1. 04 Dec, 2013 1 commit
    • commit-queue@webkit.org's avatar
      Fix !ENABLE(JAVASCRIPT_DEBUGGER) build. · 2585f3b2
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=125083
      
      Patch by Peter Molnar <pmolnar.u-szeged@partner.samsung.com> on 2013-12-04
      Reviewed by Mark Lam.
      
      * debugger/Debugger.cpp:
      * debugger/Debugger.h:
      (JSC::Debugger::Debugger):
      (JSC::Debugger::needsOpDebugCallbacks):
      (JSC::Debugger::needsExceptionCallbacks):
      (JSC::Debugger::detach):
      (JSC::Debugger::sourceParsed):
      (JSC::Debugger::exception):
      (JSC::Debugger::atStatement):
      (JSC::Debugger::callEvent):
      (JSC::Debugger::returnEvent):
      (JSC::Debugger::willExecuteProgram):
      (JSC::Debugger::didExecuteProgram):
      (JSC::Debugger::didReachBreakpoint):
      * debugger/DebuggerPrimitives.h:
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_debug):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_debug):
      * llint/LLIntOfflineAsmConfig.h:
      * llint/LowLevelInterpreter.asm:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160082 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2585f3b2
  2. 03 Dec, 2013 8 commits
  3. 02 Dec, 2013 10 commits
    • mark.lam@apple.com's avatar
      Build failure when disabling JIT, YARR_JIT, and ASSEMBLER. · 10190c45
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=123809.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Also fixed build when disabling the DISASSEMBLER.
      Added some needed #if's and some comments.
      
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      * dfg/DFGDisassembler.cpp:
      * dfg/DFGDisassembler.h:
      (JSC::DFG::Disassembler::Disassembler):
      (JSC::DFG::Disassembler::setStartOfCode):
      (JSC::DFG::Disassembler::setForBlockIndex):
      (JSC::DFG::Disassembler::setForNode):
      (JSC::DFG::Disassembler::setEndOfMainPath):
      (JSC::DFG::Disassembler::setEndOfCode):
      (JSC::DFG::Disassembler::dump):
      (JSC::DFG::Disassembler::reportToProfiler):
      * disassembler/Disassembler.cpp:
      * disassembler/X86Disassembler.cpp:
      * jit/FPRInfo.h:
      * jit/GPRInfo.h:
      * jit/JITDisassembler.cpp:
      * jit/JITDisassembler.h:
      (JSC::JITDisassembler::JITDisassembler):
      (JSC::JITDisassembler::setStartOfCode):
      (JSC::JITDisassembler::setForBytecodeMainPath):
      (JSC::JITDisassembler::setForBytecodeSlowPath):
      (JSC::JITDisassembler::setEndOfSlowPath):
      (JSC::JITDisassembler::setEndOfCode):
      (JSC::JITDisassembler::dump):
      (JSC::JITDisassembler::reportToProfiler):
      
      Source/WTF: 
      
      * wtf/Platform.h:
      - Ensure that the ASSEMBLER is enabled when the DISASSEMBLER is enabled.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159987 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10190c45
    • fpizlo@apple.com's avatar
      Baseline JIT calls to CommonSlowPaths shouldn't restore the last result · fa3a0000
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=125107
      
      Reviewed by Mark Hahnenberg.
      
      Just killing dead code.
      
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emitSlow_op_negate):
      (JSC::JIT::emitSlow_op_lshift):
      (JSC::JIT::emitSlow_op_rshift):
      (JSC::JIT::emitSlow_op_urshift):
      (JSC::JIT::emitSlow_op_bitand):
      (JSC::JIT::emitSlow_op_inc):
      (JSC::JIT::emitSlow_op_dec):
      (JSC::JIT::emitSlow_op_mod):
      (JSC::JIT::emit_op_mod):
      (JSC::JIT::compileBinaryArithOpSlowCase):
      (JSC::JIT::emitSlow_op_div):
      * jit/JITArithmetic32_64.cpp:
      (JSC::JIT::emitSlow_op_negate):
      (JSC::JIT::emitSlow_op_lshift):
      (JSC::JIT::emitRightShiftSlowCase):
      (JSC::JIT::emitSlow_op_bitand):
      (JSC::JIT::emitSlow_op_bitor):
      (JSC::JIT::emitSlow_op_bitxor):
      (JSC::JIT::emitSlow_op_inc):
      (JSC::JIT::emitSlow_op_dec):
      (JSC::JIT::emitSlow_op_add):
      (JSC::JIT::emitSlow_op_sub):
      (JSC::JIT::emitSlow_op_mul):
      (JSC::JIT::emitSlow_op_div):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_strcat):
      (JSC::JIT::emitSlow_op_get_callee):
      (JSC::JIT::emitSlow_op_create_this):
      (JSC::JIT::emitSlow_op_to_this):
      (JSC::JIT::emitSlow_op_to_primitive):
      (JSC::JIT::emitSlow_op_not):
      (JSC::JIT::emitSlow_op_bitxor):
      (JSC::JIT::emitSlow_op_bitor):
      (JSC::JIT::emitSlow_op_stricteq):
      (JSC::JIT::emitSlow_op_nstricteq):
      (JSC::JIT::emitSlow_op_to_number):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emitSlow_op_to_primitive):
      (JSC::JIT::emitSlow_op_not):
      (JSC::JIT::emitSlow_op_stricteq):
      (JSC::JIT::emitSlow_op_nstricteq):
      (JSC::JIT::emitSlow_op_to_number):
      (JSC::JIT::emitSlow_op_get_callee):
      (JSC::JIT::emitSlow_op_create_this):
      (JSC::JIT::emitSlow_op_to_this):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159973 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fa3a0000
    • fpizlo@apple.com's avatar
      Stores to local captured variables should be intercepted · 0309686b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124883
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      Previously, in bytecode, you could assign to a captured variable just as you would
      assign to any other kind of variable. This complicates closure variable constant
      inference because we don't have any place where we can intercept stores to captured
      variables in the LLInt.
              
      This patch institutes a policy that only certain instructions can store to captured
      variables. If you interpret those instructions and you are required to notifyWrite()
      then you need to check if the relevant variable is captured. Those instructions are
      tracked in CodeBlock.cpp's VerifyCapturedDef. The main one is simply op_captured_mov.
      In the future, we'll probably modify those instructions to have a pointer directly to
      the VariableWatchpointSet; but for now we just introduce the captured instructions as
      placeholders.
              
      In order to validate that the placeholders are inserted correctly, this patch improves
      the CodeBlock validation to be able to inspect every def in the bytecode. To do that,
      this patch refactors the liveness analysis' use/def calculator to be reusable; it now
      takes a functor for each use or def.
              
      In the process of refactoring the liveness analysis, I noticed that op_enter was
      claiming to def all callee registers. That's wrong; it only defs the non-temporary
      variables. Making that change revealed preexisting bugs in the liveness analysis, since
      now the validator would pick up cases where the bytecode claimed to use a temporary and
      the def calculator never noticed the definition (or the converse - where the bytecode
      was actually not using a temporary but the liveness analysis thought that it was a
      use). This patch fixes a few of those bugs.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/BytecodeLivenessAnalysis.cpp:
      (JSC::stepOverInstruction):
      * bytecode/BytecodeUseDef.h: Added.
      (JSC::computeUsesForBytecodeOffset):
      (JSC::computeDefsForBytecodeOffset):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::isCaptured):
      (JSC::CodeBlock::validate):
      * bytecode/CodeBlock.h:
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolveCallee):
      (JSC::BytecodeGenerator::emitMove):
      (JSC::BytecodeGenerator::isCaptured):
      (JSC::BytecodeGenerator::local):
      (JSC::BytecodeGenerator::constLocal):
      (JSC::BytecodeGenerator::emitNewFunction):
      (JSC::BytecodeGenerator::emitLazyNewFunction):
      (JSC::BytecodeGenerator::emitNewFunctionInternal):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::Local::Local):
      (JSC::Local::isCaptured):
      (JSC::Local::captureMode):
      (JSC::BytecodeGenerator::captureMode):
      (JSC::BytecodeGenerator::emitNode):
      (JSC::BytecodeGenerator::pushOptimisedForIn):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::PostfixNode::emitResolve):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      (JSC::ForInNode::emitBytecode):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/SymbolTable.h:
      (JSC::SymbolTable::isCaptured):
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
      
      * js/regress/captured-assignments-expected.txt: Added.
      * js/regress/captured-assignments.html: Added.
      * js/regress/script-tests/captured-assignments.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159943 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0309686b
    • fpizlo@apple.com's avatar
      Instead of watchpointing activation allocation, we should watchpoint entry... · a4ea0663
      fpizlo@apple.com authored
      Instead of watchpointing activation allocation, we should watchpoint entry into functions that have captured variables
      https://bugs.webkit.org/show_bug.cgi?id=125052
      
      Reviewed by Mark Hahnenberg.
              
      This makes us watch function entry rather than activation creation. We only incur the
      costs of doing so for functions that have captured variables, and only on the first two
      entries into the function. This means that closure variable constant inference will
      naturally work even for local uses of the captured variable, like:
              
          (function(){
              var blah = 42;
              ... // stuff
              function () { ... blah /* we can fold this to 42 */ }
              ... blah // we can also fold this to 42.
          })();
              
      Previously, only the nested use would have been foldable.
      
      * bytecode/BytecodeLivenessAnalysis.cpp:
      (JSC::computeUsesForBytecodeOffset):
      (JSC::computeDefsForBytecodeOffset):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.h:
      (JSC::WatchpointSet::touch):
      (JSC::InlineWatchpointSet::touch):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasSymbolTable):
      * dfg/DFGNodeType.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      * jit/JIT.h:
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_touch_entry):
      * llint/LowLevelInterpreter.asm:
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::SymbolTable):
      * runtime/SymbolTable.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159942 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4ea0663
    • commit-queue@webkit.org's avatar
      [JSC] Get rid of some unused parameters in LLIntSlowPaths.cpp macros · 7ca12a53
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=125075
      
      Patch by Nick Diego Yamane <nick.yamane@openbossa.org> on 2013-12-02
      Reviewed by Michael Saboff.
      
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::handleHostCall): added UNUSED_PARAM(pc).
      (JSC::LLInt::setUpCall): Doesn't pass 'pc' to LLINT_CALL macros.
      (JSC::LLInt::LLINT_SLOW_PATH_DECL): Ditto.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159940 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7ca12a53
    • commit-queue@webkit.org's avatar
      Remove stdio.h from JSC files. · 5e2fce2c
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=125066
      
      Patch by László Langó <lango@inf.u-szeged.hu> on 2013-12-02
      Reviewed by Michael Saboff.
      
      Remove stdio.h, when it is not necessary to be included.
      
      * bytecode/CodeBlock.cpp:
      * bytecode/StructureSet.h:
      * profiler/LegacyProfiler.cpp:
      * profiler/Profile.cpp:
      * profiler/ProfileNode.cpp:
      * yarr/YarrInterpreter.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159937 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5e2fce2c
    • commit-queue@webkit.org's avatar
      Unused include files when building without JIT. · d334b757
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=125062
      
      Patch by László Langó <lango@inf.u-szeged.hu> on 2013-12-02
      Reviewed by Michael Saboff.
      
      We should organize the includes, and guard JIT methods
      in ValueRecovery.
      
      * bytecode/ValueRecovery.cpp: Guard include files.
      * bytecode/ValueRecovery.h: Guard JIT methods.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159936 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d334b757
    • commit-queue@webkit.org's avatar
      [MIPS] Small stack frame causes regressions. · 13da9276
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=124945
      
      Patch by Balazs Kilvady <kilvadyb@homejinni.com> on 2013-12-02
      Reviewed by Michael Saboff.
      
      Fix stack space for LLInt on MIPS.
      
      * llint/LowLevelInterpreter32_64.asm:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159935 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      13da9276
    • commit-queue@webkit.org's avatar
      jsc: implement a native readFile function · d296f384
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=125059
      
      Patch by Brian J. Burg <burg@cs.washington.edu> on 2013-12-02
      Reviewed by Filip Pizlo.
      
      This adds a native readFile() function to jsc, used to slurp
      an entire file into a JavaScript string.
      
      * jsc.cpp:
      (GlobalObject::finishCreation): Add readFile() to globals.
      (functionReadFile): Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159934 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d296f384
    • commit-queue@webkit.org's avatar
      JSC does not build if OPCODE_STATS is enabled. · 2f00452d
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=125011
      
      Patch by László Langó <lango@inf.u-szeged.hu> on 2013-12-02
      Reviewed by Filip Pizlo.
      
      * bytecode/Opcode.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159933 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2f00452d
  4. 30 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      Finally remove those DFG_ENABLE things · ecd97b0c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=125025
      
      Rubber stamped by Sam Weinig.
              
      This removes a bunch of unused and untested insanity.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::tallyFrequentExitSites):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getArrayModeConsideringSlowPath):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      (JSC::DFG::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::convertToJump):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::endIndexForPureCSE):
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::eliminate):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCommon.h:
      (JSC::DFG::verboseCompilationEnabled):
      (JSC::DFG::logCompilationChanges):
      (JSC::DFG::shouldDumpGraphAtEachPhase):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      (JSC::DFG::InPlaceAbstractState::endBasicBlock):
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      (JSC::DFG::InPlaceAbstractState::mergeToSuccessors):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::adjustAndJumpToTarget):
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::run):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::propagateForward):
      (JSC::DFG::PredictionPropagationPhase::propagateBackward):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::use):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::generate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
      (JSC::DFG::SpeculativeJIT::dump):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVariableEventStream.h:
      (JSC::DFG::VariableEventStream::appendAndLog):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159886 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ecd97b0c
  5. 29 Nov, 2013 3 commits
  6. 28 Nov, 2013 5 commits
    • nrotem@apple.com's avatar
      Revert the X86 assembler peephole changes · a47b30a2
      nrotem@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124988
      
      Reviewed by Csaba Osztrogonác.
      
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::add32):
      (JSC::MacroAssemblerX86::add64):
      (JSC::MacroAssemblerX86::or32):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::add32):
      (JSC::MacroAssemblerX86Common::or32):
      (JSC::MacroAssemblerX86Common::branchAdd32):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::add32):
      (JSC::MacroAssemblerX86_64::or32):
      (JSC::MacroAssemblerX86_64::add64):
      (JSC::MacroAssemblerX86_64::or64):
      (JSC::MacroAssemblerX86_64::xor64):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159855 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a47b30a2
    • antti@apple.com's avatar
      Remove feature: CSS variables · c6dce2e5
      antti@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114119
      
      .: 
      
      Reviewed by Andreas Kling.
      
      * Source/cmakeconfig.h.cmake:
      
      Source/JavaScriptCore: 
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore: 
      
      Reviewed by Andreas Kling.
              
      The feature is unmaintained and it is getting in the way of refactoring. Code quality is not up to
      WebKit standards either.
      
      * Configurations/FeatureDefines.xcconfig:
      * GNUmakefile.list.am:
      * WebCore.xcodeproj/project.pbxproj:
      * css/CSSBasicShapes.cpp:
      * css/CSSBasicShapes.h:
      * css/CSSCalculationValue.cpp:
      (WebCore::unitCategory):
      (WebCore::hasDoubleValue):
      (WebCore::CSSCalcPrimitiveValue::toCalcValue):
      (WebCore::CSSCalcPrimitiveValue::computeLengthPx):
      (WebCore::determineCategory):
      (WebCore::CSSCalcBinaryOperation::primitiveType):
      * css/CSSCalculationValue.h:
      * css/CSSComputedStyleDeclaration.cpp:
      (WebCore::ComputedStyleExtractor::propertyValue):
      * css/CSSGrammar.y.in:
      * css/CSSParser.cpp:
      (WebCore::CSSParserContext::CSSParserContext):
      (WebCore::operator==):
      (WebCore::filterProperties):
      (WebCore::CSSParser::createStylePropertySet):
      (WebCore::CSSParser::addProperty):
      (WebCore::CSSParser::validCalculationUnit):
      (WebCore::CSSParser::validUnit):
      (WebCore::CSSParser::createPrimitiveNumericValue):
      (WebCore::CSSParser::parseValidPrimitive):
      (WebCore::CSSParser::parseValue):
      (WebCore::CSSParser::parseReflect):
      (WebCore::CSSParser::detectDashToken):
      (WebCore::CSSParser::realLex):
      * css/CSSParser.h:
      * css/CSSParserMode.h:
      * css/CSSParserValues.cpp:
      (WebCore::CSSParserValue::createCSSValue):
      * css/CSSParserValues.h:
      * css/CSSPrimitiveValue.cpp:
      (WebCore::isValidCSSUnitTypeForDoubleConversion):
      (WebCore::CSSPrimitiveValue::primitiveType):
      (WebCore::CSSPrimitiveValue::cleanup):
      (WebCore::CSSPrimitiveValue::getStringValue):
      (WebCore::CSSPrimitiveValue::customCSSText):
      (WebCore::CSSPrimitiveValue::equals):
      * css/CSSPrimitiveValue.h:
      * css/CSSPrimitiveValueMappings.h:
      (WebCore::CSSPrimitiveValue::convertToLength):
      * css/CSSProperty.cpp:
      * css/CSSProperty.h:
      (WebCore::CSSProperty::CSSProperty):
      * css/CSSReflectValue.cpp:
      * css/CSSReflectValue.h:
      * css/CSSValue.cpp:
      (WebCore::CSSValue::equals):
      (WebCore::CSSValue::cssText):
      (WebCore::CSSValue::destroy):
      * css/CSSValue.h:
      (WebCore::CSSValue::setCssText):
      * css/CSSValueList.cpp:
      * css/CSSValueList.h:
      * css/CSSVariableValue.h: Removed.
      * css/Pair.h:
      * css/Rect.h:
      * css/StylePropertySet.cpp:
      (WebCore::StylePropertySet::asText):
      (WebCore::StylePropertySet::PropertyReference::cssName):
      * css/StyleResolver.cpp:
      (WebCore::StyleResolver::styleForPage):
      (WebCore::StyleResolver::applyProperties):
      (WebCore::StyleResolver::applyMatchedProperties):
      (WebCore::StyleResolver::applyProperty):
      * css/StyleResolver.h:
      * css/WebKitCSSTransformValue.cpp:
      * css/WebKitCSSTransformValue.h:
      (WebCore::WebKitCSSTransformValue::equals):
      * css/makeprop.pl:
      * page/Settings.cpp:
      (WebCore::Settings::Settings):
      * page/Settings.h:
      * rendering/style/RenderStyle.h:
      * rendering/style/StyleRareInheritedData.cpp:
      (WebCore::StyleRareInheritedData::StyleRareInheritedData):
      (WebCore::StyleRareInheritedData::operator==):
      * rendering/style/StyleRareInheritedData.h:
      * rendering/style/StyleVariableData.h: Removed.
      * testing/InternalSettings.cpp:
      (WebCore::InternalSettings::Backup::Backup):
      (WebCore::InternalSettings::Backup::restoreTo):
      * testing/InternalSettings.h:
      * testing/InternalSettings.idl:
      
      Source/WebKit/mac: 
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2: 
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WTF: 
      
      Reviewed by Andreas Kling.
      
      * wtf/FeatureDefines.h:
      
      Tools: 
      
      Reviewed by Andreas Kling.
      
      * Scripts/webkitperl/FeatureList.pm:
      
      LayoutTests: 
      
      Reviewed by Andreas Kling.
      
      * fast/css/variables: Removed.
      * fast/css/variables/border-width-expected.html: Removed.
      * fast/css/variables/border-width.html: Removed.
      * fast/css/variables/build-supports-variables-expected.txt: Removed.
      * fast/css/variables/build-supports-variables.html: Removed.
      * fast/css/variables/calc-expected.html: Removed.
      * fast/css/variables/calc-inside-calc-expected.html: Removed.
      * fast/css/variables/calc-inside-calc.html: Removed.
      * fast/css/variables/calc-invalid-value-expected.html: Removed.
      * fast/css/variables/calc-invalid-value.html: Removed.
      * fast/css/variables/calc-invalid-variable-expected.html: Removed.
      * fast/css/variables/calc-invalid-variable.html: Removed.
      * fast/css/variables/calc-negated-variable-expected.html: Removed.
      * fast/css/variables/calc-negated-variable.html: Removed.
      * fast/css/variables/calc-vw-crash-expected.txt: Removed.
      * fast/css/variables/calc-vw-crash.html: Removed.
      * fast/css/variables/calc.html: Removed.
      * fast/css/variables/case-sensitive-expected.html: Removed.
      * fast/css/variables/case-sensitive.html: Removed.
      * fast/css/variables/colors-test-expected.html: Removed.
      * fast/css/variables/colors-test.html: Removed.
      * fast/css/variables/complex-cycle-expected.html: Removed.
      * fast/css/variables/complex-cycle.html: Removed.
      * fast/css/variables/computed-style-expected.html: Removed.
      * fast/css/variables/computed-style.html: Removed.
      * fast/css/variables/deferred-image-load-from-variable-expected.txt: Removed.
      * fast/css/variables/deferred-image-load-from-variable.html: Removed.
      * fast/css/variables/inherited-values-expected.html: Removed.
      * fast/css/variables/inherited-values.html: Removed.
      * fast/css/variables/inline-styles-expected.html: Removed.
      * fast/css/variables/inline-styles.html: Removed.
      * fast/css/variables/invalid-font-reference-expected.txt: Removed.
      * fast/css/variables/invalid-font-reference.html: Removed.
      * fast/css/variables/invalid-shorthand-expected.html: Removed.
      * fast/css/variables/invalid-shorthand.html: Removed.
      * fast/css/variables/invalid-value-list-crash-expected.txt: Removed.
      * fast/css/variables/invalid-value-list-crash.html: Removed.
      * fast/css/variables/invalid-variable-value-expected.html: Removed.
      * fast/css/variables/invalid-variable-value.html: Removed.
      * fast/css/variables/multi-level-cycle-expected.html: Removed.
      * fast/css/variables/multi-level-cycle.html: Removed.
      * fast/css/variables/redefinition-expected.html: Removed.
      * fast/css/variables/redefinition.html: Removed.
      * fast/css/variables/root-background-size-expected.html: Removed.
      * fast/css/variables/root-background-size.html: Removed.
      * fast/css/variables/shorthand-expected.html: Removed.
      * fast/css/variables/shorthand.html: Removed.
      * fast/css/variables/simple-cycle-expected.html: Removed.
      * fast/css/variables/simple-cycle.html: Removed.
      * fast/css/variables/transform-test-expected.html: Removed.
      * fast/css/variables/transform-test.html: Removed.
      * fast/css/variables/undefined-expected.html: Removed.
      * fast/css/variables/undefined.html: Removed.
      * fast/css/variables/use-before-defined-expected.html: Removed.
      * fast/css/variables/use-before-defined.html: Removed.
      * fast/css/variables/var-filter-expected.txt: Removed.
      * fast/css/variables/var-filter.html: Removed.
      * fast/css/variables/var-inside-box-reflect-expected.html: Removed.
      * fast/css/variables/var-inside-box-reflect.html: Removed.
      * fast/css/variables/var-inside-pair-expected.html: Removed.
      * fast/css/variables/var-inside-pair.html: Removed.
      * fast/css/variables/var-inside-quad-expected.html: Removed.
      * fast/css/variables/var-inside-quad.html: Removed.
      * fast/css/variables/var-inside-shape-expected.html: Removed.
      * fast/css/variables/var-inside-shape.html: Removed.
      * fast/css/variables/var-inside-shorthand-expected.html: Removed.
      * fast/css/variables/var-inside-shorthand.html: Removed.
      * fast/css/variables/variable-chain-expected.html: Removed.
      * fast/css/variables/variable-chain.html: Removed.
      * fast/css/variables/variable-unparseable-value-crash-expected.txt: Removed.
      * fast/css/variables/variable-unparseable-value-crash.html: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159842 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6dce2e5
    • ossy@webkit.org's avatar
      Typo fix after r159834 to fix 32 bit builds. · 5ead1b70
      ossy@webkit.org authored
      Patch by Peter Gal <galpeter@inf.u-szeged.hu> on 2013-11-28
      Reviewed by Csaba Osztrogonác.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159836 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5ead1b70
    • nrotem@apple.com's avatar
      Add a bunch of early exits and local optimizations to the x86 assembler. · c38f566f
      nrotem@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124904
      
      Reviewed by Filip Pizlo.
      
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::add32):
      (JSC::MacroAssemblerX86::add64):
      (JSC::MacroAssemblerX86::or32):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::add32):
      (JSC::MacroAssemblerX86Common::or32):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::add32):
      (JSC::MacroAssemblerX86_64::or32):
      (JSC::MacroAssemblerX86_64::add64):
      (JSC::MacroAssemblerX86_64::or64):
      (JSC::MacroAssemblerX86_64::xor64):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159835 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c38f566f
    • fpizlo@apple.com's avatar
      Infer one-time scopes · 1a72409c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124812
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This detects JSActivations that are created only once. The JSActivation pointer is then
      baked into the machine code.
              
      This takes advantage of the one-time scope inference to reduce the number of
      indirections needed to get to a closure variable in case where the scope is only
      allocated once. This isn't really a speed-up since in the common case the total number
      of instruction bytes needed to load the scope from the stack is about equal to the
      number of instruction bytes needed to materialize the absolute address of a scoped
      variable. But, this is a necessary prerequisite to
      https://bugs.webkit.org/show_bug.cgi?id=124630, so it's probably a good idea anyway.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.h:
      (JSC::WatchpointSet::notifyWrite):
      (JSC::InlineWatchpointSet::notifyWrite):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolveScope):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::tryGetRegisters):
      * dfg/DFGGraph.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::varNumber):
      (JSC::DFG::Node::hasSymbolTable):
      (JSC::DFG::Node::symbolTable):
      * dfg/DFGNodeType.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      * runtime/JSScope.cpp:
      (JSC::abstractAccess):
      (JSC::JSScope::abstractResolve):
      * runtime/JSScope.h:
      (JSC::ResolveOp::ResolveOp):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::registers):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::SymbolTable):
      * runtime/SymbolTable.h:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * js/regress/infer-one-time-closure-expected.txt: Added.
      * js/regress/infer-one-time-closure-ten-vars-expected.txt: Added.
      * js/regress/infer-one-time-closure-ten-vars.html: Added.
      * js/regress/infer-one-time-closure-two-vars-expected.txt: Added.
      * js/regress/infer-one-time-closure-two-vars.html: Added.
      * js/regress/infer-one-time-closure.html: Added.
      * js/regress/infer-one-time-deep-closure-expected.txt: Added.
      * js/regress/infer-one-time-deep-closure.html: Added.
      * js/regress/script-tests/infer-one-time-closure-ten-vars.js: Added.
      * js/regress/script-tests/infer-one-time-closure-two-vars.js: Added.
      * js/regress/script-tests/infer-one-time-closure.js: Added.
      * js/regress/script-tests/infer-one-time-deep-closure.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159834 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1a72409c
  7. 27 Nov, 2013 4 commits
    • fpizlo@apple.com's avatar
      Finally fix some obvious Bartlett bugs · 7969ed73
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124951
      
      Reviewed by Mark Hahnenberg.
              
      Sanitize the stack (i.e. zero parts of it known to be dead) at three key points:
              
      - GC.
              
      - At beginning of OSR entry.
              
      - Just as we finish preparing OSR entry. This clears those slots on the stack that
        could have been live in baseline but that are known to be dead in DFG.
              
      This is as much as a 2x speed-up on splay if you run it in certain modes, and run it
      for a long enough interval. It appears to fix all instances of the dreaded exponential
      heap growth that splay gets into when some stale pointer stays around.
              
      This doesn't have much of an effect on real-world programs. This bug has only ever
      manifested in splay and for that reason we thus far opted against fixing it. But splay
      is, for what it's worth, the premiere GC stress test in JavaScript - so making sure we
      can run it without pathologies - even when you tweak its configuration - is probably
      fairly important.
      
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      (JSC::JSStack::sanitizeStack):
      * interpreter/JSStack.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7969ed73
    • fpizlo@apple.com's avatar
      Do bytecode validation as part of testing · 2eb67eca
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124913
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Also fix some small bugs in the bytecode liveness analysis that I found by doing
      this validation thingy.
      
      * bytecode/BytecodeLivenessAnalysis.cpp:
      (JSC::isValidRegisterForLiveness):
      (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::validate):
      (JSC::CodeBlock::beginValidationDidFail):
      (JSC::CodeBlock::endValidationDidFail):
      * bytecode/CodeBlock.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Options.h:
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
      
      * GNUmakefile.list.am:
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/CMakeLists.txt:
      * wtf/FastBitVector.cpp: Added.
      (WTF::FastBitVector::dump):
      * wtf/FastBitVector.h:
      (WTF::FastBitVector::resize):
      (WTF::FastBitVector::bitCount):
      (WTF::FastBitVector::arrayLength):
      
      Tools: 
      
      Reviewed by Oliver Hunt.
      
      * Scripts/run-jsc-stress-tests:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159825 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2eb67eca
    • akling@apple.com's avatar
      Structure::m_staticFunctionReified should be a single bit. · 19f333b6
      akling@apple.com authored
      <https://webkit.org/b/124912>
      
      Shave 8 bytes off of JSC::Structure by jamming m_staticFunctionReified
      into the bitfield just above.
      
      Reviewed by Antti Koivisto.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159814 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19f333b6
    • akling@apple.com's avatar
      JSActivation constructor should use NotNull placement new. · db1716a4
      akling@apple.com authored
      <https://webkit.org/b/124909>
      
      Knock a null check outta the storage initialization loop.
      
      Reviewed by Antti Koivisto.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159813 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      db1716a4
  8. 26 Nov, 2013 4 commits
    • fpizlo@apple.com's avatar
      Restructure global variable constant inference so that it could work for any... · 8646834a
      fpizlo@apple.com authored
      Restructure global variable constant inference so that it could work for any kind of symbol table variable
      https://bugs.webkit.org/show_bug.cgi?id=124760
      
      Reviewed by Oliver Hunt.
              
      This changes the way global variable constant inference works so that it can be reused
      for closure variable constant inference. Some of the premises that originally motivated
      this patch are somewhat wrong, but it led to some simplifications anyway and I suspect
      that we'll be able to fix those premises in the future. The main point of this patch is
      to make it easy to reuse global variable constant inference for closure variable
      constant inference, and this will be possible provided we can also either (a) infer
      one-shot closures (easy) or (b) infer closure variables that are always assigned prior
      to first use.
              
      One of the things that this patch is meant to enable is constant inference for closure
      variables that may be part of a multi-shot closure. Closure variables may be
      instantiated multiple times, like:
              
          function foo() {
              var WIDTH = 45;
              function bar() {
                  ... use WIDTH ...
              }
              ...
          }
              
      Even if foo() is called many times and WIDTH is assigned to multiple times, that
      doesn't change the fact that it's a constant. The goal of closure variable constant
      inference is to catch any case where a closure variable has been assigned at least once
      and its value has never changed. This patch doesn't implement that, but it does change
      global variable constant inference to have most of the powers needed to do that. Note
      that most likely we will use this functionality only to implement constant inference
      for one-shot closures, but the resulting machinery is still simpler than what we had
      before.
              
      This involves three changes:
              
          - The watchpoint object now contains the inferred value. This involves creating a
            new kind of watchpoint set, the VariableWatchpointSet. We will reuse this object
            for closure variables.
              
          - Writing to a variable that is watchpointed still involves these three states that
            we proceed through monotonically (Uninitialized->Initialized->Invalidated) but
            now, the Initialized->Invalidated state transition only happens if we change the
            variable's value, rather than store to the variable. Repeatedly storing the same
            value won't change the variable's state.
              
          - On 64-bit systems (the only systems on which we do concurrent JIT), you no longer
            need fancy fencing to get a consistent view of the watchpoint in the JIT. The
            state of the VariableWatchpointSet for the purposes of constant folding is
            entirely encapsulated in the VariableWatchpointSet::m_inferredValue. If that is
            JSValue() then you cannot fold (either because the set is uninitialized or
            because it's invalidated - doesn't matter which); on the other hand if the value
            is anything other than JSValue() then you can fold, and that's the value you fold
            to. Simple!
              
      This also changes the way that DFG IR deals with variable watchpoints. It's now
      oblivious to global variables. You install a watchpoint using VariableWatchpoint and
      you notify write using NotifyWrite. Easy!
              
      Note that this will requires some more tweaks because of the fact that op_enter will
      store Undefined into every captured variable. Hence it won't even work for one-shot
      closures. One-shot closures are easily fixed by introducing another state (so we'll
      have Uninitialized->Undefined->Initialized->Invalidated). Multi-shot closures will
      require static analysis. One-shot closures are clearly a higher priority.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Instruction.h:
      * bytecode/VariableWatchpointSet.h: Added.
      (JSC::VariableWatchpointSet::VariableWatchpointSet):
      (JSC::VariableWatchpointSet::~VariableWatchpointSet):
      (JSC::VariableWatchpointSet::inferredValue):
      (JSC::VariableWatchpointSet::notifyWrite):
      (JSC::VariableWatchpointSet::invalidate):
      (JSC::VariableWatchpointSet::finalizeUnconditionally):
      (JSC::VariableWatchpointSet::addressOfInferredValue):
      * bytecode/Watchpoint.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::hasVariableWatchpointSet):
      (JSC::DFG::Node::variableWatchpointSet):
      * dfg/DFGNodeType.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileNotifyWrite):
      * jit/JIT.h:
      * jit/JITOperations.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitNotifyWrite):
      (JSC::JIT::emitPutGlobalVar):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emitNotifyWrite):
      (JSC::JIT::emitPutGlobalVar):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::addGlobalVar):
      (JSC::JSGlobalObject::addFunction):
      * runtime/JSGlobalObject.h:
      * runtime/JSScope.h:
      (JSC::ResolveOp::ResolveOp):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTableEntry::inferredValue):
      (JSC::SymbolTableEntry::prepareToWatch):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTable::visitChildren):
      (JSC::SymbolTable::WatchpointCleanup::WatchpointCleanup):
      (JSC::SymbolTable::WatchpointCleanup::~WatchpointCleanup):
      (JSC::SymbolTable::WatchpointCleanup::finalizeUnconditionally):
      * runtime/SymbolTable.h:
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159798 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8646834a
    • fpizlo@apple.com's avatar
      Create a new SymbolTable every time code is loaded so that the watchpoints don't get reused · 022f368a
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124824
      
      Reviewed by Oliver Hunt.
              
      This helps with one shot closure inference as well as closure variable constant
      inference, since without this, if code was reloaded from the cache then we would
      think that the first run was actually an Nth run. This would cause us to think that
      the watchpoint(s) should all be invalidated.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::symbolTable):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::symbolTable):
      * runtime/Executable.h:
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::clone):
      * runtime/SymbolTable.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159795 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      022f368a
    • oliver@apple.com's avatar
      Crash in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char>... · 6d34acaa
      oliver@apple.com authored
      Crash in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseUnaryExpression<JSC::ASTBuilder>(JSC::ASTBuilder&)
      https://bugs.webkit.org/show_bug.cgi?id=124886
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore:
      
      Make sure the error macros propagate an existing error before
      trying to create a new error message.  We need to do this as
      the parser state may not be safe for any specific error message
      if we are already unwinding due to an error.
      
      * parser/Parser.cpp:
      
      LayoutTests:
      
      Add tests
      
      * js/parser-syntax-check-expected.txt:
      * js/script-tests/parser-syntax-check.js:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159790 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6d34acaa
    • nrotem@apple.com's avatar
      Optimize away OR with zero - a common ASM.js pattern. · f76bdaa9
      nrotem@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124869
      
      Reviewed by Filip Pizlo.
      
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159783 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f76bdaa9
  9. 25 Nov, 2013 1 commit
  10. 24 Nov, 2013 1 commit
  11. 22 Nov, 2013 2 commits
    • mhahnenberg@apple.com's avatar
      JSC Obj-C API should have real documentation · fc0b6729
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124805
      
      Reviewed by Geoffrey Garen.
      
      Massaging the header comments into proper headerdocs.
      
      * API/JSContext.h:
      * API/JSExport.h:
      * API/JSManagedValue.h:
      * API/JSValue.h:
      * API/JSVirtualMachine.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159723 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fc0b6729
    • fpizlo@apple.com's avatar
      CodeBlock::m_numCalleeRegisters shouldn't also mean frame size, frame size... · 81bb8bb3
      fpizlo@apple.com authored
      CodeBlock::m_numCalleeRegisters shouldn't also mean frame size, frame size needed for exit, or any other unrelated things
      https://bugs.webkit.org/show_bug.cgi?id=124793
      
      Reviewed by Mark Hahnenberg.
              
      Now m_numCalleeRegisters always refers to the number of locals that the attached
      bytecode uses. It never means anything else.
              
      For frame size, we now have it lazily computed from m_numCalleeRegisters for the
      baseline engines and we have it stored in DFG::CommonData for the optimizing JITs.
              
      For frame-size-needed-at-exit, we store that in DFG::CommonData, too.
              
      The code no longer implies that there is any arithmetic relationship between
      m_numCalleeRegisters and frameSize. Previously it implied that the latter is greater
      than the former.
              
      The code no longer implies that there is any arithmetic relationship between the
      frame Size and the frame-size-needed-at-exit. Previously it implied that the latter
      is greater that the former.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::frameRegisterCount):
      * bytecode/CodeBlock.h:
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      (JSC::DFG::CommonData::requiredRegisterCountForExecutionAndExit):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::frameRegisterCount):
      (JSC::DFG::Graph::requiredRegisterCountForExit):
      (JSC::DFG::Graph::requiredRegisterCountForExecutionAndExit):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      * ftl/FTLOSREntry.cpp:
      (JSC::FTL::prepareOSREntry):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::frameExtentInternal):
      * interpreter/JSStackInlines.h:
      (JSC::JSStack::pushFrame):
      * jit/JIT.h:
      (JSC::JIT::frameRegisterCountFor):
      * jit/JITOperations.cpp:
      * llint/LLIntEntrypoint.cpp:
      (JSC::LLInt::frameRegisterCountFor):
      * llint/LLIntEntrypoint.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159721 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      81bb8bb3