCall.h:
      (JSC::CachedCall::CachedCall):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::clearException):
      (JSC::ExecState::clearSupplementaryExceptionInfo):
      (JSC::ExecState::exception):
      (JSC::ExecState::hadException):
      (JSC::ExecState::propertyNames):
      (JSC::ExecState::emptyList):
      (JSC::ExecState::interpreter):
      (JSC::ExecState::heap):
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::jsonTable):
      (JSC::ExecState::mathTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectConstructorTable):
      (JSC::ExecState::privateNamePrototypeTable):
      (JSC::ExecState::regExpTable):
      (JSC::ExecState::regExpConstructorTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable):
      (JSC::ExecState::abstractReturnPC):
      * interpreter/CallFrameClosure.h:
      (CallFrameClosure):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::eval):
      (JSC::loadVarargs):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::appendSourceToError):
      (JSC::getCallerInfo):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::addStackTraceIfNecessary):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      (JSC::Interpreter::retrieveCallerFromVMCode):
      * interpreter/Interpreter.h:
      (JSC):
      (JSC::TopCallFrameSetter::TopCallFrameSetter):
      (JSC::TopCallFrameSetter::~TopCallFrameSetter):
      (TopCallFrameSetter):
      (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
      (Interpreter):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      * interpreter/JSStack.h:
      (JSC):
      * jit/ClosureCallStubRoutine.cpp:
      (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
      * jit/ClosureCallStubRoutine.h:
      (ClosureCallStubRoutine):
      * jit/ExecutableAllocator.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/ExecutableAllocator.h:
      (JSC):
      (ExecutableAllocator):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/GCAwareJITStubRoutine.cpp:
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h:
      (GCAwareJITStubRoutine):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompile):
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JIT.h:
      (JSC::JIT::compile):
      (JSC::JIT::compileClosureCall):
      (JSC::JIT::compileGetByIdProto):
      (JSC::JIT::compileGetByIdSelfList):
      (JSC::JIT::compileGetByIdProtoList):
      (JSC::JIT::compileGetByIdChainList):
      (JSC::JIT::compileGetByIdChain):
      (JSC::JIT::compilePutByIdTransition):
      (JSC::JIT::compileGetByVal):
      (JSC::JIT::compilePutByVal):
      (JSC::JIT::compileCTINativeCall):
      (JSC::JIT::compilePatchGetArrayLength):
      (JIT):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCode.h:
      (JSC):
      (JSC::JITCode::execute):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      (JSC::jitThrow):
      * jit/JITExceptions.h:
      (JSC):
      * jit/JITInlines.h:
      (JSC::JIT::emitLoadCharacterString):
      (JSC::JIT::updateTopCallFrame):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emitSlow_op_eq):
      (JSC::JIT::emitSlow_op_neq):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      (JSC::ctiTrampoline):
      (JSC):
      (JSC::performPlatformSpecificJITAssertions):
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::returnToThrowTrampoline):
      (JSC::throwExceptionFromOpCall):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      (JSC::putByVal):
      * jit/JITStubs.h:
      (JSC):
      (JITStackFrame):
      * jit/JITThunks.cpp:
      (JSC::JITThunks::ctiNativeCall):
      (JSC::JITThunks::ctiNativeConstruct):
      (JSC::JITThunks::ctiStub):
      (JSC::JITThunks::hostFunctionStub):
      * jit/JITThunks.h:
      (JSC):
      (JITThunks):
      * jit/JITWriteBarrier.h:
      (JSC):
      (JSC::JITWriteBarrierBase::set):
      (JSC::JITWriteBarrier::set):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadJSStringArgument):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerator.h:
      (JSC):
      * jit/ThunkGenerators.cpp:
      (JSC::generateSlowCaseFor):
      (JSC::linkForGenerator):
      (JSC::linkCallGenerator):
      (JSC::linkConstructGenerator):
      (JSC::linkClosureCallGenerator):
      (JSC::virtualForGenerator):
      (JSC::virtualCallGenerator):
      (JSC::virtualConstructGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::nativeCallGenerator):
      (JSC::nativeConstructGenerator):
      (JSC::stringCharLoad):
      (JSC::charToString):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * jit/ThunkGenerators.h:
      (JSC):
      * jsc.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      (functionDumpCallFrame):
      (functionJSCStack):
      (functionReleaseExecutableMemory):
      (functionRun):
      (main):
      (runWithScripts):
      (jscmain):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntData.h:
      (JSC):
      (Data):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h:
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/cloop.rb:
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::ASTBuilder):
      (JSC::ASTBuilder::createSourceElements):
      (JSC::ASTBuilder::createCommaExpr):
      (JSC::ASTBuilder::createLogicalNot):
      (JSC::ASTBuilder::createUnaryPlus):
      (JSC::ASTBuilder::createVoid):
      (JSC::ASTBuilder::thisExpr):
      (JSC::ASTBuilder::createResolve):
      (JSC::ASTBuilder::createObjectLiteral):
      (JSC::ASTBuilder::createArray):
      (JSC::ASTBuilder::createNumberExpr):
      (JSC::ASTBuilder::createString):
      (JSC::ASTBuilder::createBoolean):
      (JSC::ASTBuilder::createNull):
      (JSC::ASTBuilder::createBracketAccess):
      (JSC::ASTBuilder::createDotAccess):
      (JSC::ASTBuilder::createRegExp):
      (JSC::ASTBuilder::createNewExpr):
      (JSC::ASTBuilder::createConditionalExpr):
      (JSC::ASTBuilder::createAssignResolve):
      (JSC::ASTBuilder::createFunctionExpr):
      (JSC::ASTBuilder::createFunctionBody):
      (JSC::ASTBuilder::createGetterOrSetterProperty):
      (JSC::ASTBuilder::createArguments):
      (JSC::ASTBuilder::createArgumentsList):
      (JSC::ASTBuilder::createProperty):
      (JSC::ASTBuilder::createPropertyList):
      (JSC::ASTBuilder::createElementList):
      (JSC::ASTBuilder::createFormalParameterList):
      (JSC::ASTBuilder::createClause):
      (JSC::ASTBuilder::createClauseList):
      (JSC::ASTBuilder::createFuncDeclStatement):
      (JSC::ASTBuilder::createBlockStatement):
      (JSC::ASTBuilder::createExprStatement):
      (JSC::ASTBuilder::createIfStatement):
      (JSC::ASTBuilder::createForLoop):
      (JSC::ASTBuilder::createForInLoop):
      (JSC::ASTBuilder::createEmptyStatement):
      (JSC::ASTBuilder::createVarStatement):
      (JSC::ASTBuilder::createReturnStatement):
      (JSC::ASTBuilder::createBreakStatement):
      (JSC::ASTBuilder::createContinueStatement):
      (JSC::ASTBuilder::createTryStatement):
      (JSC::ASTBuilder::createSwitchStatement):
      (JSC::ASTBuilder::createWhileStatement):
      (JSC::ASTBuilder::createDoWhileStatement):
      (JSC::ASTBuilder::createLabelStatement):
      (JSC::ASTBuilder::createWithStatement):
      (JSC::ASTBuilder::createThrowStatement):
      (JSC::ASTBuilder::createDebugger):
      (JSC::ASTBuilder::createConstStatement):
      (JSC::ASTBuilder::appendConstDecl):
      (JSC::ASTBuilder::addVar):
      (JSC::ASTBuilder::combineCommaNodes):
      (JSC::ASTBuilder::Scope::Scope):
      (JSC::ASTBuilder::createNumber):
      (ASTBuilder):
      (JSC::ASTBuilder::makeTypeOfNode):
      (JSC::ASTBuilder::makeDeleteNode):
      (JSC::ASTBuilder::makeNegateNode):
      (JSC::ASTBuilder::makeBitwiseNotNode):
      (JSC::ASTBuilder::makeMultNode):
      (JSC::ASTBuilder::makeDivNode):
      (JSC::ASTBuilder::makeModNode):
      (JSC::ASTBuilder::makeAddNode):
      (JSC::ASTBuilder::makeSubNode):
      (JSC::ASTBuilder::makeLeftShiftNode):
      (JSC::ASTBuilder::makeRightShiftNode):
      (JSC::ASTBuilder::makeURightShiftNode):
      (JSC::ASTBuilder::makeBitOrNode):
      (JSC::ASTBuilder::makeBitAndNode):
      (JSC::ASTBuilder::makeBitXOrNode):
      (JSC::ASTBuilder::makeFunctionCallNode):
      (JSC::ASTBuilder::makeBinaryNode):
      (JSC::ASTBuilder::makeAssignNode):
      (JSC::ASTBuilder::makePrefixNode):
      (JSC::ASTBuilder::makePostfixNode):
      * parser/Lexer.cpp:
      (JSC::Keywords::Keywords):
      (JSC::::Lexer):
      (JSC::::parseIdentifier):
      (JSC::::parseIdentifierSlowCase):
      * parser/Lexer.h:
      (JSC::Keywords::isKeyword):
      (JSC::Keywords::getKeyword):
      (Keywords):
      (Lexer):
      (JSC::::makeIdentifier):
      (JSC::::makeRightSizedIdentifier):
      (JSC::::makeIdentifierLCharFromUChar):
      (JSC::::makeLCharIdentifier):
      * parser/NodeConstructors.h:
      (JSC::ParserArenaFreeable::operator new):
      (JSC::ParserArenaDeletable::operator new):
      (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
      (JSC::PropertyNode::PropertyNode):
      (JSC::ContinueNode::ContinueNode):
      (JSC::BreakNode::BreakNode):
      (JSC::ForInNode::ForInNode):
      * parser/Nodes.cpp:
      (JSC::ScopeNode::ScopeNode):
      (JSC::ProgramNode::ProgramNode):
      (JSC::ProgramNode::create):
      (JSC::EvalNode::EvalNode):
      (JSC::EvalNode::create):
      (JSC::FunctionBodyNode::FunctionBodyNode):
      (JSC::FunctionBodyNode::create):
      * parser/Nodes.h:
      (ParserArenaFreeable):
      (ParserArenaDeletable):
      (ParserArenaRefCounted):
      (ArrayNode):
      (ForInNode):
      (ContinueNode):
      (BreakNode):
      (ScopeNode):
      (ProgramNode):
      (EvalNode):
      (FunctionBodyNode):
      * parser/Parser.cpp:
      (JSC::::Parser):
      (JSC::::parseInner):
      (JSC::::parseSourceElements):
      (JSC::::parseTryStatement):
      (JSC::::parseFunctionBody):
      (JSC::::parseFunctionInfo):
      (JSC::::parseAssignmentExpression):
      (JSC::::parseProperty):
      (JSC::::parsePrimaryExpression):
      (JSC::::parseMemberExpression):
      (JSC::::parseUnaryExpression):
      * parser/Parser.h:
      (JSC):
      (JSC::Scope::Scope):
      (JSC::Scope::declareVariable):
      (JSC::Scope::declareParameter):
      (Scope):
      (Parser):
      (JSC::Parser::pushScope):
      (JSC::::parse):
      (JSC::parse):
      * parser/ParserArena.h:
      (IdentifierArena):
      (JSC::IdentifierArena::makeIdentifier):
      (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
      (JSC::IdentifierArena::makeNumericIdentifier):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::SyntaxChecker):
      (JSC::SyntaxChecker::createProperty):
      (JSC::SyntaxChecker::createGetterOrSetterProperty):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::startProfiling):
      (JSC::LegacyProfiler::stopProfiling):
      * profiler/LegacyProfiler.h:
      (JSC):
      * profiler/ProfilerBytecode.cpp:
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      (JSC::Profiler::BytecodeSequence::addSequenceProperties):
      * profiler/ProfilerBytecodes.cpp:
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerCompilation.cpp:
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompiledBytecode.cpp:
      (JSC::Profiler::CompiledBytecode::toJS):
      * profiler/ProfilerDatabase.cpp:
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::toJS):
      (JSC::Profiler::Database::toJSON):
      * profiler/ProfilerDatabase.h:
      (Database):
      * profiler/ProfilerOSRExit.cpp:
      (JSC::Profiler::OSRExit::toJS):
      * profiler/ProfilerOrigin.cpp:
      (JSC::Profiler::Origin::toJS):
      * profiler/ProfilerProfiledBytecodes.cpp:
      (JSC::Profiler::ProfiledBytecodes::toJS):
      * runtime/ArgList.h:
      (MarkedArgumentBuffer):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      (JSC::Arguments::tearOff):
      (JSC::Arguments::didTearOffActivation):
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      (JSC::Arguments::createStructure):
      (Arguments):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::trySetArgument):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BatchedTransitionOptimizer.h:
      (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
      (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
      (BatchedTransitionOptimizer):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      (JSC::constructBoolean):
      (JSC::constructBooleanFromImmediateBoolean):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::BooleanObject):
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (BooleanObject):
      (JSC::BooleanObject::create):
      (JSC::BooleanObject::createStructure):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/Butterfly.h:
      (JSC):
      (Butterfly):
      * runtime/ButterflyInlines.h:
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::createOrGrowArrayRight):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
      * runtime/CodeCache.h:
      (JSC):
      (JSC::SourceCodeValue::SourceCodeValue):
      (CodeCache):
      * runtime/CommonIdentifiers.cpp:
      (JSC):
      (JSC::CommonIdentifiers::CommonIdentifiers):
      * runtime/CommonIdentifiers.h:
      (CommonIdentifiers):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::DateInstance):
      (JSC::DateInstance::finishCreation):
      (JSC::DateInstance::calculateGregorianDateTime):
      (JSC::DateInstance::calculateGregorianDateTimeUTC):
      * runtime/DateInstance.h:
      (DateInstance):
      (JSC::DateInstance::create):
      (JSC::DateInstance::createStructure):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncToJSON):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.cpp:
      (JSC::createError):
      (JSC::createEvalError):
      (JSC::createRangeError):
      (JSC::createReferenceError):
      (JSC::createSyntaxError):
      (JSC::createTypeError):
      (JSC::createURIError):
      (JSC::addErrorInfo):
      (JSC::throwError):
      * runtime/Error.h:
      (JSC):
      (JSC::StrictModeTypeErrorFunction::create):
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::ErrorInstance):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      (JSC::ErrorInstance::create):
      (ErrorInstance):
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::createInterruptedExecutionException):
      (JSC::createTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC):
      (JSC::InterruptedExecutionError::InterruptedExecutionError):
      (JSC::InterruptedExecutionError::create):
      (JSC::InterruptedExecutionError::createStructure):
      (JSC::TerminatedExecutionError::TerminatedExecutionError):
      (JSC::TerminatedExecutionError::create):
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC::EvalExecutable::EvalExecutable):
      (JSC::ProgramExecutable::ProgramExecutable):
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::checkSyntax):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::initializeGlobalProperties):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
      (JSC::FunctionExecutable::fromGlobalCode):
      * runtime/Executable.h:
      (JSC::ExecutableBase::ExecutableBase):
      (JSC::ExecutableBase::finishCreation):
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::create):
      (JSC::NativeExecutable::createStructure):
      (JSC::NativeExecutable::finishCreation):
      (JSC::NativeExecutable::NativeExecutable):
      (JSC::ScriptExecutable::ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::compile):
      (EvalExecutable):
      (JSC::EvalExecutable::create):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (JSC::ProgramExecutable::compile):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::create):
      (JSC::FunctionExecutable::compileForCall):
      (FunctionExecutable):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      (JSC::FunctionExecutable::createStructure):
      (JSC::JSFunction::JSFunction):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::GCActivityCallback):
      * runtime/GCActivityCallbackBlackBerry.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::GetterSetter):
      (JSC::GetterSetter::create):
      (JSC::GetterSetter::setGetter):
      (JSC::GetterSetter::setSetter):
      (JSC::GetterSetter::createStructure):
      * runtime/Identifier.cpp:
      (JSC::Identifier::add):
      (JSC::Identifier::add8):
      (JSC::Identifier::addSlowCase):
      (JSC::Identifier::from):
      (JSC::Identifier::checkCurrentIdentifierTable):
      * runtime/Identifier.h:
      (JSC::Identifier::Identifier):
      (JSC::Identifier::createLCharFromUChar):
      (Identifier):
      (JSC::Identifier::add):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::InternalFunction):
      (JSC::InternalFunction::finishCreation):
      (JSC::InternalFunction::name):
      (JSC::InternalFunction::displayName):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (InternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      (JSC::JSAPIValueWrapper::finishCreation):
      (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::create):
      (JSC::JSActivation::createStructure):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::ContiguousTypeAccessor::setWithValue):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sortVector):
      * runtime/JSArray.h:
      (JSC::JSArray::JSArray):
      (JSArray):
      (JSC::JSArray::shiftCountForShift):
      (JSC::JSArray::unshiftCountForShift):
      (JSC::JSArray::createStructure):
      (JSC::createContiguousArrayButterfly):
      (JSC::createArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      (JSC::constructArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::JSBoundFunction):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::toStringSlowCase):
      * runtime/JSCJSValue.h:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::allocateCell):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSDateMath.cpp:
      (JSC::getDSTOffset):
      (JSC::getUTCOffset):
      (JSC::parseDate):
      * runtime/JSDestructibleObject.h:
      (JSC::JSDestructibleObject::JSDestructibleObject):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::createAllocationProfile):
      (JSC::JSFunction::name):
      (JSC::JSFunction::displayName):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::deleteProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      (JSC::JSFunction::create):
      (JSC::JSFunction::setScope):
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalData.cpp: Removed.
      * runtime/JSGlobalData.h: Removed.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::setGlobalThis):
      (JSC::JSGlobalObject::init):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::resetPrototype):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
      (JSC::JSGlobalObject::createProgramCodeBlock):
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::create):
      (JSGlobalObject):
      (JSC::JSGlobalObject::finishCreation):
      (JSC::JSGlobalObject::vm):
      (JSC::JSGlobalObject::createStructure):
      (JSC::ExecState::dynamicGlobalObject):
      (JSC::constructEmptyArray):
      (DynamicGlobalObjectScope):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoSetter):
      * runtime/JSLock.cpp:
      (JSC::JSLockHolder::JSLockHolder):
      (JSC::JSLockHolder::init):
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::willDestroyGlobalData):
      (JSC::JSLock::lock):
      (JSC::JSLock::unlock):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (JSLockHolder):
      (JSLock):
      (JSC::JSLock::vm):
      (DropAllLocks):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      (JSC::JSNameScope::finishCreation):
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::JSNotAnObject):
      (JSC::JSNotAnObject::create):
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::JSONObject):
      (JSC::JSONObject::finishCreation):
      (Holder):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::stringify):
      (JSC::Stringifier::toJSON):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::Walker):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      (JSC::JSONStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::rageConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::convertUndecidedForValue):
      (JSC::JSObject::convertInt32ForValue):
      (JSC::JSObject::setIndexQuicklyToUndecided):
      (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
      (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::rageEnsureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::setPrototypeWithCycleCheck):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::seal):
      (JSC::JSObject::freeze):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::reifyStaticFunctionsForDelete):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::putDirectNativeFunction):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
      (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
      (DefineOwnPropertyScope):
      (JSC::JSObject::defineOwnNonIndexProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::putByIndexInline):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectOffset):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::isSealed):
      (JSC::JSObject::isFrozen):
      (JSC::JSObject::flattenDictionaryObject):
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::rageEnsureContiguous):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSObject::ensureLength):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::createStructure):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSFinalObject::JSFinalObject):
      (JSC::JSFinalObject::create):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      (JSC::JSPropertyNameIterator::setCachedStructure):
      (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
      (JSC::JSPropertyNameIterator::finishCreation):
      (JSC::StructureRareData::setEnumerationCache):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget):
      * runtime/JSProxy.h:
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSC::JSProxy::JSProxy):
      (JSC::JSProxy::finishCreation):
      (JSProxy):
      * runtime/JSScope.cpp:
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      * runtime/JSScope.h:
      (JSScope):
      (JSC::JSScope::JSScope):
      (JSC::JSScope::vm):
      (JSC::ExecState::vm):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSString.cpp:
      (JSC::JSRopeString::RopeBuilder::expand):
      (JSC::StringObject::create):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      (JSC::JSString::JSString):
      (JSC::JSString::finishCreation):
      (JSC::JSString::create):
      (JSC::JSString::createHasOtherOwner):
      (JSC::JSString::createStructure):
      (JSRopeString):
      (JSC::JSRopeString::RopeBuilder::RopeBuilder):
      (JSC::JSRopeString::RopeBuilder::append):
      (RopeBuilder):
      (JSC::JSRopeString::JSRopeString):
      (JSC::JSRopeString::finishCreation):
      (JSC::JSRopeString::append):
      (JSC::JSRopeString::createNull):
      (JSC::JSRopeString::create):
      (JSC::jsEmptyString):
      (JSC::jsSingleCharacterString):
      (JSC::jsSingleCharacterSubstring):
      (JSC::jsNontrivialString):
      (JSC::jsString):
      (JSC::jsSubstring):
      (JSC::jsSubstring8):
      (JSC::jsOwnedString):
      (JSC::jsStringBuilder):
      (JSC::inlineJSValueNotStringtoString):
      * runtime/JSStringJoiner.cpp:
      (JSC::JSStringJoiner::build):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::createStructure):
      (JSC::JSWithScope::JSWithScope):
      * runtime/JSWrapperObject.h:
      (JSWrapperObject):
      (JSC::JSWrapperObject::createStructure):
      (JSC::JSWrapperObject::JSWrapperObject):
      (JSC::JSWrapperObject::setInternalValue):
      * runtime/LiteralParser.cpp:
      (JSC::::tryJSONPParse):
      (JSC::::makeIdentifier):
      (JSC::::parse):
      * runtime/Lookup.cpp:
      (JSC::HashTable::createTable):
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::initializeIfNeeded):
      (JSC::HashTable::entry):
      (JSC::HashTable::begin):
      (JSC::HashTable::end):
      (HashTable):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::MathObject):
      (JSC::MathObject::finishCreation):
      (JSC::mathProtoFuncSin):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/MemoryStatistics.cpp:
      * runtime/MemoryStatistics.h:
      * runtime/NameConstructor.cpp:
      (JSC::NameConstructor::finishCreation):
      (JSC::constructPrivateName):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.cpp:
      (JSC::NameInstance::NameInstance):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::create):
      (NameInstance):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::NamePrototype):
      (JSC::NamePrototype::finishCreation):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NativeErrorPrototype.cpp:
      (JSC::NativeErrorPrototype::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      (JSC::constructWithNumberConstructor):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::NumberObject):
      (JSC::NumberObject::finishCreation):
      (JSC::constructNumber):
      * runtime/NumberObject.h:
      (NumberObject):
      (JSC::NumberObject::create):
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::finishCreation):
      (JSC::integerValueToString):
      (JSC::numberProtoFuncToString):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      (JSC::constructEmptyObject):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::objectProtoFuncToString):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      * runtime/Operations.h:
      (JSC):
      (JSC::jsString):
      (JSC::jsStringFromArguments):
      (JSC::normalizePrototypeChainForChainAccess):
      (JSC::normalizePrototypeChain):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      (JSC::PropertyTable::createStructure):
      (PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyNameArray.h:
      (JSC::PropertyNameArray::PropertyNameArray):
      (JSC::PropertyNameArray::vm):
      (JSC::PropertyNameArray::addKnownUnique):
      (PropertyNameArray):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      * runtime/RegExp.cpp:
      (JSC::RegExp::RegExp):
      (JSC::RegExp::finishCreation):
      (JSC::RegExp::createWithoutCaching):
      (JSC::RegExp::create):
      (JSC::RegExp::compile):
      (JSC::RegExp::compileIfNecessary):
      (JSC::RegExp::match):
      (JSC::RegExp::compileMatchOnly):
      (JSC::RegExp::compileIfNecessaryMatchOnly):
      * runtime/RegExp.h:
      (JSC):
      (RegExp):
      (JSC::RegExp::createStructure):
      * runtime/RegExpCache.cpp:
      (JSC::RegExpCache::lookupOrCreate):
      (JSC::RegExpCache::RegExpCache):
      (JSC::RegExpCache::addToStrongCache):
      * runtime/RegExpCache.h:
      (RegExpCache):
      * runtime/RegExpCachedResult.cpp:
      (JSC::RegExpCachedResult::lastResult):
      (JSC::RegExpCachedResult::setInput):
      * runtime/RegExpCachedResult.h:
      (JSC::RegExpCachedResult::RegExpCachedResult):
      (JSC::RegExpCachedResult::record):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::RegExpConstructor):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (RegExpConstructor):
      (JSC::RegExpConstructor::performMatch):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      (JSC::RegExpMatchesArray::reifyAllProperties):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::RegExpObject):
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::match):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::create):
      (JSC::RegExpObject::setRegExp):
      (JSC::RegExpObject::setLastIndex):
      (JSC::RegExpObject::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SmallStrings.cpp:
      (JSC::SmallStrings::initializeCommonStrings):
      (JSC::SmallStrings::createEmptyString):
      (JSC::SmallStrings::createSingleCharacterString):
      (JSC::SmallStrings::initialize):
      * runtime/SmallStrings.h:
      (JSC):
      (JSC::SmallStrings::singleCharacterString):
      (SmallStrings):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::put):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation):
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::create):
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::StringObject):
      (JSC::StringObject::finishCreation):
      (JSC::constructString):
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      (JSC::StringObject::createStructure):
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::StringPrototype):
      (JSC::StringPrototype::finishCreation):
      (JSC::removeUsingRegExpSearch):
      (JSC::replaceUsingRegExpSearch):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      (JSC::StringRecursionChecker::~StringRecursionChecker):
      * runtime/Structure.cpp:
      (JSC::StructureTransitionTable::add):
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::toCacheableDictionaryTransition):
      (JSC::Structure::toUncacheableDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::allocateRareData):
      (JSC::Structure::cloneRareDataFrom):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::finishCreation):
      (JSC::Structure::setPrototypeWithoutTransition):
      (JSC::Structure::setGlobalObject):
      (JSC::Structure::setObjectToStringValue):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::setPreviousID):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::StructureChain):
      * runtime/StructureChain.h:
      (JSC::StructureChain::create):
      (JSC::StructureChain::createStructure):
      (JSC::StructureChain::finishCreation):
      (StructureChain):
      * runtime/StructureInlines.h:
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      (JSC::Structure::get):
      (JSC::Structure::setEnumerationCache):
      (JSC::Structure::prototypeChain):
      (JSC::Structure::propertyTable):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::create):
      (JSC::StructureRareData::clone):
      (JSC::StructureRareData::StructureRareData):
      * runtime/StructureRareData.h:
      (StructureRareData):
      * runtime/StructureRareDataInlines.h:
      (JSC::StructureRareData::setPreviousID):
      (JSC::StructureRareData::setObjectToStringValue):
      * runtime/StructureTransitionTable.h:
      (StructureTransitionTable):
      (JSC::StructureTransitionTable::setSingleTransition):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::create):
      (JSC::SharedSymbolTable::createStructure):
      (JSC::SharedSymbolTable::SharedSymbolTable):
      * runtime/VM.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalData.cpp.
      (JSC::VM::VM):
      (JSC::VM::~VM):
      (JSC::VM::createContextGroup):
      (JSC::VM::create):
      (JSC::VM::createLeaked):
      (JSC::VM::sharedInstanceExists):
      (JSC::VM::sharedInstance):
      (JSC::VM::sharedInstanceInternal):
      (JSC::VM::getHostFunction):
      (JSC::VM::ClientData::~ClientData):
      (JSC::VM::resetDateCache):
      (JSC::VM::startSampling):
      (JSC::VM::stopSampling):
      (JSC::VM::discardAllCode):
      (JSC::VM::dumpSampleData):
      (JSC::VM::addSourceProviderCache):
      (JSC::VM::clearSourceProviderCaches):
      (JSC::VM::releaseExecutableMemory):
      (JSC::releaseExecutableMemory):
      (JSC::VM::gatherConservativeRoots):
      (JSC::VM::addRegExpToTrace):
      (JSC::VM::dumpRegExpTrace):
      * runtime/VM.h: Copied from Source/JavaScriptCore/runtime/JSGlobalData.h.
      (VM):
      (JSC::VM::isSharedInstance):
      (JSC::VM::usingAPI):
      (JSC::VM::isInitializingObject):
      (JSC::VM::setInitializingObjectClass):
      (JSC::WeakSet::heap):
      * runtime/WriteBarrier.h:
      (JSC):
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::setMayBeNull):
      (JSC::WriteBarrierBase::setEarlyValue):
      (JSC::WriteBarrier::WriteBarrier):
      * testRegExp.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (main):
      (testOneRegExp):
      (parseRegExpLine):
      (runFromFiles):
      (realMain):
      * yarr/YarrInterpreter.h:
      (BytecodePattern):
      * yarr/YarrJIT.cpp:
      (YarrGenerator):
      (JSC::Yarr::YarrGenerator::compile):
      (JSC::Yarr::jitCompile):
      * yarr/YarrJIT.h:
      (JSC):
      
      ../WebCore: 
      
      * ForwardingHeaders/runtime/JSGlobalData.h: Removed.
      * ForwardingHeaders/runtime/VM.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalData.h.
      * WebCore.exp.in:
      * WebCore.order:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * bindings/js/DOMObjectHashTableMap.cpp:
      (WebCore::DOMObjectHashTableMap::mapFor):
      * bindings/js/DOMObjectHashTableMap.h:
      (JSC):
      (DOMObjectHashTableMap):
      * bindings/js/DOMWrapperWorld.cpp:
      (WebCore::DOMWrapperWorld::DOMWrapperWorld):
      (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
      (WebCore::normalWorld):
      (WebCore::mainThreadNormalWorld):
      * bindings/js/DOMWrapperWorld.h:
      (WebCore::DOMWrapperWorld::create):
      (WebCore::DOMWrapperWorld::vm):
      (DOMWrapperWorld):
      (WebCore):
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::get):
      (WebCore::set):
      (WebCore::deserializeIDBValue):
      (WebCore::deserializeIDBValueBuffer):
      (WebCore::idbKeyToScriptValue):
      * bindings/js/JSCallbackData.h:
      (WebCore::JSCallbackData::JSCallbackData):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver):
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::getHashTableForGlobalData):
      (WebCore::reportException):
      (WebCore::cacheDOMStructure):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::DOMConstructorWithDocument::finishCreation):
      (WebCore::getDOMStructure):
      (WebCore::setInlineCachedWrapper):
      (WebCore):
      (WebCore::jsStringWithCache):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::finishCreation):
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::JSDOMWindowBase::updateDocument):
      (WebCore::JSDOMWindowBase::commonVM):
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::setLocation):
      (WebCore::DialogHandler::dialogCreated):
      (WebCore::DialogHandler::returnValue):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::finishCreation):
      (WebCore::JSDOMWindowShell::setWindow):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::create):
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSDOMWrapper.h:
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::createAccelerationObject):
      (WebCore::createRotationRateObject):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDictionary.h:
      (WebCore::JSDictionary::JSDictionary):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::setWrapper):
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::all):
      (WebCore::JSHTMLDocument::setAll):
      * bindings/js/JSHTMLTemplateElementCustom.cpp:
      (WebCore::JSHTMLTemplateElement::content):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::state):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::functionDetails):
      (WebCore::getJSListenerFunctions):
      (WebCore::JSInjectedScriptHost::getEventListeners):
      (WebCore::JSInjectedScriptHost::inspect):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::JSMessageEvent::data):
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSMutationCallback.cpp:
      (WebCore::JSMutationCallback::call):
      * bindings/js/JSMutationObserverCustom.cpp:
      (WebCore::JSMutationObserverConstructor::constructJSMutationObserver):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCondition.h:
      (WebCore::JSNodeFilterCondition::create):
      (JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::toNodeFilter):
      * bindings/js/JSPopStateEventCustom.cpp:
      (WebCore::cacheState):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JSSQLResultSetRowListCustom.cpp:
      (WebCore::JSSQLResultSetRowList::item):
      * bindings/js/JSWorkerContextBase.cpp:
      (WebCore::JSWorkerContextBase::JSWorkerContextBase):
      (WebCore::JSWorkerContextBase::finishCreation):
      * bindings/js/JSWorkerContextBase.h:
      (WebCore::JSWorkerContextBase::createStructure):
      (JSWorkerContextBase):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::ScheduledAction):
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScheduledAction.h:
      (WebCore::ScheduledAction::ScheduledAction):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      (WebCore::createScriptArguments):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::createWindowShell):
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::createWorld):
      (WebCore::ScriptController::getAllWorlds):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::clearScriptObjects):
      (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandler):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptGCEvent.cpp:
      (WebCore::ScriptGCEvent::getHeapSize):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptObject::ScriptObject):
      (WebCore::ScriptGlobalObject::set):
      * bindings/js/ScriptState.h:
      (WebCore):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::deserialize):
      * bindings/js/ScriptValue.h:
      (WebCore::ScriptValue::ScriptValue):
      * bindings/js/ScriptWrappable.h:
      (JSC):
      (ScriptWrappable):
      * bindings/js/ScriptWrappableInlines.h:
      (WebCore::ScriptWrappable::setWrapper):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::readTerminal):
      (WebCore::SerializedScriptValue::deserializeForInspector):
      (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
      * bindings/js/WebCoreJSClientData.h:
      (WebCoreJSClientData):
      (WebCore::initNormalWorldClientData):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::WorkerScriptController):
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::scheduleExecutionTermination):
      (WebCore::WorkerScriptController::isExecutionTerminating):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/js/WorkerScriptController.h:
      (JSC):
      (WebCore::WorkerScriptController::vm):
      (WorkerScriptController):
      * bindings/js/WorkerScriptDebugServer.cpp:
      (WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateCallbackImplementation):
      (JSValueToNative):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::getJSFloat64ArrayConstructorTable):
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::getJSFloat64ArrayPrototypeTable):
      (WebCore::getJSFloat64ArrayTable):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::createPrototype):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::create):
      (WebCore::JSFloat64Array::createStructure):
      (JSFloat64Array):
      (WebCore::JSFloat64ArrayPrototype::create):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayPrototype::JSFloat64ArrayPrototype):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::createPrototype):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::create):
      (WebCore::JSTestActiveDOMObject::createStructure):
      (JSTestActiveDOMObject):
      (WebCore::JSTestActiveDOMObjectPrototype::create):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::createPrototype):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::create):
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (JSTestCustomNamedGetter):
      (WebCore::JSTestCustomNamedGetterPrototype::create):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::create):
      (WebCore::JSTestEventConstructor::createStructure):
      (JSTestEventConstructor):
      (WebCore::JSTestEventConstructorPrototype::create):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::createPrototype):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      (WebCore::JSTestEventTarget::createStructure):
      (JSTestEventTarget):
      (WebCore::JSTestEventTargetPrototype::create):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::createPrototype):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::create):
      (WebCore::JSTestException::createStructure):
      (JSTestException):
      (WebCore::JSTestExceptionPrototype::create):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::createPrototype):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::create):
      (WebCore::JSTestInterface::createStructure):
      (JSTestInterface):
      (WebCore::JSTestInterfacePrototype::create):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::createPrototype):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::create):
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (JSTestMediaQueryListListener):
      (WebCore::JSTestMediaQueryListListenerPrototype::create):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::create):
      (WebCore::JSTestNamedConstructor::createStructure):
      (JSTestNamedConstructor):
      (WebCore::JSTestNamedConstructorPrototype::create):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::createPrototype):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::create):
      (WebCore::JSTestNode::createStructure):
      (JSTestNode):
      (WebCore::JSTestNodePrototype::create):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodePrototype::JSTestNodePrototype):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::createPrototype):
      (WebCore::jsTestObjCachedAttribute1):
      (WebCore::jsTestObjCachedAttribute2):
      (WebCore::setJSTestObjConditionalAttr4Constructor):
      (WebCore::setJSTestObjConditionalAttr5Constructor):
      (WebCore::setJSTestObjConditionalAttr6Constructor):
      (WebCore::setJSTestObjAnyAttribute):
      (WebCore::setJSTestObjReplaceableAttribute):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::create):
      (WebCore::JSTestObj::createStructure):
      (JSTestObj):
      (WebCore::JSTestObjPrototype::create):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjPrototype::JSTestObjPrototype):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::createPrototype):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::create):
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (JSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsPrototype::create):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::createPrototype):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::create):
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (JSTestSerializedScriptValueInterface):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::create):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::createPrototype):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::create):
      (WebCore::JSTestTypedefs::createStructure):
      (JSTestTypedefs):
      (WebCore::JSTestTypedefsPrototype::create):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::createStructure):
      (ObjCRuntimeMethod::finishCreation):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (JSC::RuntimeMethod::createStructure):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      (JSC::Bindings::RuntimeObject::finishCreation):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::RootObject):
      (JSC::Bindings::RootObject::gcProtect):
      (JSC::Bindings::RootObject::gcUnprotect):
      (JSC::Bindings::RootObject::updateGlobalObject):
      (JSC::Bindings::RootObject::addRuntimeObject):
      * bridge/runtime_root.h:
      (RootObject):
      * dom/Node.cpp:
      * dom/Node.h:
      (JSC):
      * dom/ScriptExecutionContext.cpp:
      (WebCore::ScriptExecutionContext::vm):
      * dom/ScriptExecutionContext.h:
      (JSC):
      (ScriptExecutionContext):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * inspector/ScriptArguments.cpp:
      (WebCore::ScriptArguments::ScriptArguments):
      * loader/icon/IconDatabaseBase.cpp:
      (WebCore):
      (WebCore::iconDatabase):
      (WebCore::setGlobalIconDatabase):
      * platform/qt/MemoryUsageSupportQt.cpp:
      (WebCore::memoryUsageKB):
      (WebCore::actualMemoryUsageKB):
      * platform/win/ClipboardUtilitiesWin.cpp:
      (WebCore::createGlobalData):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::platformStart):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      ../WebKit/blackberry: 
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebKitSupport/AboutData.cpp:
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::javaScriptObjectsCount):
      
      ../WebKit/efl: 
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::javaScriptObjectsCount):
      
      ../WebKit/gtk: 
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      ../WebKit/mac: 
      
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.h:
      (LocalObjectMap):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::LocalObjectMap::idForObject):
      (WebKit::NetscapePluginInstanceProxy::getWindowNPObject):
      (WebKit::NetscapePluginInstanceProxy::getPluginElementNPObject):
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::createStructure):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::create):
      (WebKit::ProxyRuntimeObject::createStructure):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebKit.order:
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.mm:
      (WebScriptDebugger::WebScriptDebugger):
      
      ../WebKit/qt: 
      
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::javaScriptObjectsCount):
      * WebCoreSupport/QWebFrameAdapter.cpp:
      (QWebFrameAdapter::addToJavaScriptWindowObject):
      
      ../WebKit/win: 
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      
      ../WebKit2: 
      
      * Shared/linux/WebMemorySamplerLinux.cpp:
      (WebKit::WebMemorySampler::sampleWebKit):
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      (WebKit::JSNPMethod::createStructure):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::JSNPObject):
      (WebKit::JSNPObject::finishCreation):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (WebKit::JSNPObject::create):
      (WebKit::JSNPObject::createStructure):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::create):
      (WebKit::NPJSObject::initialize):
      * WebProcess/Plugins/Netscape/NPJSObject.h:
      (JSC):
      (NPJSObject):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
      (JSC):
      (NPRuntimeObjectMap):
      * WebProcess/Plugins/PluginView.cpp:
      (WebKit::PluginView::windowScriptNPObject):
      (WebKit::PluginView::pluginElementNPObject):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148696 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a9a4b52
  12. 17 Apr, 2013 1 commit
    • mark.lam@apple.com's avatar
      Source/JavaScriptCore: Add LLINT and baseline JIT support for timing out scripts. · dff6b22e
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114577.
      
      Reviewed by Geoffrey Garen.
      
      Introduces the new Watchdog class which is used to track script
      execution time, and initiate script termination if needed.
      
      * API/JSContextRef.cpp:
      (internalScriptTimeoutCallback):
      (JSContextGroupSetExecutionTimeLimit):
      (JSContextGroupClearExecutionTimeLimit):
      * API/JSContextRefPrivate.h:
      - Added new script execution time limit APIs.
      * API/tests/testapi.c:
      (currentCPUTime):
      (shouldTerminateCallback):
      (cancelTerminateCallback):
      (extendTerminateCallback):
      (main):
      - Added new API tests for script execution time limit.
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitLoopHint):
      - loop hints are needed for the llint as well. Hence, it will be
        emitted unconditionally.
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::addStackTraceIfNecessary):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      - Added checks for script termination before entering script code.
      * jit/JIT.cpp:
      (JSC::JIT::emitWatchdogTimerCheck):
      * jit/JIT.h:
      (JSC::JIT::emit_op_loop_hint):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION(void, handle_watchdog_timer)):
      * jit/JITStubs.h:
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::doThrow):
      - Factored out some common code from returnToThrow() and callToThrow().
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)):
      * llint/LLIntSlowPaths.h:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ExceptionHelpers.cpp:
      (JSC::throwTerminatedExecutionException):
      - Also removed the now unused InterruptedExecutionException.
      * runtime/ExceptionHelpers.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      - Added watchdog, and removed the now obsolete Terminator.
      * runtime/Terminator.h: Removed.
      * runtime/Watchdog.cpp: Added.
      (JSC::Watchdog::Watchdog):
      (JSC::Watchdog::~Watchdog):
      (JSC::Watchdog::setTimeLimit):
      (JSC::Watchdog::didFire):
      (JSC::Watchdog::isEnabled):
      (JSC::Watchdog::fire):
      (JSC::Watchdog::arm):
      (JSC::Watchdog::disarm):
      (JSC::Watchdog::startCountdownIfNeeded):
      (JSC::Watchdog::startCountdown):
      (JSC::Watchdog::stopCountdown):
      (JSC::Watchdog::Scope::Scope):
      (JSC::Watchdog::Scope::~Scope):
      * runtime/Watchdog.h: Added.
      (Watchdog):
      (JSC::Watchdog::didFire):
      (JSC::Watchdog::timerDidFireAddress):
      (JSC::Watchdog::isArmed):
      (Watchdog::Scope):
      * runtime/WatchdogMac.cpp: Added.
      (JSC::Watchdog::initTimer):
      (JSC::Watchdog::destroyTimer):
      (JSC::Watchdog::startTimer):
      (JSC::Watchdog::stopTimer):
      * runtime/WatchdogNone.cpp: Added.
      (JSC::Watchdog::initTimer):
      (JSC::Watchdog::destroyTimer):
      (JSC::Watchdog::startTimer):
      (JSC::Watchdog::stopTimer):
      
      Source/WebCore: Add LLINT and baseline JIT support for timing out scripts.
      https://bugs.webkit.org/show_bug.cgi?id=114577.
      
      Reviewed by Geoffrey Garen.
      
      Replaced use of the obsolete JSGlobalData.terminator methods with the
      JSGlobalData.watchdog equivalents.
      
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::scheduleExecutionTermination):
      (WebCore::WorkerScriptController::isExecutionTerminating):
      
      Source/WTF: Added currentCPUTime() and currentCPUTimeMS().
      https://bugs.webkit.org/show_bug.cgi?id=114577.
      
      Reviewed by Geoffrey Garen.
      
      The currentCPUTime() implementation came from the old TimeoutChecker.cpp.
      
      * wtf/CurrentTime.cpp:
      (WTF::currentCPUTime):
      (WTF::currentCPUTimeMS):
      * wtf/CurrentTime.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148639 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dff6b22e
  13. 15 Apr, 2013 1 commit
    • andersca@apple.com's avatar
      ScriptWrappable subclasses shouldn't have to include WeakInlines.h · 87a467cc
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114641
      
      Reviewed by Alexey Proskuryakov.
      
      Source/JavaScriptCore:
      
      Move back the Weak constructor, destructor and clear() to Weak.h. Add a new weakClearSlowCase function
      and put it in Weak.cpp.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * heap/Weak.cpp: Added.
      * heap/Weak.h:
      * heap/WeakInlines.h:
      * heap/WeakSetInlines.h:
      
      Source/WebCore:
      
      Remove ScriptWrappableInlines.h includes, they're not needed anymore.
      
      * css/WebKitCSSMatrix.cpp:
      * dom/ClientRect.cpp:
      * dom/ClientRectList.cpp:
      * dom/Clipboard.cpp:
      * dom/DOMStringMap.cpp:
      * dom/Event.cpp:
      * dom/MutationRecord.cpp:
      * fileapi/FileList.cpp:
      * page/BarInfo.cpp:
      * plugins/DOMMimeTypeArray.cpp:
      * plugins/DOMPlugin.cpp:
      * plugins/DOMPluginArray.cpp:
      * storage/Storage.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148479 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      87a467cc
  14. 10 Apr, 2013 1 commit
    • ggaren@apple.com's avatar
      Removed bitrotted TimeoutChecker code · 285b5e22
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114336
      
      Reviewed by Alexey Proskuryakov.
      
      ../JavaScriptCore: 
      
      This mechanism hasn't worked for a while.
      
      MarkL is working on a new version of this feature with a distinct
      implementation.
      
      * API/APIShims.h:
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APIEntryShim::init):
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGGPRInfo.h:
      * jit/JIT.cpp:
      * jit/JIT.h:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/JSInterfaceJIT.h:
      (JSInterfaceJIT):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Walker::walk):
      * runtime/TimeoutChecker.cpp: Removed.
      * runtime/TimeoutChecker.h: Removed.
      
      ../WebCore: 
      
      This mechanism hasn't worked for a while.
      
      MarkL is working on a new version of this feature with a distinct
      implementation.
      
      * bindings/js/JSCallbackData.cpp:
      (WebCore::JSCallbackData::invokeCallback):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::commonJSGlobalData):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSMutationCallback.cpp:
      (WebCore::JSMutationCallback::call):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::evaluateInWorld):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneBase::CloneBase):
      (WebCore::CloneSerializer::serialize):
      (WebCore::CloneDeserializer::deserialize):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::evaluate):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      
      ../WebKit/blackberry: 
      
      * Api/WebPage.cpp:
      (BlackBerry::WebKit::WebPage::setTimeoutForJavaScriptExecution):
      
      ../WebKit/mac: 
      
      This mechanism hasn't worked for a while.
      
      MarkL is working on a new version of this feature with a distinct
      implementation.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      
      ../WebKit/qt: 
      
      * WebCoreSupport/FrameLoaderClientQt.cpp:
      (WebCore::FrameLoaderClientQt::createDocumentLoader):
      
      ../WebKit2: 
      
      This mechanism hasn't worked for a while.
      
      MarkL is working on a new version of this feature with a distinct
      implementation.
      
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::construct):
      (WebKit::NPJSObject::invoke):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::evaluate):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148119 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      285b5e22
  15. 01 Apr, 2013 2 commits
    • mhahnenberg@apple.com's avatar
      Fixing borked VS 2010 project file · d6690ced
      mhahnenberg@apple.com authored
      Unreviewed bot greening.
      
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@147335 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d6690ced
    • mhahnenberg@apple.com's avatar
      Regions should be allocated from the same contiguous segment of virtual memory · 944b1216
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=113662
      
      Reviewed by Filip Pizlo.
      
      Instead of letting the OS spread our Regions all over the place, we should allocate them all within 
      some range of each other. This change will open the door to some other optimizations, e.g. doing simple 
      range checks for our write barriers and compressing JSCell pointers to 32-bits.
      
      Source/JavaScriptCore: 
      
      Added new SuperRegion class that encapsulates allocating Regions from a contiguous reserved chunk of 
      virtual address space. It functions very similarly to the FixedVMPoolExecutableAllocator class used by the JIT.
      
      Also added two new subclasses of Region, NormalRegion and ExcessRegion. 
              
      NormalRegion is the type of Region that is normally allocated when there is available space remaining 
      in the SuperRegion. If we ever run out of space in the SuperRegion, we fall back to allocating 
      ExcessRegions, which are identical to how Regions have behaved up until now, i.e. they contain a 
      PageAllocationAligned.
      
      We only use the SuperRegion (and NormalRegions) on 64-bit systems, since it doesn't make sense to reserve the 
      entire 4 GB address space on 32-bit systems just for the JS heap.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * heap/BlockAllocator.cpp:
      (JSC::BlockAllocator::BlockAllocator):
      * heap/BlockAllocator.h:
      (JSC):
      (BlockAllocator):
      (JSC::BlockAllocator::allocate):
      (JSC::BlockAllocator::allocateCustomSize):
      (JSC::BlockAllocator::deallocateCustomSize):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC):
      (JSC::Heap::didExceedFixedHeapSizeLimit):
      * heap/Heap.h:
      (Heap):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      * heap/Region.h:
      (Region):
      (JSC):
      (NormalRegion):
      (JSC::NormalRegion::base):
      (JSC::NormalRegion::size):
      (ExcessRegion):
      (JSC::ExcessRegion::base):
      (JSC::ExcessRegion::size):
      (JSC::NormalRegion::NormalRegion):
      (JSC::NormalRegion::tryCreate):
      (JSC::NormalRegion::tryCreateCustomSize):
      (JSC::NormalRegion::reset):
      (JSC::ExcessRegion::ExcessRegion):
      (JSC::ExcessRegion::~ExcessRegion):
      (JSC::ExcessRegion::create):
      (JSC::ExcessRegion::createCustomSize):
      (JSC::ExcessRegion::reset):
      (JSC::Region::Region):
      (JSC::Region::initializeBlockList):
      (JSC::Region::create):
      (JSC::Region::createCustomSize):
      (JSC::Region::~Region):
      (JSC::Region::destroy):
      (JSC::Region::reset):
      (JSC::Region::deallocate):
      (JSC::Region::base):
      (JSC::Region::size):
      * heap/SuperRegion.cpp: Added.
      (JSC):
      (JSC::SuperRegion::SuperRegion):
      (JSC::SuperRegion::getAlignedBase):
      (JSC::SuperRegion::allocateNewSpace):
      (JSC::SuperRegion::notifyNeedPage):
      (JSC::SuperRegion::notifyPageIsFree):
      * heap/SuperRegion.h: Added.
      (JSC):
      (SuperRegion):
      
      Source/WTF: 
      
      * wtf/MetaAllocator.cpp: Changed the MetaAllocator to allow custom page sizes if the derived class wants to
      use something other than the system page size.
      (WTF::MetaAllocator::MetaAllocator):
      * wtf/MetaAllocator.h:
      (MetaAllocator):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@147324 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      944b1216
  16. 30 Mar, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      Move Region into its own header · 4b14805e
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=113617
      
      Reviewed by Geoffrey Garen.
      
      BlockAllocator.h is getting a little crowded. We should move the Region class into its own
      header, since it's pretty independent from the BlockAllocator.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/BlockAllocator.h:
      (JSC):
      * heap/Region.h: Added.
      (JSC):
      (DeadBlock):
      (JSC::DeadBlock::DeadBlock):
      (Region):
      (JSC::Region::blockSize):
      (JSC::Region::isFull):
      (JSC::Region::isEmpty):
      (JSC::Region::isCustomSize):
      (JSC::Region::create):
      (JSC::Region::createCustomSize):
      (JSC::Region::Region):
      (JSC::Region::~Region):
      (JSC::Region::reset):
      (JSC::Region::allocate):
      (JSC::Region::deallocate):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@147282 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4b14805e
  17. 24 Mar, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      HandleSet should use HeapBlocks for storing handles · 94b9c7da
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=113145
      
      Reviewed by Geoffrey Garen.
      
      * GNUmakefile.list.am: Build project changes.
      * JavaScriptCore.gypi: Ditto.
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Ditto.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
      * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
      * heap/BlockAllocator.cpp: Rename the RegionSet to m_fourKBBlockRegionSet because there are 
      too many block types to include them all in the name now.
      (JSC::BlockAllocator::BlockAllocator):
      * heap/BlockAllocator.h:
      (BlockAllocator): Add the appropriate override for regionSetFor.
      (JSC::WeakBlock):
      (JSC::MarkStackSegment):
      (JSC::HandleBlock):
      * heap/HandleBlock.h: Added.
      (HandleBlock): New class for HandleBlocks.
      (JSC::HandleBlock::blockFor): Static method to get the block of the given HandleNode pointer. Allows
      us to quickly figure out which HandleSet the HandleNode belongs to without storing the pointer to it
      in the HandleNode.
      (JSC::HandleBlock::handleSet): Getter.
      * heap/HandleBlockInlines.h: Added.
      (JSC::HandleBlock::create):
      (JSC::HandleBlock::HandleBlock):
      (JSC::HandleBlock::payloadEnd):
      (JSC::HandleBlock::payload):
      (JSC::HandleBlock::nodes):
      (JSC::HandleBlock::nodeAtIndex):
      (JSC::HandleBlock::nodeCapacity):
      * heap/HandleSet.cpp:
      (JSC::HandleSet::~HandleSet): 
      (JSC::HandleSet::grow):
      * heap/HandleSet.h:
      (HandleNode): Move the internal Node class from HandleSet to be its own public class so it can be 
      used by HandleBlock.
      (HandleSet): Add a typedef so that Node refers to the new HandleNode class.
      (JSC::HandleSet::toHandle):
      (JSC::HandleSet::toNode):
      (JSC::HandleSet::allocate):
      (JSC::HandleSet::deallocate):
      (JSC::HandleNode::HandleNode):
      (JSC::HandleNode::slot):
      (JSC::HandleNode::handleSet): Use the new blockFor static function to get the right HandleBlock and lookup 
      the HandleSet.
      (JSC::HandleNode::setPrev):
      (JSC::HandleNode::prev):
      (JSC::HandleNode::setNext):
      (JSC::HandleNode::next):
      (JSC::HandleSet::forEachStrongHandle):
      * heap/Heap.h: Friend HandleSet so that it can access the BlockAllocator when allocating HandleBlocks.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146734 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      94b9c7da
  18. 21 Mar, 2013 2 commits
    • roger_fong@apple.com's avatar
      Move common props files for VS2010 solution to WebKitLibraries folder and... · 356fb46a
      roger_fong@apple.com authored
      Move common props files for VS2010 solution to WebKitLibraries folder and update all projects accordingly.
      
      * WebKit.vcxproj/FeatureDefines.props: Removed.
      * WebKit.vcxproj/FeatureDefinesCairo.props: Removed.
      * WebKit.vcxproj/WebKit/cURL.props: Removed.
      * WebKit.vcxproj/WinCairo.props: Removed.
      * WebKit.vcxproj/common.props: Removed.
      * WebKit.vcxproj/debug.props: Removed.
      * WebKit.vcxproj/debug_wincairo.props: Removed.
      * WebKit.vcxproj/debugsuffix.props: Removed.
      * WebKit.vcxproj/production.props: Removed.
      * WebKit.vcxproj/release.props: Removed.
      * win/tools/vsprops/FeatureDefines.props: Copied from ../Source/WebKit/WebKit.vcxproj/FeatureDefines.props.
      * win/tools/vsprops/FeatureDefinesCairo.props: Copied from ../Source/WebKit/WebKit.vcxproj/FeatureDefinesCairo.props.
      * win/tools/vsprops/WinCairo.props: Copied from ../Source/WebKit/WebKit.vcxproj/WinCairo.props.
      * win/tools/vsprops/cURL.props: Copied from ../Source/WebKit/WebKit.vcxproj/WebKit/cURL.props.
      * win/tools/vsprops/common.props: Copied from ../Source/WebKit/WebKit.vcxproj/common.props.
      * win/tools/vsprops/debug.props: Copied from ../Source/WebKit/WebKit.vcxproj/debug.props.
      * win/tools/vsprops/debug_wincairo.props: Copied from ../Source/WebKit/WebKit.vcxproj/debug_wincairo.props.
      * win/tools/vsprops/debugsuffix.props: Copied from ../Source/WebKit/WebKit.vcxproj/debugsuffix.props.
      * win/tools/vsprops/production.props: Copied from ../Source/WebKit/WebKit.vcxproj/production.props.
      * win/tools/vsprops/release.props: Copied from ../Source/WebKit/WebKit.vcxproj/release.props.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146530 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      356fb46a
    • mhahnenberg@apple.com's avatar
      Objective-C API: wrapperClass holds a static JSClassRef, which causes JSGlobalObjects to leak · ff81d056
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112856
      
      Reviewed by Geoffrey Garen.
      
      Through a very convoluted path that involves the caching of prototypes on the JSClassRef, we can leak 
      JSGlobalObjects when inserting an Objective-C object into multiple independent JSContexts.
      
      * API/JSAPIWrapperObject.cpp: Removed.
      * API/JSAPIWrapperObject.h:
      (JSAPIWrapperObject):
      * API/JSAPIWrapperObject.mm: Copied from Source/JavaScriptCore/API/JSAPIWrapperObject.cpp. Made this an
      Objective-C++ file so that we can call release on the wrappedObject. Also added a WeakHandleOwner for 
      JSAPIWrapperObjects. This will also be used in a future patch for https://bugs.webkit.org/show_bug.cgi?id=112608.
      (JSAPIWrapperObjectHandleOwner):
      (jsAPIWrapperObjectHandleOwner):
      (JSAPIWrapperObjectHandleOwner::finalize): This finalize replaces the old finalize that was done through
      the C API.
      (JSC::JSAPIWrapperObject::finishCreation): Allocate the WeakImpl. Balanced in finalize.
      (JSC::JSAPIWrapperObject::setWrappedObject): We now do the retain of the wrappedObject here rather than in random
      places scattered around JSWrapperMap.mm
      * API/JSObjectRef.cpp: Added some ifdefs for platforms that don't support the Obj-C API.
      (JSObjectGetPrivate): Ditto.
      (JSObjectSetPrivate): Ditto.
      (JSObjectGetPrivateProperty): Ditto.
      (JSObjectSetPrivateProperty): Ditto.
      (JSObjectDeletePrivateProperty): Ditto.
      * API/JSValueRef.cpp: Ditto.
      (JSValueIsObjectOfClass): Ditto.
      * API/JSWrapperMap.mm: Remove wrapperClass().
      (objectWithCustomBrand): Change to no longer use a parent class, which was only used to give the ability to 
      finalize wrapper objects.
      (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]): Change to no longer use wrapperClass(). 
      (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): Ditto.
      (tryUnwrapObjcObject): We now check if the object inherits from JSAPIWrapperObject.
      * API/tests/testapi.mm: Added a test that exports an Objective-C object to two different JSContexts and makes 
      sure that the first one is collected properly by using a weak JSManagedValue for the wrapper in the first JSContext.
      * CMakeLists.txt: Build file modifications.
      * GNUmakefile.list.am: Ditto.
      * JavaScriptCore.gypi: Ditto.
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Ditto.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
      * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
      * runtime/JSGlobalObject.cpp: More ifdefs for unsupported platforms.
      (JSC::JSGlobalObject::reset): Ditto.
      (JSC::JSGlobalObject::visitChildren): Ditto.
      * runtime/JSGlobalObject.h: Ditto.
      (JSGlobalObject): Ditto.
      (JSC::JSGlobalObject::objcCallbackFunctionStructure): Ditto.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146494 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ff81d056
  19. 18 Mar, 2013 2 commits
    • roger_fong@apple.com's avatar
      AppleWin VS2010 Debug configuration build fix.. · 89b0a9a9
      roger_fong@apple.com authored
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146131 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      89b0a9a9
    • bfulgham@webkit.org's avatar
      [WinCairo] Get build working under VS2010. · 711a0945
      bfulgham@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=112604
      
      Reviewed by Tim Horton.
      
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add build targets for
      Debug_WinCairo and Release_WinCairo using CFLite.
      * JavaScriptCore.vcxproj/JavaScriptCoreCFLite.props: Added.
      * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props: Added.
      * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
      Add Debug_WinCairo and Release_WinCairo build targets to
      make sure headers are copied to proper build folder.
      * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Ditto.
      * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props: Added.
      * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
      Add Debug_WinCairo and Release_WinCairo build targets to
      make sure headers are copied to proper build folder.
      * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
      Ditto.
      * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
      Ditto.
      * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Ditto.
      * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto.
      * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146123 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      711a0945
  20. 07 Mar, 2013 1 commit
  21. 06 Mar, 2013 1 commit
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 85b26820
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Geoffrey Garen.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      This time it should stick; I've been through all the tests with COLLECT_ON_EVERY_ALLOCATION.
      The issue with the last version was that Structure::m_offset could be used uninitialized
      when re-materializing a previously GC'd property table, causing some sanity checks to fail.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
          Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
          Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
          zaps the property table.
      
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureInlines.h:
      (JSC::Structure::propertyTable):
      
          Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
          Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
          Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
      
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      
          Added for setting up the property table in a new transition, this code is now shared between
          addPropertyTransition() and nonPropertyTransition().
      
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
          Add a global propertyTableStructure.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
          Make PropertyTable a GC object.
      
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::checkConsistency):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144910 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85b26820
  22. 05 Mar, 2013 1 commit
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r144708. · 0c94dc67
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/144708
      https://bugs.webkit.org/show_bug.cgi?id=111447
      
      random assertion crashes in inspector tests on qt+mac bots
      (Requested by kling on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-03-05
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::visitChildren):
      (JSC::Structure::checkConsistency):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144767 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0c94dc67
  23. 04 Mar, 2013 1 commit
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 9f23adb0
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Geoffrey Garen.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
          Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
          Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
          zaps the property table.
      
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureInlines.h:
      (JSC::Structure::propertyTable):
      
          Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
          Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
          Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
      
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
          Add a global propertyTableStructure.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
          Make PropertyTable a GC object.
      
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::checkConsistency):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144708 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9f23adb0
  24. 26 Feb, 2013 4 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r144074. · a5683e34
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/144074
      https://bugs.webkit.org/show_bug.cgi?id=110897
      
      Causing 20+ crashes on Mac (Requested by bradee-oh on
      #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-26
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144113 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a5683e34
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 1c5bd24a
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Filip Pizlo.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/StructureInlines.h:
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      (Structure):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144074 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c5bd24a
    • akling@apple.com's avatar
      Unreviewed, rolling out r144054. · f9f6d217
      akling@apple.com authored
      http://trac.webkit.org/changeset/144054
      https://bugs.webkit.org/show_bug.cgi?id=110854
      
      broke builds
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f9f6d217
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 11193c50
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Filip Pizlo.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/StructureInlines.h:
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      (Structure):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144054 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      11193c50