1. 08 Jul, 2011 1 commit
  2. 27 Jun, 2011 2 commits
    • rniwa@webkit.org's avatar
      2011-06-27 Ryosuke Niwa <rniwa@webkit.org> · e1d2109c
      rniwa@webkit.org authored
              Build fix attempt after r89885.
      
              * JavaScriptCore.exp:
              * jsc.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89887 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e1d2109c
    • oliver@apple.com's avatar
      2011-06-27 Oliver Hunt <oliver@apple.com> · 1db480d3
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Support throwing away non-running code even while other code is running
              https://bugs.webkit.org/show_bug.cgi?id=63485
      
              Add a function to CodeBlock to support unlinking direct linked callsites,
              and then with that in place add logic to discard code from any function
              that is not currently on the stack.
      
              The unlinking completely reverts any optimized call sites, such that they
              may be relinked again in future.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::unlinkCalls):
              (JSC::CodeBlock::clearEvalCache):
              * bytecode/CodeBlock.h:
              (JSC::CallLinkInfo::CallLinkInfo):
              (JSC::CallLinkInfo::unlink):
              * bytecode/EvalCodeCache.h:
              (JSC::EvalCodeCache::clear):
              * heap/Heap.cpp:
              (JSC::Heap::getConservativeRegisterRoots):
              * heap/Heap.h:
              * jit/JIT.cpp:
              (JSC::JIT::privateCompile):
              * jit/JIT.h:
              * jit/JITCall.cpp:
              (JSC::JIT::compileOpCall):
              * jit/JITWriteBarrier.h:
              (JSC::JITWriteBarrierBase::clear):
              * jsc.cpp:
              (GlobalObject::GlobalObject):
              (functionReleaseExecutableMemory):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::unlinkCalls):
              (JSC::ProgramExecutable::unlinkCalls):
              (JSC::FunctionExecutable::discardCode):
              (JSC::FunctionExecutable::unlinkCalls):
              * runtime/Executable.h:
              * runtime/JSGlobalData.cpp:
              (JSC::SafeRecompiler::returnValue):
              (JSC::SafeRecompiler::operator()):
              (JSC::JSGlobalData::releaseExecutableMemory):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89885 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1db480d3
  3. 17 Jun, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-06-16 Geoffrey Garen <ggaren@apple.com> · 69f77964
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Added some write barrier action, compiled out by default
              https://bugs.webkit.org/show_bug.cgi?id=62844
      
              * JavaScriptCore.exp: Build!
      
              * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
              issue with Heap.cpp.
      
              * heap/Heap.cpp:
              (JSC::Heap::writeBarrierSlowCase):
              * heap/Heap.h:
              (JSC::Heap::writeBarrier):
              * heap/MarkedBlock.h:
              (JSC::MarkedBlock::isAtomAligned):
              (JSC::MarkedBlock::blockFor):
              (JSC::MarkedBlock::atomNumber):
              (JSC::MarkedBlock::ownerSetNumber):
              (JSC::MarkedBlock::addOldSpaceOwner):
              (JSC::MarkedBlock::OwnerSet::OwnerSet):
              (JSC::MarkedBlock::OwnerSet::add):
              (JSC::MarkedBlock::OwnerSet::clear):
              (JSC::MarkedBlock::OwnerSet::size):
              (JSC::MarkedBlock::OwnerSet::didOverflow):
              (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
              tracks owners for regions within blocks. Currently unused.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89156 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      69f77964
  4. 16 Jun, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-06-16 Geoffrey Garen <ggaren@apple.com> · 6e1f8c1b
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Introduced SlotVisitor into the project
              https://bugs.webkit.org/show_bug.cgi?id=62820
              
              This resolves a class vs typedef forward declaration issue, and gives all
              exported symbols the correct names.
      
              * CMakeLists.txt:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * JavaScriptCore.xcodeproj/project.pbxproj: Build!
      
              * bytecode/EvalCodeCache.h:
              * heap/HandleHeap.h:
              * heap/Heap.cpp:
              (JSC::Heap::Heap):
              (JSC::Heap::markRoots):
              * heap/Heap.h:
              * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
              clients operate on a MarkStack.
      
              * heap/MarkStack.cpp:
              (JSC::SlotVisitor::visitChildren):
              (JSC::SlotVisitor::drain):
              * heap/SlotVisitor.h: Added.
              (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
              inheritance to give SlotVisitor all the attributes of MarkStack without
              making this change giant. Over time, we will move more behavior into
              SlotVisitor and its subclasses.
      
              * heap/MarkStack.h:
              * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
              clients operate on a MarkStack.
      
              * runtime/ArgList.h:
              * runtime/JSCell.h:
              * runtime/JSObject.h:
              * runtime/ScopeChain.h:
              * runtime/SmallStrings.h:
              * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
              clients operate on a MarkStack.
      2011-06-16  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Introduced SlotVisitor into the project
              https://bugs.webkit.org/show_bug.cgi?id=62820
      
              This resolves a class vs typedef forward declaration issue, and gives all
              exported symbols the correct names.
      
              * dom/EventListener.h:
              * dom/Node.h:
              * dom/NodeFilterCondition.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89069 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6e1f8c1b
  5. 10 Jun, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=16777 · f1fa579d
      barraclough@apple.com authored
      Eliminate JSC::NaN and JSC::Inf
      
      Reviewed by Sam Weinig.
      
      There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
      The ones in std::numeric_limits are perfectly good.
      Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::toNumber):
      * API/JSValueRef.cpp:
      (JSValueMakeNumber):
      (JSValueToNumber):
      * JavaScriptCore.exp:
      * runtime/CachedTranscendentalFunction.h:
      (JSC::CachedTranscendentalFunction::initialize):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateInstanceCache.h:
      (JSC::DateInstanceData::DateInstanceData):
      (JSC::DateInstanceCache::reset):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSValue::getPrimitiveNumber):
      (JSC::JSCell::JSValue::toNumber):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::resetDateCache):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncParseInt):
      (JSC::globalFuncIsFinite):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::toNumber):
      * runtime/JSValue.cpp:
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::jsNaN):
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax):
      (JSC::mathProtoFuncMin):
      * runtime/NumberConstructor.cpp:
      (JSC::numberConstructorNegInfinity):
      (JSC::numberConstructorPosInfinity):
      * runtime/NumberPrototype.cpp:
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      * runtime/UString.cpp:
      * wtf/DecimalNumber.h:
      (WTF::DecimalNumber::DecimalNumber):
      * wtf/dtoa.cpp:
      (WTF::dtoa):
      
      Source/WebCore: 
      
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f1fa579d
  6. 09 Jun, 2011 2 commits
    • ggaren@apple.com's avatar
      2011-06-08 Geoffrey Garen <ggaren@apple.com> · 8a23d6ad
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Factored a bunch of Heap functionality into stand-alone functors
              https://bugs.webkit.org/show_bug.cgi?id=62337
              
              This is in preparation for making these functors operate on arbitrary
              sets of MarkedBlocks.
      
              * JavaScriptCore.exp: This file is a small tragedy.
      
              * debugger/Debugger.cpp:
              (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
      
              * heap/HandleHeap.h:
              (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
              strong handles, so we can play along in the functor game.
      
              * heap/Heap.cpp:
              (JSC::CountFunctor::CountFunctor::CountFunctor):
              (JSC::CountFunctor::CountFunctor::count):
              (JSC::CountFunctor::CountFunctor::returnValue):
              (JSC::CountFunctor::ClearMarks::operator()):
              (JSC::CountFunctor::ResetAllocator::operator()):
              (JSC::CountFunctor::Sweep::operator()):
              (JSC::CountFunctor::MarkCount::operator()):
              (JSC::CountFunctor::Size::operator()):
              (JSC::CountFunctor::Capacity::operator()):
              (JSC::CountFunctor::Count::operator()):
              (JSC::CountFunctor::CountIfGlobalObject::operator()):
              (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
              (JSC::CountFunctor::TakeIfEmpty::operator()):
              (JSC::CountFunctor::TakeIfEmpty::returnValue):
              (JSC::CountFunctor::RecordType::RecordType):
              (JSC::CountFunctor::RecordType::typeName):
              (JSC::CountFunctor::RecordType::operator()):
              (JSC::CountFunctor::RecordType::returnValue): These functors factor out
              behavior that used to be in the functions below.
      
              (JSC::Heap::clearMarks):
              (JSC::Heap::sweep):
              (JSC::Heap::objectCount):
              (JSC::Heap::size):
              (JSC::Heap::capacity):
              (JSC::Heap::protectedGlobalObjectCount):
              (JSC::Heap::protectedObjectCount):
              (JSC::Heap::protectedObjectTypeCounts):
              (JSC::Heap::objectTypeCounts):
              (JSC::Heap::resetAllocator):
              (JSC::Heap::freeBlocks):
              (JSC::Heap::shrink): Factored out behavior into the functors above.
      
              * heap/Heap.h:
              (JSC::Heap::forEachProtectedCell):
              (JSC::Heap::forEachCell):
              (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
              functor-based templates instead of plain iterators because they're simpler
              to implement in this case and they require a lot less code at the call site.
      
              * heap/MarkedBlock.h:
              (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
              trivial functors.
      
              (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
              we have a few different kind of "for each" now.
      
              * runtime/JSGlobalData.cpp:
              (WTF::Recompile::operator()):
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
      
              * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88473 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8a23d6ad
    • loislo@chromium.org's avatar
      2011-06-08 Mikołaj Małecki <m.malecki@samsung.com> · 497dc2fa
      loislo@chromium.org authored
              Reviewed by Pavel Feldman.
      
              Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
              https://bugs.webkit.org/show_bug.cgi?id=52791
      
              No new tests. The problem can be reproduced by trying to create InspectorValue
              from 1.0e-100 and call ->toJSONString() on this.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              export 2 functions DecimalNumber::bufferLengthForStringExponential and
              DecimalNumber::toStringExponential.
      
      2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
      
              Reviewed by Pavel Feldman.
      
              Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
              https://bugs.webkit.org/show_bug.cgi?id=52791
      
              No new tests. The problem can be reproduced by trying to create InspectorValue
              from 1.0e-100 and call ->toJSONString() on this.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              export 2 functions DecimalNumber::bufferLengthForStringExponential and
              DecimalNumber::toStringExponential.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88444 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      497dc2fa
  7. 08 Jun, 2011 3 commits
  8. 01 Jun, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-31 Oliver Hunt <oliver@apple.com> · 6f34f97c
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Freezing a function and its prototype causes browser to crash.
              https://bugs.webkit.org/show_bug.cgi?id=61758
      
              Add test to ensure correct behaviour
      
              * fast/js/preventExtensions-expected.txt:
              * fast/js/script-tests/preventExtensions.js:
              (f):
      2011-05-31  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Freezing a function and its prototype causes browser to crash.
              https://bugs.webkit.org/show_bug.cgi?id=61758
      
              Make JSObject::preventExtensions virtual so that we can override it
              and instantiate all lazy
      
              * JavaScriptCore.exp:
              * runtime/JSFunction.cpp:
              (JSC::createPrototypeProperty):
              (JSC::JSFunction::preventExtensions):
              (JSC::JSFunction::getOwnPropertySlot):
              * runtime/JSFunction.h:
              * runtime/JSObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::seal):
              (JSC::JSObject::seal):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6f34f97c
  9. 29 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-29 Geoffrey Garen <ggaren@apple.com> · 58c6e459
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              Some heap refactoring
              https://bugs.webkit.org/show_bug.cgi?id=61704
              
              SunSpider says no change.
      
              * JavaScriptCore.exp: Export!
      
              * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
      
              (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
      
              (JSC::Heap::allocate): Changed inline allocation code to only select the
              size class, since this can be optimized out at compile time -- everything
              else is now inlined into this out-of-line function.
              
              No need to duplicate ASSERTs made in our caller.
      
              * heap/Heap.h:
              (JSC::Heap::heap):
              (JSC::Heap::isMarked):
              (JSC::Heap::testAndSetMarked):
              (JSC::Heap::testAndClearMarked):
              (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
              a layer of indirection through MarkedSpace.
      
              (JSC::Heap::allocate): See above.
      
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::create):
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
      
              * heap/MarkedSpace.cpp:
              (JSC::MarkedSpace::MarkedSpace):
              (JSC::MarkedSpace::allocateBlock):
              * heap/MarkedSpace.h:
              (JSC::MarkedSpace::allocate): Updated to match changes above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      58c6e459
  10. 26 May, 2011 1 commit
  11. 25 May, 2011 3 commits
    • oliver@apple.com's avatar
      2011-05-25 Oliver Hunt <oliver@apple.com> · 5652af77
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make RegExp GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=61490
      
              Make RegExp GC allocated.  Basically mechanical change to replace
              most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
              where actual ownership happens.
      
              Made the RegExpCache use Strong<> references currently to avoid any
              changes in behaviour.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::visitAggregate):
              * bytecode/CodeBlock.h:
              (JSC::CodeBlock::addRegExp):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::addRegExp):
              (JSC::BytecodeGenerator::emitNewRegExp):
              * bytecompiler/BytecodeGenerator.h:
              * runtime/JSCell.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::clearBuiltinStructures):
              (JSC::JSGlobalData::addRegExpToTrace):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/RegExp.cpp:
              (JSC::RegExp::RegExp):
              (JSC::RegExp::create):
              (JSC::RegExp::invalidateCode):
              * runtime/RegExp.h:
              (JSC::RegExp::createStructure):
              * runtime/RegExpCache.cpp:
              (JSC::RegExpCache::lookupOrCreate):
              (JSC::RegExpCache::create):
              * runtime/RegExpCache.h:
              * runtime/RegExpConstructor.cpp:
              (JSC::constructRegExp):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::RegExpObject):
              (JSC::RegExpObject::visitChildren):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::setRegExp):
              (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              (JSC::regExpProtoFuncCompile):
              * runtime/RegExpPrototype.h:
              * runtime/StringPrototype.cpp:
              (JSC::stringProtoFuncMatch):
              (JSC::stringProtoFuncSearch):
      2011-05-25  James Robinson  <jamesr@chromium.org>
      
              Reviewed by Geoffrey Garen
      
              CachedResource overhead size calculation ignores the actual size of the URL
              https://bugs.webkit.org/show_bug.cgi?id=61481
      
              CachedResource::overheadSize is used to determine the size of an entry in the memory cache to know when to evict
              it.  When the resource is a large data: URL, for example representing image or audio data, the URL size itself
              can be significant.
      
              This patch uses an estimate of actual number of bytes used by the URL that is valid for ASCII urls and close for
              other types of strings instead of a fixed number.
      
              * loader/cache/CachedResource.cpp:
              (WebCore::CachedResource::overheadSize):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87346 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5652af77
    • oliver@apple.com's avatar
      6e00d03d
    • oliver@apple.com's avatar
      2011-05-25 Oliver Hunt <oliver@apple.com> · 4872d097
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make RegExp GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=61490
      
              Make RegExp GC allocated.  Basically mechanical change to replace
              most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
              where actual ownership happens.
      
              Made the RegExpCache use Strong<> references currently to avoid any
              changes in behaviour.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::visitAggregate):
              * bytecode/CodeBlock.h:
              (JSC::CodeBlock::addRegExp):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::addRegExp):
              (JSC::BytecodeGenerator::emitNewRegExp):
              * bytecompiler/BytecodeGenerator.h:
              * runtime/JSCell.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::clearBuiltinStructures):
              (JSC::JSGlobalData::addRegExpToTrace):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/RegExp.cpp:
              (JSC::RegExp::RegExp):
              (JSC::RegExp::create):
              (JSC::RegExp::invalidateCode):
              * runtime/RegExp.h:
              (JSC::RegExp::createStructure):
              * runtime/RegExpCache.cpp:
              (JSC::RegExpCache::lookupOrCreate):
              (JSC::RegExpCache::create):
              * runtime/RegExpCache.h:
              * runtime/RegExpConstructor.cpp:
              (JSC::constructRegExp):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::RegExpObject):
              (JSC::RegExpObject::visitChildren):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::setRegExp):
              (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              (JSC::regExpProtoFuncCompile):
              * runtime/RegExpPrototype.h:
              * runtime/StringPrototype.cpp:
              (JSC::stringProtoFuncMatch):
              (JSC::stringProtoFuncSearch):
      2011-05-25  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make RegExp GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=61490
      
              RegExp is GC'd so we don't need the RefPtr shenanigans anymore.
      
              * bindings/js/SerializedScriptValue.cpp:
              (WebCore::CloneDeserializer::readTerminal):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87343 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4872d097
  12. 24 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-24 Geoffrey Garen <ggaren@apple.com> · 726ad6bd
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Let's just have one way to get the system page size, bokay?
              https://bugs.webkit.org/show_bug.cgi?id=61384
      
              * CMakeListsEfl.txt:
              * CMakeListsWinCE.txt:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
              is gone completely now, since it only existed to provide a duplicate way
              to access the system page size.
      
              * heap/MarkStack.cpp:
              (JSC::MarkStack::reset):
              * heap/MarkStack.h:
              (JSC::::MarkStackArray):
              (JSC::::shrinkAllocation): Use WTF::pageSize.
      
              * heap/MarkStackPosix.cpp:
              * heap/MarkStackSymbian.cpp:
              * heap/MarkStackWin.cpp: Removed now-empty files.
      
              * jit/ExecutableAllocator.cpp:
              (JSC::ExecutableAllocator::reprotectRegion):
              * jit/ExecutableAllocator.h:
              (JSC::ExecutableAllocator::ExecutableAllocator):
              (JSC::ExecutablePool::ExecutablePool):
              (JSC::ExecutablePool::poolAllocate):
              * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
      
              * wscript: Removed now-empty files.
      
              * wtf/PageBlock.cpp:
              (WTF::systemPageSize): Integrated questionable Symbian page size rule
              from ExecutableAllocator, because that seems like what the original
              author should have done.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87198 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      726ad6bd
  13. 19 May, 2011 2 commits
    • oliver@apple.com's avatar
      2011-05-19 Oliver Hunt <oliver@apple.com> · a3b44328
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Add guard pages to each end of the memory region used by the fixedvm allocator
              https://bugs.webkit.org/show_bug.cgi?id=61150
      
              Add mechanism to notify the OSAllocator that pages at either end of an
              allocation should be considered guard pages.  Update PageReservation,
              PageAllocation, etc to handle this.
      
              * JavaScriptCore.exp:
              * jit/ExecutableAllocatorFixedVMPool.cpp:
              (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
              * wtf/OSAllocator.h:
              * wtf/OSAllocatorPosix.cpp:
              (WTF::OSAllocator::reserveUncommitted):
              (WTF::OSAllocator::reserveAndCommit):
              * wtf/PageAllocation.h:
              (WTF::PageAllocation::PageAllocation):
              * wtf/PageAllocationAligned.h:
              (WTF::PageAllocationAligned::PageAllocationAligned):
              * wtf/PageBlock.h:
              (WTF::PageBlock::PageBlock):
              * wtf/PageReservation.h:
              (WTF::PageReservation::reserve):
              (WTF::PageReservation::reserveWithGuardPages):
                  Add a new function to make a reservation that will add guard
                  pages to the ends of an allocation.
              (WTF::PageReservation::PageReservation):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a3b44328
    • yurys@chromium.org's avatar
      2011-05-18 Yury Semikhatsky <yurys@chromium.org> · aa17fdc4
      yurys@chromium.org authored
              Reviewed by Pavel Feldman.
      
              InjectedScriptSource.js - "Don't be eval()."
              https://bugs.webkit.org/show_bug.cgi?id=60800
      
              * inspector/console/console-eval-blocked-expected.txt: Added.
              * inspector/console/console-eval-blocked.html: Added.
      2011-05-18  Yury Semikhatsky  <yurys@chromium.org>
      
              Reviewed by Pavel Feldman.
      
              InjectedScriptSource.js - "Don't be eval()."
              https://bugs.webkit.org/show_bug.cgi?id=60800
      
              Thanks to Adam Barth for providing JSC implementation!
      
              InjectedScriptHost.evaluate is used to perform script evaluations for
              inspector needs. This method is not affected by CSP and should fix inspector
              on pages with CSP restrictions.
      
              Test: inspector/console/console-eval-blocked.html
      
              * bindings/js/JSInjectedScriptHostCustom.cpp:
              (WebCore::JSInjectedScriptHost::evaluate):
              * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
              (WebCore::V8InjectedScriptHost::evaluateCallback):
              (WebCore::V8InjectedScriptHost::inspectedNodeCallback):
              * inspector/InjectedScriptHost.idl:
              * inspector/InjectedScriptSource.js:
              (.):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aa17fdc4
  14. 17 May, 2011 2 commits
    • ggaren@apple.com's avatar
      Source/JavaScriptCore: Rolling back in r86653 with build fixed. · 19fe5092
      ggaren@apple.com authored
      Reviewed by Gavin Barraclough and Oliver Hunt.
      
      Global object initialization is expensive
      https://bugs.webkit.org/show_bug.cgi?id=60933
              
      Changed a bunch of globals to allocate their properties lazily, and changed
      the global object to allocate a bunch of its globals lazily.
              
      This reduces the footprint of a global object from 287 objects with 58
      functions for 24K to 173 objects with 20 functions for 15K.
      
      Large patch, but it's all mechanical.
      
      * DerivedSources.make:
      * JavaScriptCore.exp: Build!
      
      * create_hash_table: Added a special case for fromCharCode, since it uses
      a custom "thunk generator".
      
      * heap/Heap.cpp:
      (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
      overcount objects that were owned through more than one mechanism because
      it was getting in the way of counting the results for this patch.
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectPrototypeTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable): Added new tables.
      
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::ArrayConstructor):
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::DateConstructor):
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure): Standardized these objects
      to use static tables for function properties.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h: Added new tables.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
      static table for its global functions. This required uninlining some
      things to avoid a circular header dependency. However, those things
      probably shouldn't have been inlined in the first place.
              
      Even more global object properties can be made lazy, but that requires
      more in-depth changes.
      
      * runtime/MathObject.cpp:
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::RegExpPrototype):
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::StringConstructor):
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure): Standardized these objects
      to use static tables for function properties.
      
      LayoutTests: Global object initialization is expensive
      https://bugs.webkit.org/show_bug.cgi?id=60933
              
      Reviewed by Gavin Barraclough.
      
      Added a few more expected failures, now that more code uses static hash
      tables.
              
      The fact that built-ins are not deletable, but should be, is covered by
      https://bugs.webkit.org/show_bug.cgi?id=61014
      
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.2/S15.6.2.1_A4-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.3/15.6.3.1_Boolean.prototype/S15.6.3.1_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.4/S15.6.4_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.2/S15.7.2.1_A4-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.3/15.7.3.1_Number.prototype/S15.7.3.1_A2_T1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.4/S15.7.4_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.2_Date.parse/S15.9.4.2_A1_T2-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.3_Date.UTC/S15.9.4.3_A1_T2-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86727 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19fe5092
    • commit-queue@webkit.org's avatar
      2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com> · 5a39502a
      commit-queue@webkit.org authored
              Unreviewed, rolling out r86653.
              http://trac.webkit.org/changeset/86653
              https://bugs.webkit.org/show_bug.cgi?id=60944
      
              "Caused regressions on Windows, OSX and EFL" (Requested by
              yutak on #webkit).
      
              * DerivedSources.make:
              * DerivedSources.pro:
              * GNUmakefile.am:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * create_hash_table:
              * heap/Heap.cpp:
              (JSC::TypeCounter::operator()):
              * interpreter/CallFrame.h:
              (JSC::ExecState::arrayTable):
              (JSC::ExecState::numberTable):
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              * runtime/ArrayConstructor.h:
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::getOwnPropertySlot):
              (JSC::ArrayPrototype::getOwnPropertyDescriptor):
              * runtime/ArrayPrototype.h:
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              * runtime/BooleanPrototype.h:
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              * runtime/DateConstructor.h:
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              * runtime/ErrorPrototype.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::~JSGlobalData):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::addStaticGlobals):
              (JSC::JSGlobalObject::getOwnPropertySlot):
              (JSC::JSGlobalObject::getOwnPropertyDescriptor):
              * runtime/JSGlobalObjectFunctions.cpp:
              (JSC::globalFuncJSCPrint):
              * runtime/JSGlobalObjectFunctions.h:
              * runtime/MathObject.cpp:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::getOwnPropertySlot):
              (JSC::NumberConstructor::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              * runtime/NumberPrototype.h:
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              (JSC::ObjectPrototype::put):
              (JSC::ObjectPrototype::getOwnPropertySlot):
              * runtime/ObjectPrototype.h:
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              * runtime/RegExpPrototype.h:
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              * runtime/StringConstructor.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86657 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5a39502a
  15. 16 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-16 Geoffrey Garen <ggaren@apple.com> · 836c5d91
      ggaren@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Global object initialization is expensive
              https://bugs.webkit.org/show_bug.cgi?id=60933
              
              Changed a bunch of globals to allocate their properties lazily, and changed
              the global object to allocate a bunch of its globals lazily.
              
              This reduces the footprint of a global object from 287 objects with 58
              functions for 24K to 173 objects with 20 functions for 15K.
      
              Large patch, but it's all mechanical.
      
              * DerivedSources.make:
              * JavaScriptCore.exp: Build!
      
              * create_hash_table: Added a special case for fromCharCode, since it uses
              a custom "thunk generator".
      
              * heap/Heap.cpp:
              (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
              overcount objects that were owned through more than one mechanism because
              it was getting in the way of counting the results for this patch.
      
              * interpreter/CallFrame.h:
              (JSC::ExecState::arrayConstructorTable):
              (JSC::ExecState::arrayPrototypeTable):
              (JSC::ExecState::booleanPrototypeTable):
              (JSC::ExecState::dateConstructorTable):
              (JSC::ExecState::errorPrototypeTable):
              (JSC::ExecState::globalObjectTable):
              (JSC::ExecState::numberConstructorTable):
              (JSC::ExecState::numberPrototypeTable):
              (JSC::ExecState::objectPrototypeTable):
              (JSC::ExecState::regExpPrototypeTable):
              (JSC::ExecState::stringConstructorTable): Added new tables.
      
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              (JSC::ArrayConstructor::getOwnPropertySlot):
              (JSC::ArrayConstructor::getOwnPropertyDescriptor):
              * runtime/ArrayConstructor.h:
              (JSC::ArrayConstructor::createStructure):
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::getOwnPropertySlot):
              (JSC::ArrayPrototype::getOwnPropertyDescriptor):
              * runtime/ArrayPrototype.h:
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              (JSC::BooleanPrototype::getOwnPropertySlot):
              (JSC::BooleanPrototype::getOwnPropertyDescriptor):
              * runtime/BooleanPrototype.h:
              (JSC::BooleanPrototype::createStructure):
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              (JSC::DateConstructor::getOwnPropertySlot):
              (JSC::DateConstructor::getOwnPropertyDescriptor):
              * runtime/DateConstructor.h:
              (JSC::DateConstructor::createStructure):
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              (JSC::ErrorPrototype::getOwnPropertySlot):
              (JSC::ErrorPrototype::getOwnPropertyDescriptor):
              * runtime/ErrorPrototype.h:
              (JSC::ErrorPrototype::createStructure): Standardized these objects
              to use static tables for function properties.
      
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::~JSGlobalData):
              * runtime/JSGlobalData.h: Added new tables.
      
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              (JSC::JSGlobalObject::addStaticGlobals):
              (JSC::JSGlobalObject::getOwnPropertySlot):
              (JSC::JSGlobalObject::getOwnPropertyDescriptor):
              * runtime/JSGlobalObject.h:
              * runtime/JSGlobalObjectFunctions.cpp:
              * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
              static table for its global functions. This required uninlining some
              things to avoid a circular header dependency. However, those things
              probably shouldn't have been inlined in the first place.
              
              Even more global object properties can be made lazy, but that requires
              more in-depth changes.
      
              * runtime/MathObject.cpp:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::getOwnPropertySlot):
              (JSC::NumberConstructor::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              (JSC::NumberPrototype::getOwnPropertySlot):
              (JSC::NumberPrototype::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.h:
              (JSC::NumberPrototype::createStructure):
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              (JSC::ObjectPrototype::put):
              (JSC::ObjectPrototype::getOwnPropertySlot):
              (JSC::ObjectPrototype::getOwnPropertyDescriptor):
              * runtime/ObjectPrototype.h:
              (JSC::ObjectPrototype::createStructure):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              (JSC::RegExpPrototype::getOwnPropertySlot):
              (JSC::RegExpPrototype::getOwnPropertyDescriptor):
              * runtime/RegExpPrototype.h:
              (JSC::RegExpPrototype::createStructure):
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              (JSC::StringConstructor::getOwnPropertySlot):
              (JSC::StringConstructor::getOwnPropertyDescriptor):
              * runtime/StringConstructor.h:
              (JSC::StringConstructor::createStructure): Standardized these objects
              to use static tables for function properties.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      836c5d91
  16. 14 May, 2011 2 commits
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · 4103716d
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86499 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4103716d
    • ossy@webkit.org's avatar
      Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt. · 8c10d800
      ossy@webkit.org authored
      Make GC validation more aggressive
      https://bugs.webkit.org/show_bug.cgi?id=60802
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedSpace.cpp:
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/Executable.h:
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::createStructure):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::createStructure):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      * runtime/JSArray.cpp:
      (JSC::JSArray::visitChildren):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSCell::JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::visitChildren):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::visitChildren):
      * runtime/JSString.h:
      (JSC::RopeBuilder::createStructure):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::visitChildren):
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::visitChildren):
      * runtime/ScopeChain.h:
      (JSC::ScopeChainNode::ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::createStructure):
      (JSC::JSCell::classInfo):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::get):
      (JSC::WriteBarrierBase::operator*):
      (JSC::WriteBarrierBase::operator->):
      (JSC::WriteBarrier::WriteBarrier):
      * wtf/Assertions.h:
      
      Source/WebCore:
      
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioContextCustom.cpp:
      (WebCore::JSAudioContext::visitChildren):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::visitChildren):
      (WebCore::JSDOMGlobalObject::setInjectedScript):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::visitChildren):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::JSEventListener):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      (WebCore::JSJavaScriptAudioNode::visitChildren):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/scripts/CodeGeneratorJS.pm:
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::invalidate):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::getCallData):
      (WebKit::JSNPObject::getConstructData):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8c10d800
  17. 13 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · d369c8cd
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d369c8cd
  18. 12 May, 2011 1 commit
    • zimmermann@webkit.org's avatar
      2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> · 6da15387
      zimmermann@webkit.org authored
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator.
              Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
              object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
              N strings using operator+, this leads to N-1 reallocations.
      
              Replace this with a flexible operator+ implementation, that avoids these reallocations.
              When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
              a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
              creation of the final string, until operator String() is invoked.
      
              template<typename T>
              StringAppend<String, T> operator+(const String& string1, T string2)
              {
                  return StringAppend<String, T>(string1, string2);
              }
      
              template<typename U, typename V, typename W>
              StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
              {
                  return StringAppend<U, StringAppend<V, W> >(string1, string2);
              }
      
              When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
              first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
              Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
              a StringAppend<String, StringAppend<String, String> > object.
              Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
              final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
              against too big string allocations, etc.
      
              Note that the second template, defines a recursive way to concat an arbitary number of strings
              into a single String with just one allocation.
      
              * GNUmakefile.list.am: Add StringOperators.h to build.
              * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
              * JavaScriptCore.gypi: Add StringOperators.h to build.
              * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
              * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
              * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
              * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
              * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
              (WTF::StringAppend::StringAppend):
              (WTF::StringAppend::operator String):
              (WTF::StringAppend::operator AtomicString):
              (WTF::StringAppend::writeTo):
              (WTF::StringAppend::length):
              (WTF::operator+):
              * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). 
              (WTF::emptyString): Add new shared empty string free function.
              * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessary when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * dom/XMLDocumentParserLibxml2.cpp:
              (WebCore::handleElementAttributes):
              * editing/MarkupAccumulator.cpp:
              (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
              * html/HTMLAnchorElement.cpp:
              (WebCore::HTMLAnchorElement::hash):
              (WebCore::HTMLAnchorElement::search):
              * html/ImageInputType.cpp:
              (WebCore::ImageInputType::appendFormData):
              * html/parser/HTMLTreeBuilder.cpp:
              * loader/CrossOriginAccessControl.cpp:
              (WebCore::passesAccessControlCheck):
              * page/Location.cpp:
              (WebCore::Location::search):
              (WebCore::Location::hash):
              * page/NavigatorBase.cpp:
              (WebCore::NavigatorBase::platform):
              * platform/chromium/ClipboardChromium.cpp:
              (WebCore::writeImageToDataObject):
              * platform/gtk/PasteboardHelper.cpp:
              (WebCore::PasteboardHelper::fillSelectionData):
              * platform/network/cf/ResourceHandleCFNet.cpp:
              (WebCore::encodeBasicAuthorization):
              * platform/network/cf/SocketStreamHandleCFNet.cpp:
              (WebCore::SocketStreamHandle::copyCFStreamDescription):
              * platform/network/mac/ResourceHandleMac.mm:
              (WebCore::encodeBasicAuthorization):
              * workers/WorkerLocation.cpp:
              (WebCore::WorkerLocation::search):
              (WebCore::WorkerLocation::hash):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * src/WebAccessibilityObject.cpp:
              (WebKit::WebAccessibilityObject::keyboardShortcut): Cast to String first, before trying to convert to platform dependant type.
              * src/WebHTTPLoadInfo.cpp:
              (WebKit::addHeader): Don't pass WebString to makeString, explicit cast to String first.
              * tests/IDBLevelDBCodingTest.cpp: Cast to String first, to avoid conflicting with gtests global templatified operator+.
              (IDBLevelDBCoding::TEST):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * WebView/WebFrame.mm: Explicitely cast to Strings first, so operator NSString*() can be invoked.
              (-[WebFrame _stringWithDocumentTypeStringAndMarkupString:]):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * AccessibleBase.cpp:
              (AccessibleBase::get_accKeyboardShortcut): Explicitely cast to Strings first, so operator BString() can be invoked.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86330 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6da15387
  19. 11 May, 2011 1 commit
  20. 09 May, 2011 1 commit
    • abarth@webkit.org's avatar
      2011-05-09 Adam Barth <abarth@webkit.org> · 19733325
      abarth@webkit.org authored
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              Test that the function constructor is properly blocked.
      
              * http/tests/security/contentSecurityPolicy/function-constructor-allowed-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-allowed.html: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-blocked-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-blocked.html: Added.
              * platform/chromium/test_expectations.txt:
      2011-05-09  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              When eval is disabled, we need to block the use of the function
              constructor.  However, the WebCore JSC bindings call the function
              constructor directly to create inline event listeners.  To support that
              use, this patch adds an entrypoint that bypasses the check for whether
              eval is enabled.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * runtime/FunctionConstructor.cpp:
              (JSC::constructFunction):
              (JSC::constructFunctionSkippingEvalEnabledCheck):
              * runtime/FunctionConstructor.h:
      2011-05-09  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              Tests: http/tests/security/contentSecurityPolicy/function-constructor-allowed.html
                     http/tests/security/contentSecurityPolicy/function-constructor-blocked.html
      
              * bindings/js/JSLazyEventListener.cpp:
              (WebCore::JSLazyEventListener::initializeJSFunction):
                  - Update call site to the new entrypoint.
              * bindings/v8/V8LazyEventListener.cpp:
              (WebCore::V8LazyEventListener::prepareListenerObject):
                  - Add some comments about the rediculousness of this implementation.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86100 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19733325
  21. 03 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-03 Oliver Hunt <oliver@apple.com> · 1d9763c2
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make malloc validation useful
              https://bugs.webkit.org/show_bug.cgi?id=57502
      
              Reland this patch (rolled out in 82905) without
              turning it on by default.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * wtf/FastMalloc.cpp:
              (WTF::tryFastMalloc):
              (WTF::fastMalloc):
              (WTF::tryFastCalloc):
              (WTF::fastCalloc):
              (WTF::fastFree):
              (WTF::tryFastRealloc):
              (WTF::fastRealloc):
              (WTF::fastMallocSize):
              (WTF::TCMalloc_PageHeap::isScavengerSuspended):
              (WTF::TCMalloc_PageHeap::scheduleScavenger):
              (WTF::TCMalloc_PageHeap::suspendScavenger):
              (WTF::TCMalloc_PageHeap::signalScavenger):
              (WTF::TCMallocStats::malloc):
              (WTF::TCMallocStats::free):
              (WTF::TCMallocStats::fastCalloc):
              (WTF::TCMallocStats::tryFastCalloc):
              (WTF::TCMallocStats::calloc):
              (WTF::TCMallocStats::fastRealloc):
              (WTF::TCMallocStats::tryFastRealloc):
              (WTF::TCMallocStats::realloc):
              (WTF::TCMallocStats::fastMallocSize):
              * wtf/FastMalloc.h:
              (WTF::Internal::fastMallocValidationHeader):
              (WTF::Internal::fastMallocValidationSuffix):
              (WTF::Internal::fastMallocMatchValidationType):
              (WTF::Internal::setFastMallocMatchValidationType):
              (WTF::fastMallocMatchValidateFree):
              (WTF::fastMallocValidate):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85700 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1d9763c2
  22. 02 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-02 Oliver Hunt <oliver@apple.com> · 35b2b50e
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Correct marking of interpreter data in mixed mode builds
              https://bugs.webkit.org/show_bug.cgi?id=59962
      
              We had a few places in mixed mode builds where we would not
              track data used by the interpreter for marking.  This patch
              corrects the problem and adds a number of assertions to catch
              live Structures being collected.
      
              * JavaScriptCore.exp:
              * assembler/ARMv7Assembler.h:
              (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::dump):
              * bytecode/CodeBlock.h:
              (JSC::CodeBlock::addPropertyAccessInstruction):
              (JSC::CodeBlock::addGlobalResolveInstruction):
              (JSC::CodeBlock::addStructureStubInfo):
              (JSC::CodeBlock::addGlobalResolveInfo):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::emitResolve):
              (JSC::BytecodeGenerator::emitResolveWithBase):
              (JSC::BytecodeGenerator::emitGetById):
              (JSC::BytecodeGenerator::emitPutById):
              (JSC::BytecodeGenerator::emitDirectPutById):
              * runtime/Structure.cpp:
              (JSC::Structure::materializePropertyMap):
              * runtime/Structure.h:
              (JSC::Structure::typeInfo):
              (JSC::Structure::previousID):
              (JSC::Structure::propertyStorageCapacity):
              (JSC::Structure::propertyStorageSize):
              (JSC::Structure::get):
              (JSC::Structure::materializePropertyMapIfNecessary):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85523 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      35b2b50e
  23. 29 Apr, 2011 1 commit
    • abarth@webkit.org's avatar
      2011-04-29 Adam Barth <abarth@webkit.org> · 26a40f16
      abarth@webkit.org authored
              Reviewed by Eric Seidel.
      
              CSP script-src should block eval
              https://bugs.webkit.org/show_bug.cgi?id=59850
      
              Test that both function-eval and operator-eval are correctly blocked
              and allowed according to the policy.
      
              * http/tests/security/contentSecurityPolicy/eval-allowed-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/eval-allowed.html: Added.
              * http/tests/security/contentSecurityPolicy/eval-blocked-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/eval-blocked.html: Added.
      2011-04-29  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP script-src should block eval
              https://bugs.webkit.org/show_bug.cgi?id=59850
      
              ggaren recommend a different approach to this patch, essentially
              installing a new function for function-eval and changing the AST
              representation of operator-eval to call function-eval.  However, I'm
              not sure that approach is workable because the ASTBuilder doesn't know
              about global objects, and there is added complication due to the cache.
      
              This approach is more dynamic, adding a branch in EvalExecutable to
              detect whether eval is current disabled in the lexical scope.  The spec
              is slightly unclear about whether we should return undefined or throw
              an exception.  I've asked Brandon to clarify the spec, but throwing an
              exception seems natural.
      
              * JavaScriptCore.exp:
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::compileInternal):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::disableEval):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::JSGlobalObject):
              (JSC::JSGlobalObject::isEvalEnabled):
      2011-04-29  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP script-src should block eval
              https://bugs.webkit.org/show_bug.cgi?id=59850
      
              Rather than have JavaScriptCore call back into WebCore to learn whether
              eval is enabled, we push that bit of the policy into JavaScriptCore.
      
              Tests: http/tests/security/contentSecurityPolicy/eval-allowed.html
                     http/tests/security/contentSecurityPolicy/eval-blocked.html
      
              * bindings/js/ScriptController.cpp:
              (WebCore::ScriptController::disableEval):
              * bindings/js/ScriptController.h:
              * page/ContentSecurityPolicy.cpp:
              (WebCore::ContentSecurityPolicy::didReceiveHeader):
              (WebCore::ContentSecurityPolicy::internalAllowEval):
              (WebCore::ContentSecurityPolicy::allowEval):
              * page/ContentSecurityPolicy.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85388 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      26a40f16
  24. 27 Apr, 2011 1 commit
  25. 22 Apr, 2011 2 commits
    • commit-queue@webkit.org's avatar
      2011-04-22 Sheriff Bot <webkit.review.bot@gmail.com> · 2dba4a48
      commit-queue@webkit.org authored
              Unreviewed, rolling out r84650 and r84654.
              http://trac.webkit.org/changeset/84650
              http://trac.webkit.org/changeset/84654
              https://bugs.webkit.org/show_bug.cgi?id=59218
      
              Broke Windows build (Requested by bweinstein on #webkit).
      
              * API/JSCallbackObjectFunctions.h:
              (JSC::::init):
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * heap/Handle.h:
              (JSC::HandleBase::operator!):
              (JSC::HandleBase::operator UnspecifiedBoolType*):
              (JSC::HandleTypes::getFromSlot):
              * heap/HandleHeap.cpp:
              (JSC::HandleHeap::markStrongHandles):
              (JSC::HandleHeap::markWeakHandles):
              (JSC::HandleHeap::finalizeWeakHandles):
              (JSC::HandleHeap::writeBarrier):
              (JSC::HandleHeap::protectedGlobalObjectCount):
              (JSC::HandleHeap::isValidWeakNode):
              * heap/HandleHeap.h:
              (JSC::HandleHeap::copyWeak):
              (JSC::HandleHeap::makeWeak):
              (JSC::HandleHeap::Node::slot):
              * heap/HandleStack.cpp:
              (JSC::HandleStack::mark):
              (JSC::HandleStack::grow):
              * heap/HandleStack.h:
              (JSC::HandleStack::zapTo):
              (JSC::HandleStack::push):
              * heap/Heap.cpp:
              (JSC::HandleHeap::protectedObjectTypeCounts):
              * heap/Local.h:
              (JSC::::set):
              * heap/Strong.h:
              (JSC::Strong::set):
              * heap/Weak.h:
              (JSC::Weak::set):
              * runtime/StructureTransitionTable.h:
              (JSC::StructureTransitionTable::singleTransition):
              (JSC::StructureTransitionTable::setSingleTransition):
              * runtime/WeakGCMap.h:
              (JSC::WeakGCMap::add):
              (JSC::WeakGCMap::set):
              * runtime/WriteBarrier.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84660 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2dba4a48
    • oliver@apple.com's avatar
      2011-04-22 Oliver Hunt <oliver@apple.com> · 4b66844e
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make it harder to use HandleSlot incorrectly
              https://bugs.webkit.org/show_bug.cgi?id=59205
      
              Just add a little type fudging to make it harder to
              incorrectly assign through a HandleSlot.
      
              * API/JSCallbackObjectFunctions.h:
              (JSC::::init):
              * JavaScriptCore.exp:
              * heap/Handle.h:
              (JSC::HandleBase::operator!):
              (JSC::HandleBase::operator UnspecifiedBoolType*):
              (JSC::HandleTypes::getFromSlot):
              * heap/HandleHeap.cpp:
              (JSC::HandleHeap::markStrongHandles):
              (JSC::HandleHeap::markWeakHandles):
              (JSC::HandleHeap::finalizeWeakHandles):
              (JSC::HandleHeap::writeBarrier):
              (JSC::HandleHeap::protectedGlobalObjectCount):
              (JSC::HandleHeap::isValidWeakNode):
              * heap/HandleHeap.h:
              (JSC::HandleHeap::copyWeak):
              (JSC::HandleHeap::makeWeak):
              (JSC::HandleHeap::Node::slot):
              * heap/HandleStack.cpp:
              (JSC::HandleStack::mark):
              (JSC::HandleStack::grow):
              * heap/HandleStack.h:
              (JSC::HandleStack::zapTo):
              (JSC::HandleStack::push):
              * heap/Heap.cpp:
              (JSC::HandleHeap::protectedObjectTypeCounts):
              * heap/Local.h:
              (JSC::::set):
              * heap/Strong.h:
              (JSC::Strong::set):
              * heap/Weak.h:
              (JSC::Weak::set):
              * runtime/StructureTransitionTable.h:
              (JSC::StructureTransitionTable::singleTransition):
              (JSC::StructureTransitionTable::setSingleTransition):
              * runtime/WeakGCMap.h:
              (JSC::WeakGCMap::add):
              (JSC::WeakGCMap::set):
              * runtime/WriteBarrier.h:
              (JSC::OpaqueJSValue::toJSValue):
              (JSC::OpaqueJSValue::toJSValueRef):
              (JSC::OpaqueJSValue::fromJSValue):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84650 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4b66844e
  26. 21 Apr, 2011 1 commit
    • oliver@apple.com's avatar
      2011-04-21 Oliver Hunt <oliver@apple.com> · 433d02f9
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObjectData::visitChildren):
              (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
              (JSC::JSCallbackObject::visitChildren):
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::visitStructures):
              (JSC::EvalCodeCache::visitAggregate):
              (JSC::CodeBlock::visitAggregate):
              * bytecode/CodeBlock.h:
              * bytecode/EvalCodeCache.h:
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::visitAggregate):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::visitAggregate):
              * bytecode/StructureStubInfo.h:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * debugger/DebuggerActivation.h:
              * heap/HandleHeap.cpp:
              (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
              (JSC::HandleHeap::markStrongHandles):
              (JSC::HandleHeap::markWeakHandles):
              * heap/HandleHeap.h:
              * heap/HandleStack.cpp:
              (JSC::HandleStack::mark):
              * heap/HandleStack.h:
              * heap/Heap.cpp:
              (JSC::Heap::markProtectedObjects):
              (JSC::Heap::markTempSortVectors):
              (JSC::Heap::markRoots):
              * heap/Heap.h:
              * heap/MarkStack.cpp:
              (JSC::MarkStack::visitChildren):
              (JSC::MarkStack::drain):
              * heap/MarkStack.h:
              (JSC::HeapRootVisitor::HeapRootVisitor):
              (JSC::HeapRootVisitor::mark):
              (JSC::HeapRootVisitor::visitor):
              * heap/MarkedSpace.h:
              * runtime/ArgList.cpp:
              (JSC::MarkedArgumentBuffer::markLists):
              * runtime/ArgList.h:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Arguments.h:
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::createStructure):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSActivation.h:
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSArray.h:
              (JSC::JSArray::visitDirect):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::visitChildren):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSFunction.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::visitIfNeeded):
              (JSC::JSGlobalObject::visitChildren):
              * runtime/JSGlobalObject.h:
              * runtime/JSONObject.cpp:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSObject.h:
              (JSC::JSObject::visitDirect):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::createStructure):
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSStaticScopeObject.h:
              * runtime/JSTypeInfo.h:
              (JSC::TypeInfo::TypeInfo):
              (JSC::TypeInfo::overridesVisitChildren):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/JSWrapperObject.h:
              * runtime/JSZombie.h:
              (JSC::JSZombie::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/NativeErrorConstructor.h:
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/RegExpObject.h:
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              * runtime/SmallStrings.cpp:
              (JSC::SmallStrings::visitChildren):
              * runtime/SmallStrings.h:
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::createStructure):
      2011-04-21  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * UserObjectImp.cpp:
              (UserObjectImp::visitChildren):
      2011-04-21  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioConstructor.cpp:
              (WebCore::constructAudio):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSDOMBinding.cpp:
              (WebCore::visitActiveObjectsForContext):
              (WebCore::markDOMObjectWrapper):
              * bindings/js/JSDOMBinding.h:
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              * bindings/js/JSDOMGlobalObject.h:
              * bindings/js/JSDOMImplementationCustom.cpp:
              (WebCore::JSDOMImplementation::visitChildren):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSDOMWindowShell.h:
              * bindings/js/JSDocumentCustom.cpp:
              (WebCore::JSDocument::visitChildren):
              * bindings/js/JSElementCustom.cpp:
              (WebCore::JSElement::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::markJSFunction):
              * bindings/js/JSEventListener.h:
              * bindings/js/JSHTMLCanvasElementCustom.cpp:
              (WebCore::JSHTMLCanvasElement::visitChildren):
              * bindings/js/JSHTMLLinkElementCustom.cpp:
              (WebCore::JSHTMLLinkElement::visitChildren):
              * bindings/js/JSHTMLStyleElementCustom.cpp:
              (WebCore::JSHTMLStyleElement::visitChildren):
              * bindings/js/JSImageConstructor.cpp:
              (WebCore::constructImage):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMapOwner::isReachableFromOpaqueRoots):
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNavigatorCustom.cpp:
              (WebCore::JSNavigator::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::isObservable):
              (WebCore::isReachableFromDOM):
              (WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeCustom.h:
              * bindings/js/JSNodeFilterCondition.cpp:
              (WebCore::JSNodeFilterCondition::WeakOwner::isReachableFromOpaqueRoots):
              * bindings/js/JSNodeFilterCondition.h:
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSNodeListCustom.cpp:
              (WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
              * bindings/js/JSProcessingInstructionCustom.cpp:
              (WebCore::JSProcessingInstruction::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWebKitAnimationListCustom.cpp:
              (WebCore::JSWebKitAnimationList::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
              (WebCore::JSXMLHttpRequestUpload::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/qt/qt_instance.cpp:
              (JSC::Bindings::QtRuntimeObject::visitChildren):
              (JSC::Bindings::QtInstance::markAggregate):
              * bridge/qt/qt_instance.h:
              * bridge/qt/qt_pixmapruntime.cpp:
              * bridge/qt/qt_runtime.cpp:
              (JSC::Bindings::QtRuntimeMetaMethod::visitChildren):
              * bridge/qt/qt_runtime.h:
              * dom/EventListener.h:
              (WebCore::EventListener::visitJSFunction):
              * dom/EventTarget.h:
              (WebCore::EventTarget::visitJSEventListeners):
              * dom/Node.h:
              * dom/NodeFilterCondition.h:
              (WebCore::NodeFilterCondition::visitAggregate):
              * page/DOMWindow.h:
              * workers/WorkerContext.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84556 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      433d02f9
  27. 15 Apr, 2011 4 commits