1. 03 Oct, 2012 1 commit
  2. 01 Oct, 2012 1 commit
    • fpizlo@apple.com's avatar
      Address a FIXME in JSArray::sort · b5e07304
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98080
      <rdar://problem/12407844>
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Get rid of fast sorting of sparse maps. I don't know that it's broken but I do know that we don't
      have coverage for it. Then also address the FIXME in JSArray::sort regarding side-effecting
      compare functions.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSort):
      * runtime/JSArray.cpp:
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      * runtime/JSObject.h:
      (JSC::JSObject::hasSparseMap):
      (JSObject):
      
      LayoutTests: 
      
      * fast/js/jsc-test-list:
      * fast/js/script-tests/sort-with-side-effecting-comparisons.js: Added.
      * fast/js/sort-with-side-effecting-comparisons-expected.txt: Added.
      * fast/js/sort-with-side-effecting-comparisons.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130102 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b5e07304
  3. 26 Sep, 2012 1 commit
    • msaboff@apple.com's avatar
      Add ability for JSArray::unshiftCount to unshift in middle of an array · a1c33e2b
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97691
      
      Reviewed by Filip Pizlo.
      
      Changed JSArray::unshiftCount and unshiftCountSlowCase to handle unshifting from the middle of an
      array.  Depending on where the unshift point is, either the front part of the array will be moved
      "left" or the back part will be moved right.  Given that unshiftCount only works on contiguous
      arrays it is safe to use memmove for the moves.
      
      This change is worth 25% performance improvement on pdfjs.  It doesn't seem to have any impact on
      any other benchmarks.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::unshift):
      * runtime/JSArray.cpp:
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::unshiftCount):
      * runtime/JSArray.h:
      (JSArray):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129676 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a1c33e2b
  4. 25 Sep, 2012 1 commit
  5. 23 Sep, 2012 1 commit
    • barraclough@apple.com's avatar
      Sorting a non-array creates propreties (spec-violation) · 0a429dee
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=25477
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      We're just calling get() to get properties, which is converting missing properties to
      undefined. Hole values should be retained, and moved to the end of the array.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::getOrHole):
          - Helper function, returns JSValue() instead of undefined for missing properties.
      (JSC::arrayProtoFuncSort):
          - Implemented per 15.4.4.11, see comments above.
      
      LayoutTests: 
      
      Added test cases.
      
      * fast/js/array-sort-sparse-expected.txt: Added.
      * fast/js/array-sort-sparse.html: Added.
      * fast/js/script-tests/array-sort-sparse.js: Added.
      (testSort):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129317 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0a429dee
  6. 20 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      CHECK_ARRAY_CONSISTENCY isn't being used or tested, so we should remove it · 658e5ebd
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97260
      
      Rubber stamped by Geoffrey Garen.
              
      Supporting it will become difficult as we add more indexing types. It makes more
      sense to kill, especially since we don't appear to use it or test it, ever.
      
      * runtime/ArrayConventions.h:
      (JSC):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSplice):
      * runtime/ArrayStorage.h:
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (ArrayStorage):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      (JSC::createArrayButterfly):
      (JSC::JSArray::tryCreateUninitialized):
      (JSC::constructArray):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC):
      * runtime/JSObject.h:
      (JSC::JSObject::initializeIndex):
      (JSObject):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129179 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      658e5ebd
  7. 17 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      If a prototype has indexed setters and its instances have indexed storage,... · 1c4a32c9
      fpizlo@apple.com authored
      If a prototype has indexed setters and its instances have indexed storage, then all put_by_val's should have a bad time
      https://bugs.webkit.org/show_bug.cgi?id=96596
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Added comprehensive support for accessors and read-only indexed properties on the
      prototype chain. This is done without any performance regression on benchmarks that
      we're aware of, by having the entire VM's strategy with respect to arrays tilted
      heavily in favor of:
              
      - The prototype chain of JSArrays never having any accessors or read-only indexed
        properties. If that changes, you're going to have a bad time.
              
      - Prototypes of non-JSArray objects either having no indexed accessors or read-only
        indexed properties, or, having those indexed accessor thingies inserted before
        any instance object (i.e. object with that prototype as its prototype) is created.
        If you add indexed accessors or read-only indexed properties to an object that is
        already used as a prototype, you're going to have a bad time.
              
      See below for the exact definition of having a bad time.
              
      Put another way, "fair" uses of indexed accessors and read-only indexed properties
      are:
              
      - Put indexed accessors and read-only indexed properties on an object that is never
        used as a prototype. This will slow down accesses to that object, but will not
        have any effect on any other object.
              
      - Put those indexed accessor thingies on an object before it is used as a prototype
        and then start instantiating objects that claim that object as their prototype.
        This will slightly slow down indexed stores to the instance objects, and greatly
        slow down all indexed accesses to the prototype, but will have no other effect.
              
      In short, "fair" uses only affect the object itself and any instance objects. But
      if you start using indexed accessors in more eclectic ways, you're going to have
      a bad time.
              
      Specifically, if an object that may be used as a prototype has an indexed accessor
      added, the VM performs a whole-heap scan to find all objects that belong to the
      same global object as the prototype you modified. If any of those objects has
      indexed storage, their indexed storage is put into slow-put mode, just as if their
      prototype chain had indexed accessors. This will happen even for objects that do
      not currently have indexed accessors in their prototype chain. As well, all JSArray
      allocations are caused to create arrays with slow-put storage, and all future
      allocations of indexed storage for non-JSArray objects are also flipped to slow-put
      mode. Note there are two aspects to having a bad time: (i) the whole-heap scan and
      (ii) the poisoning of all indexed storage in the entire global object. (i) is
      necessary for correctness. If we detect that an object that may be used as a
      prototype has had an indexed accessor or indexed read-only property inserted into
      it, then we need to ensure that henceforth all instances of that object inspect
      the prototype chain whenever an indexed hole is stored to. But by default, indexed
      stores do no such checking because doing so would be unnecessarily slow. So, we must
      find all instances of the affected object and flip them into a different array
      storage mode that omits all hole optimizations. Since prototypes never keep a list
      of instance objects, the only way to find those objects is a whole-heap scan. But
      (i) alone would be a potential disaster, if a program frequently allocated an
      object without indexed accessors, then allocated a bunch of objects that used that
      one as their prototype, and then added indexed accessors to the prototype. So, to
      prevent massive heap scan storms in such awkward programs, having a bad time also
      implies (ii): henceforth *all* objects belonging to that global object will use
      slow put indexed storage, so that we don't ever have to scan the heap again. Note
      that here we are using the global object as just an approximation of a program
      module; it may be worth investigating in the future if other approximations can be
      used instead.
      
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::isSlowPutAccess):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasIndexedProperties):
      (JSC::hasIndexingHeader):
      (JSC::hasArrayStorage):
      (JSC::shouldUseSlowPut):
      * runtime/JSArray.cpp:
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      * runtime/JSArray.h:
      (JSC::JSArray::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::addressOfArrayStructure):
      (JSC::JSGlobalObject::havingABadTimeWatchpoint):
      (JSC::JSGlobalObject::isHavingABadTime):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::resetInheritorID):
      (JSC::JSObject::inheritorID):
      (JSC::JSObject::allowsAccessFrom):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::unwrappedGlobalObject):
      (JSC::JSObject::notifyUsedAsPrototype):
      (JSC::JSObject::createInheritorID):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHole):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::mayBeUsedAsPrototype):
      (JSObject):
      (JSC::JSObject::mayInterceptIndexedAccesses):
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrNull):
      (JSC::JSObject::ensureArrayStorage):
      (JSC):
      (JSC::JSValue::putByIndex):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::putToPrimitiveByIndex):
      (JSC):
      * runtime/JSValue.h:
      (JSValue):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayEntry::put):
      (JSC):
      * runtime/SparseArrayValueMap.h:
      (JSC):
      (SparseArrayEntry):
      * runtime/Structure.cpp:
      (JSC::Structure::anyObjectInChainMayInterceptIndexedAccesses):
      (JSC):
      (JSC::Structure::suggestedIndexingTransition):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::mayInterceptIndexedAccesses):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      LayoutTests: 
      
      Removed failing expectation for primitive-property-access-edge-cases, and
      added more tests to cover the numerical-setter-on-prototype cases.
      
      * fast/js/array-bad-time-expected.txt: Added.
      * fast/js/array-bad-time.html: Added.
      * fast/js/array-slow-put-expected.txt: Added.
      * fast/js/array-slow-put.html: Added.
      * fast/js/cross-frame-bad-time-expected.txt: Added.
      * fast/js/cross-frame-bad-time.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/object-bad-time-expected.txt: Added.
      * fast/js/object-bad-time.html: Added.
      * fast/js/object-slow-put-expected.txt: Added.
      * fast/js/object-slow-put.html: Added.
      * fast/js/script-tests/array-bad-time.js: Added.
      * fast/js/script-tests/array-slow-put.js: Added.
      (foo):
      * fast/js/script-tests/cross-frame-bad-time.js: Added.
      (foo):
      * fast/js/script-tests/object-bad-time.js: Added.
      (Cons):
      * fast/js/script-tests/object-slow-put.js: Added.
      (Cons):
      (foo):
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c4a32c9
  8. 12 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should have property butterflies · d8dd0535
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91933
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      This changes the JSC object model. Previously, all objects had fast lookup for
      named properties. Integer indexed properties were only fast if you used a
      JSArray. With this change, all objects have fast indexed properties. This is
      accomplished without any space overhead by using a bidirectional object layout,
      aka butterflies. Each JSObject has a m_butterfly pointer where previously it
      had a m_outOfLineStorage pointer. To the left of the location pointed to by
      m_butterfly, we place all named out-of-line properties. To the right, we place
      all indexed properties along with indexing meta-data. Though, some indexing
      meta-data is placed in the 8-byte word immediately left of the pointed-to
      location; this is in anticipation of the indexing meta-data being small enough
      in the common case that m_butterfly always points to the first indexed
      property.
              
      This is performance neutral, except on tests that use indexed properties on
      plain objects, where the speed-up is in excess of an order of magnitude.
              
      One notable aspect of what this change brings is that it allows indexing
      storage to morph over time. Currently this is only used to allow all non-array
      objects to start out without any indexed storage. But it could be used for
      some kinds of array type inference in the future.
      
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlotByIndex):
      (JSC):
      (JSC::::getOwnNonIndexPropertyNames):
      * API/JSObjectRef.cpp:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitDirectPutById):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (AdjacencyList):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::modeSupportsLength):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::addNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryBuildPutByIdList):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateBasicStorage):
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Arguments.cpp:
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::defineOwnProperty):
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConventions.h: Added.
      (JSC):
      (JSC::isDenseEnoughForVector):
      (JSC::indexingHeaderForArray):
      (JSC::baseIndexingHeaderForArray):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::create):
      (JSC):
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      (JSC::ArrayPrototype::createStructure):
      * runtime/ArrayStorage.h: Added.
      (JSC):
      (ArrayStorage):
      (JSC::ArrayStorage::ArrayStorage):
      (JSC::ArrayStorage::from):
      (JSC::ArrayStorage::butterfly):
      (JSC::ArrayStorage::indexingHeader):
      (JSC::ArrayStorage::length):
      (JSC::ArrayStorage::setLength):
      (JSC::ArrayStorage::vectorLength):
      (JSC::ArrayStorage::setVectorLength):
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (JSC::ArrayStorage::inSparseMode):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::vectorLengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSC::ArrayStorage::indexBiasOffset):
      (JSC::ArrayStorage::sparseMapOffset):
      (JSC::ArrayStorage::sizeFor):
      * runtime/Butterfly.h: Added.
      (JSC):
      (Butterfly):
      (JSC::Butterfly::Butterfly):
      (JSC::Butterfly::totalSize):
      (JSC::Butterfly::fromBase):
      (JSC::Butterfly::offsetOfIndexingHeader):
      (JSC::Butterfly::offsetOfPublicLength):
      (JSC::Butterfly::offsetOfVectorLength):
      (JSC::Butterfly::indexingHeader):
      (JSC::Butterfly::propertyStorage):
      (JSC::Butterfly::indexingPayload):
      (JSC::Butterfly::arrayStorage):
      (JSC::Butterfly::offsetOfPropertyStorage):
      (JSC::Butterfly::indexOfPropertyStorage):
      (JSC::Butterfly::base):
      * runtime/ButterflyInlineMethods.h: Added.
      (JSC):
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::createUninitializedDuringCollection):
      (JSC::Butterfly::base):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/ClassInfo.h:
      (MethodTable):
      (JSC):
      * runtime/IndexingHeader.h: Added.
      (JSC):
      (IndexingHeader):
      (JSC::IndexingHeader::offsetOfIndexingHeader):
      (JSC::IndexingHeader::offsetOfPublicLength):
      (JSC::IndexingHeader::offsetOfVectorLength):
      (JSC::IndexingHeader::IndexingHeader):
      (JSC::IndexingHeader::vectorLength):
      (JSC::IndexingHeader::setVectorLength):
      (JSC::IndexingHeader::publicLength):
      (JSC::IndexingHeader::setPublicLength):
      (JSC::IndexingHeader::from):
      (JSC::IndexingHeader::fromEndOf):
      (JSC::IndexingHeader::propertyStorage):
      (JSC::IndexingHeader::arrayStorage):
      (JSC::IndexingHeader::butterfly):
      * runtime/IndexingHeaderInlineMethods.h: Added.
      (JSC):
      (JSC::IndexingHeader::preCapacity):
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.h: Added.
      (JSC):
      (JSC::hasIndexingHeader):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::getOwnNonIndexPropertyNames):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::getOwnNonIndexPropertyNames):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      (JSC::JSArray::JSArray):
      (JSC::JSArray::length):
      (JSC::JSArray::createStructure):
      (JSC::JSArray::isLengthWritable):
      (JSC::createArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnNonIndexPropertyNames):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC):
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::fillGetterPropertySlot):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::deallocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      (JSC::JSObject::getOwnPropertySlotSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSObject):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::butterfly):
      (JSC::JSObject::outOfLineStorage):
      (JSC::JSObject::offsetForLocation):
      (JSC::JSObject::indexingShouldBeSparse):
      (JSC::JSObject::butterflyOffset):
      (JSC::JSObject::butterflyAddress):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrZero):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::setButterflyWithoutChangingStructure):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::offsetInButterfly):
      (JSC::offsetRelativeToPatchedStorage):
      (JSC::indexRelativeToBase):
      (JSC::offsetRelativeToBase):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/JSTypeInfo.h:
      (JSC):
      (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero):
      (JSC::TypeInfo::overridesGetPropertyNames):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyOffset.h:
      (JSC::offsetInOutOfLineStorage):
      * runtime/PropertyStorage.h: Added.
      (JSC):
      * runtime/PutDirectIndexMode.h: Added.
      (JSC):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnNonIndexPropertyNames):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/Reject.h: Added.
      (JSC):
      (JSC::reject):
      * runtime/SparseArrayValueMap.cpp: Added.
      (JSC):
      * runtime/SparseArrayValueMap.h: Added.
      (JSC):
      (SparseArrayEntry):
      (JSC::SparseArrayEntry::SparseArrayEntry):
      (SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
      * runtime/SparseArrayValueMapInlineMethods.h: Added.
      (JSC):
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::~SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::destroy):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::get):
      (JSC::SparseArrayEntry::getNonSparseMode):
      (JSC::SparseArrayValueMap::visitChildren):
      * runtime/StorageBarrier.h: Removed.
      * runtime/StringObject.cpp:
      (JSC::StringObject::putByIndex):
      (JSC):
      (JSC::StringObject::deletePropertyByIndex):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::nonPropertyTransition):
      (JSC):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::indexingType):
      (JSC::Structure::indexingTypeIncludingHistory):
      (JSC::Structure::indexingTypeOffset):
      (JSC::Structure::create):
      * runtime/StructureTransitionTable.h:
      (JSC):
      (JSC::toAttributes):
      (JSC::newIndexingType):
      (JSC::StructureTransitionTable::Hash::hash):
      * tests/mozilla/js1_6/Array/regress-304828.js:
      
      Source/WebCore: 
      
      Teach the DOM that to intercept get/put on indexed properties, you now have
      to override getOwnPropertySlotByIndex and putByIndex.
      
      No new tests because no new behavior. One test was rebased because indexed
      property iteration order now matches other engines (indexed properties always
      come first).
      
      * bindings/js/ArrayValue.cpp:
      (WebCore::ArrayValue::get):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindow::putByIndex):
      (WebCore::JSDOMWindow::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindowShell::putByIndex):
      (WebCore::JSDOMWindowShell::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSWebSocketCustom.cpp:
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::serialize):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      
      LayoutTests: 
      
      Modify the JSON test to indicate that iterating over properties now returns
      indexed properties first. This is a behavior change that makes us more
      compliant with other implementations.
              
      Also check in new expected file for the edge cases of indexed property access
      with prototype accessors. This changeset introduces a known regression in that
      department, which is tracked here: https://bugs.webkit.org/show_bug.cgi?id=96596
      
      * fast/js/resources/JSON-stringify.js:
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d8dd0535
  9. 04 Sep, 2012 1 commit
    • benjamin@webkit.org's avatar
      Improve JSC use of Strings after the UString->String change · 762e2c65
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95633
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-09-04
      Reviewed by Geoffrey Garen.
      
      This patch improve the use of strings in the JSC runtime.
      
      The initialization of Identifier is left for future patches.
      
      The improvements are the following:
      -5% faster to raise one of the modified exception.
      -3 times faster to execute Boolean::toString()
      
      Most of the changes are just about using the new methods
      for string literals.
      
      With the changes, the binary on x86_64 gets 176 bytes smaller.
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      * bytecode/CodeBlock.cpp:
      (JSC::valueToSourceString):
      (JSC::CodeBlock::nameForRegister):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::addStackTraceIfNecessary):
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
      * runtime/ArrayPrototype.cpp:
      (JSC::shift):
      (JSC::unshift):
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncReverse):
      * runtime/BooleanPrototype.cpp:
      (JSC::booleanProtoFuncToString): Instead of instanciating new strings, reuse the
      keywords available in SmallStrings. Avoiding the creation of the JSString and StringImpl
      makes the method significantly faster.
      
      * runtime/DateConversion.cpp:
      (JSC::formatDateTime):
      * runtime/DatePrototype.cpp:
      (JSC::formatLocaleDate):
      (JSC::formateDateInstance):
      (JSC::dateProtoFuncToISOString):
      Change the way we use snprintf() for clarity and performance.
      
      Instead of allocating one extra byte to put a zero "just in case", we use the size returned
      by snprintf().
      To prevent any overflow from a programming mistake, we explicitely test for overflow and
      return an empty string.
      
      (JSC::dateProtoFuncToJSON):
      * runtime/Error.cpp:
      (JSC::createNotEnoughArgumentsError):
      (JSC::throwTypeError):
      (JSC::throwSyntaxError):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::finishCreation):
      (JSC::errorProtoFuncToString):
      Using a null String is correct because (8) uses jsString(), (9) tests for a length of 0.
      
      * runtime/ExceptionHelpers.cpp:
      (JSC::InterruptedExecutionError::defaultValue):
      (JSC::TerminatedExecutionError::defaultValue):
      (JSC::createStackOverflowError):
      (JSC::createOutOfMemoryError):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::FunctionExecutable::paramString):
      * runtime/FunctionConstructor.cpp:
      (JSC::constructFunction):
      (JSC::constructFunctionSkippingEvalEnabledCheck):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      Using a null String for the name is correct because InternalFunction uses jsString()
      to create the name value.
      
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      There is no need to create an empty string for a null string, jsString() handle both
      cases as empty JSString.
      
      * runtime/JSArray.cpp:
      (JSC::reject):
      (JSC::SparseArrayValueMap::put):
      (JSC::JSArray::put):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::putDirectIndexBeyondVectorLength):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation): Same issue as InternalFunction::finishCreation.
      
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSGlobalData.cpp:
      (JSC::enableAssembler): Use CFSTR() instead of CFStringCreateWithCString().
      CFStringCreateWithCString() copy the content and may choose to decode the data.
      CFSTR() is much more efficient.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      JSFunction uses jsString() to create the name, we can use null strings instead
      of creating empty strings.
      
      (JSC::JSGlobalObject::createThrowTypeError): ditto.
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::encode):
      (JSC::decode):
      (JSC::globalFuncEval):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::defaultValue):
      (JSC::JSObject::hasInstance):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSString.cpp:
      Return an empty JSString to avoid the creation of a temporary empty String.
      
      (JSC::JSRopeString::getIndexSlowCase):
      * runtime/JSString.h:
      (JSC): Remove the versions of jsNontrivialString() taking a char*. All the callers
      have been replaced by calls using ASCIILiteral.
      
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/LiteralParser.cpp:
      (JSC::::Lexer::lex):
      (JSC::::Lexer::lexString):
      (JSC::::Lexer::lexNumber):
      (JSC::::parse):
      * runtime/LiteralParser.h:
      (JSC::LiteralParser::getErrorMessage):
      * runtime/NumberPrototype.cpp:
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetPrototypeOf):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorGetOwnPropertyNames):
      (JSC::objectConstructorKeys):
      (JSC::toPropertyDescriptor):
      (JSC::objectConstructorDefineProperty):
      (JSC::objectConstructorDefineProperties):
      (JSC::objectConstructorCreate):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      (JSC::objectConstructorIsExtensible):
      * runtime/ObjectPrototype.cpp:
      (JSC::objectProtoFuncDefineGetter):
      (JSC::objectProtoFuncDefineSetter):
      (JSC::objectProtoFuncToString):
      * runtime/RegExpConstructor.cpp:
      (JSC::constructRegExp):
      * runtime/RegExpObject.cpp:
      (JSC::reject):
      (JSC::regExpObjectSource):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/StringObject.cpp:
      (JSC::StringObject::defineOwnProperty):
      * runtime/StringPrototype.cpp:
      (JSC::jsSpliceSubstrings):
      (JSC::jsSpliceSubstringsWithSeparators):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127505 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      762e2c65
  10. 30 Aug, 2012 2 commits
    • ggaren@apple.com's avatar
      Use one object instead of two for closures, eliminating ScopeChainNode · b11e7874
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95501
      
      Reviewed by Filip Pizlo.
      
      ../JavaScriptCore: 
      
      This patch removes ScopeChainNode, and moves all the data and related
      functions that used to be in ScopeChainNode into JSScope.
      
      Most of this patch is mechanical changes to use a JSScope* where we used
      to use a ScopeChainNode*. I've only specifically commented about items
      that were non-mechanical.
      
      * runtime/Completion.cpp:
      (JSC::evaluate):
      * runtime/Completion.h: Don't require an explicit scope chain argument
      when evaluating code. Clients never wanted anything other than the
      global scope, and other arbitrary scopes probably wouldn't work
      correctly, anyway.
      
      * runtime/JSScope.cpp:
      * runtime/JSScope.h:
      (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
      ScopeChainNode, so it can link itself into the scope chain correctly.
      
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
      for specifically supplying your own scope chain. The DOM needs this
      interface for setting up the scope chain for certain event handlers.
      Other clients always just push the JSWithScope to the head of the current
      scope chain.
      
      ../WebCore: 
      
      Mechanical changes to update for JSC interface changes.
      
      ../WebKit/mac: 
      
      Mechanical change to update for JSC interface change.
      
      ../WebKit/qt: 
      
      Mechanical change to update for JSC interface change.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      ../WebKit2: 
      
      Mechanical changes to update for JSC interface change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b11e7874
    • benjamin@webkit.org's avatar
      Replace JSC::UString by WTF::String · cff06e46
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95271
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-08-30
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Having JSC::UString and WTF::String increase the complexity of working on WebKit, and
      add useless conversions in the bindings. It also cause some code bloat.
      
      The performance advantages of UString have been ported over in previous patches. This patch
      is the last step: getting rid of UString.
      
      In addition to the simplified code, this also reduce the binary size by 15kb on x86_64.
      
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::ustring):
      * runtime/Identifier.h:
      (JSC::Identifier::ustring):
      To avoid changing everything at once, the function named ustring() were kept as is. They
      will be renamed in a follow up patch.
      
      * runtime/JSString.h:
      (JSC::JSString::string):
      (JSC::JSValue::toWTFString):
      (JSC::inlineJSValueNotStringtoString):
      (JSC::JSValue::toWTFStringInline):
      Since JSValue::toString() already exist (and return the JSString), the direct accessor is renamed
      to ::toWTFString(). We may change ::string() to ::jsString() and ::toWTFString() to ::toString()
      in the future.
      
      * runtime/StringPrototype.cpp:
      (JSC::substituteBackreferencesSlow): Replace the use of UString::getCharacters<>() by String::getCharactersWithUpconvert<>().
      
      Source/WebCore: 
      
      Update the code to use String instead of UString.
      
      On x86_64, this reduces the binary size by 22kb.
      
      Since it is no longer possible to differenciate JSC::jsString() and WebCore::jsString() by the input
      types, WebCore::jsString() is renated to WebCore::jsStringWithCache().
      
      Since the cache is using a PtrHash, JSC::jsString() is used in place of the old WebCore::jsString() when
      the string is generated locally. This is because the cache can never match in those cases.
      
      Source/WebKit/blackberry: 
      
      Replace UString by String.
      
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      
      Source/WebKit/efl: 
      
      Replace UString by String.
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::sendWebIntentResponse):
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      
      Source/WebKit/gtk: 
      
      Replace UString by String.
      
      * gdom/ConvertToGCharPrivate.h:
      (copyAsGchar):
      
      Source/WebKit/mac: 
      
      Get rid of UString, replace it by String, and simplify the code when possible.
      
      On x86_64, this reduces the binary size by 7kb.
      
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame functionName]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.h:
      (WTF):
      (JSC):
      (WebScriptDebugger):
      * WebView/WebScriptDebugger.mm:
      (toNSURL):
      (WebScriptDebugger::sourceParsed):
      * WebView/WebView.mm:
      (aeDescFromJSValue):
      
      Source/WebKit/qt: 
      
      Replace UString by String.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      Source/WebKit/win: 
      
      Replace UString by String.
      
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      
      Source/WebKit/wx: 
      
      Update the #includes to use the correct types.
      
      * WebFrame.cpp:
      * WebView.cpp:
      
      Source/WebKit2: 
      
      Update to code to switch from UString to String.
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      
      Source/WTF: 
      
      * wtf/Platform.h: Useless edit to force a full build. This is needed for some bots for some reason.
      * wtf/text/WTFString.h: Export a symbol that was exported on UString and needed in WebCore.
      
      Add String::getCharactersWithUpconvert<>(), which is similar to String::getCharacters<>() but with the same
      behaviors as UString::getCharacters<>().
      
      String::getCharactersWithUpconvert<>() is useful when manipulating multiple strings, it allow writting code
      using 16bits characters if any of the input String is not 8bit.
      
      Tools: 
      
      Get rid of UString.
      
      * DumpRenderTree/efl/WorkQueueItemEfl.cpp:
      * gdb/webkit.py:
      (WTFStringPrinter.to_string):
      (JSCIdentifierPrinter.to_string):
      (JSCJSStringPrinter.to_string):
      (add_pretty_printers):
      
      Websites/webkit.org: 
      
      Update the coding style to avoid mentioning a class that no longer exist.
      
      * coding/coding-style.html:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127191 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cff06e46
  11. 23 Aug, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Change behavior of MasqueradesAsUndefined to better accommodate DFG changes · 3b9069ce
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=93884
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
      
      There are two primary changes that are taking place here. One is to thread the ExecState* through  
      JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's  
      JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two  
      are distinct, then the object cannot MasqueradeAsUndefined. 
      
      The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined 
      flag in the Structure is checked. For C++ code, this check has been factored into its own function in  
      Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has  
      had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed  
      through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers 
      that are MasqueradesAsUndefined.
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      * debugger/DebuggerCallFrame.h:
      (JSC::DebuggerCallFrame::callFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
      * runtime/JSString.h:
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC::jsIsObjectType):
      * runtime/Operations.h:
      (JSC):
      (JSC::JSValue::equalSlowCaseInline):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::globalObjectOffset):
      (JSC::Structure::masqueradesAsUndefined):
      (JSC):
      
      Source/WebCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
      
      Test: fast/js/document-all-between-frames.html
      
      All of the changes in WebCore are simply passing the additional ExecState argument to JSValue::toBoolean. 
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::exec):
      (WebCore):
      * bindings/js/JavaScriptCallFrame.h:
      (JavaScriptCallFrame):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::dumpIfTerminal):
      * bindings/scripts/CodeGeneratorJS.pm: Also add the custom create function for MasqueradesAsUndefined JS DOM wrappers. 
      (GenerateEventListenerCall):
      (GenerateHeader):
      (JSValueToNative):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::setJSTestObjCreate):
      (WebCore::setJSTestObjReflectedBooleanAttr):
      (WebCore::setJSTestObjReflectedCustomBooleanAttr):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      
      Source/WebKit/mac: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray): Passing ExecState to toBoolean call.
      
      Source/WebKit2: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant): Passing ExecState to toBoolean call.
      
      LayoutTests: 
      
      Added a test that uses a variety of ways of checking whether something is correctly 
      masquerading as undefined (or not) in a subframe.
      
      * fast/js/document-all-between-frames-expected.txt: Added.
      * fast/js/document-all-between-frames.html: Added.
      * fast/js/resources/document-all-between-frames-subframe.html: Added.
      * platform/chromium/TestExpectations: Chromium treats document.all differently, so skip our new test.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126494 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3b9069ce
  12. 15 Aug, 2012 2 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r125687. · 45974062
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/125687
      https://bugs.webkit.org/show_bug.cgi?id=94147
      
      It broke the whole world (Requested by Ossy_night on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-08-15
      
      Source/JavaScriptCore:
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      * debugger/DebuggerCallFrame.h:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      * runtime/JSString.h:
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC::jsIsObjectType):
      * runtime/Operations.h:
      (JSC):
      (JSC::JSValue::equalSlowCaseInline):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      * runtime/Structure.h:
      
      Source/WebCore:
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDirectoryEntryCustom.cpp:
      (WebCore::JSDirectoryEntry::getFile):
      (WebCore::JSDirectoryEntry::getDirectory):
      * bindings/js/JSDirectoryEntrySyncCustom.cpp:
      (WebCore::getFlags):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/JavaScriptCallFrame.cpp:
      * bindings/js/JavaScriptCallFrame.h:
      (JavaScriptCallFrame):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateEventListenerCall):
      (GenerateHeader):
      (JSValueToNative):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::setJSTestObjCreate):
      (WebCore::setJSTestObjReflectedBooleanAttr):
      (WebCore::setJSTestObjReflectedCustomBooleanAttr):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      
      Source/WebKit/mac:
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      
      LayoutTests:
      
      * fast/js/document-all-between-frames-expected.txt: Removed.
      * fast/js/document-all-between-frames.html: Removed.
      * fast/js/resources/document-all-between-frames-subframe.html: Removed.
      * platform/chromium/TestExpectations:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125711 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      45974062
    • mhahnenberg@apple.com's avatar
      Change behavior of MasqueradesAsUndefined to better accommodate DFG changes · 35d5455b
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=93884
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      There are two primary changes that are taking place here. One is to thread the ExecState* through 
      JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's 
      JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two 
      are distinct, then the object cannot MasqueradeAsUndefined.
      
      The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined
      flag in the Structure is checked. For C++ code, this check has been factored into its own function in 
      Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has 
      had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed 
      through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers
      that are MasqueradesAsUndefined.
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      * debugger/DebuggerCallFrame.h:
      (JSC::DebuggerCallFrame::callFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
      * runtime/JSString.h:
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC::jsIsObjectType):
      * runtime/Operations.h:
      (JSC):
      (JSC::JSValue::equalSlowCaseInline):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::globalObjectOffset):
      (JSC::Structure::masqueradesAsUndefined):
      (JSC):
      
      Source/WebCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      Test: fast/js/document-all-between-frames.html
      
      All of the changes in WebCore are simply passing the additional ExecState argument to JSValue::toBoolean.
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDirectoryEntryCustom.cpp:
      (WebCore::JSDirectoryEntry::getFile):
      (WebCore::JSDirectoryEntry::getDirectory):
      * bindings/js/JSDirectoryEntrySyncCustom.cpp:
      (WebCore::getFlags):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::exec):
      (WebCore):
      * bindings/js/JavaScriptCallFrame.h:
      (JavaScriptCallFrame):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/scripts/CodeGeneratorJS.pm: Also add the custom create function for MasqueradesAsUndefined JS DOM wrappers.
      (GenerateEventListenerCall):
      (GenerateHeader):
      (JSValueToNative):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::setJSTestObjCreate):
      (WebCore::setJSTestObjReflectedBooleanAttr):
      (WebCore::setJSTestObjReflectedCustomBooleanAttr):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      
      Source/WebKit/mac: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray): Passing ExecState to toBoolean call.
      
      Source/WebKit2: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant): Passing ExecState to toBoolean call.
      
      LayoutTests: 
      
      Added a test that uses a variety of ways of checking whether something is correctly 
      masquerading as undefined (or not) in a subframe.
      
      * fast/js/document-all-between-frames-expected.txt: Added.
      * fast/js/document-all-between-frames.html: Added.
      * fast/js/resources/document-all-between-frames-subframe.html: Added.
      * platform/chromium/TestExpectations: Chromium treats document.all differently, so skip our new test.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125687 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      35d5455b
  13. 18 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should have control flow graph simplification · 79c51ee1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84553
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115512 from dfgopt.
      
      This change gives the DFG the ability to simplify the control flow graph
      as part of an optimization fixpoint that includes CSE, CFA, and constant
      folding. This required a number of interesting changes including:
              
      - Solidifying the set of invariants that the DFG obeys. For example, the
        head and tail of each basic block must advertise the set of live locals
        and the set of available locals, respectively. It must do so by
        referring to the first access to the local in the block (for head) and
        the last one (for tail). This patch introduces the start of a
        validation step that may be turned on even with asserts disabled. To
        ensure that these invariants are preserved, I had to remove the
        redundant phi elimination phase. For now I just remove the call, but in
        the future we will probably remove it entirely unless we find a use for
        it.
              
      - Making it easier to get the boolean version of a JSValue. This is a
        pure operation, but we previously did not treat it as such.
              
      - Fixing the merging and filtering of AbstractValues that correspond to
        concrete JSValues. This was previously broken and was limiting the
        effect of running constant folding. Fixing this meant that I had to
        change how constant folding eliminates GetLocal nodes, so as to ensure
        that the resulting graph still obeys DFG rules.
              
      - Introducing simplified getters for some of the things that DFG phases
        want to know about, like the Nth child of a node (now just
        graph.child(...) if you don't care about performance too much) or
        getting successors of a basic block.
              
      The current CFG simplifier can handle almost all of the cases that it
      ought to handle; the noteworthy one that is not yet handled is removing
      basic blocks that just have jumps. To do this right we need to be able
      to remove jump-only blocks that also perform keep-alive on some values.
      To make this work, we need to be able to hoist the keep-alive into (or
      just above) a Branch. This is not fundamentally difficult but I opted to
      let this patch omit this optimization. We can handle this later.
              
      This is a big win on programs that include inline functions that are
      often called with constant arguments. Of course, SunSpider, V8, and
      Kraken don't count. Those benchmarks are completely neutral with this
      change.
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
      * bytecode/Operands.h:
      (JSC::Operands::setOperandFirstTime):
      (Operands):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::isClear):
      (JSC::DFG::AbstractValue::operator!=):
      (JSC::DFG::AbstractValue::merge):
      (JSC::DFG::AbstractValue::filter):
      (JSC::DFG::AbstractValue::validateIgnoringValue):
      (AbstractValue):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::child):
      (JSC::DFG::AdjacencyList::setChild):
      (AdjacencyList):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::~BasicBlock):
      (BasicBlock):
      (JSC::DFG::BasicBlock::numNodes):
      (JSC::DFG::BasicBlock::nodeIndex):
      (JSC::DFG::BasicBlock::isPhiIndex):
      (JSC::DFG::BasicBlock::isInPhis):
      (JSC::DFG::BasicBlock::isInBlock):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (DFG):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::run):
      (JSC::DFG::CFAPhase::performBlockCFA):
      (JSC::DFG::performCFA):
      * dfg/DFGCFAPhase.h:
      (DFG):
      * dfg/DFGCFGSimplificationPhase.cpp: Added.
      (DFG):
      (CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::killUnreachable):
      (JSC::DFG::CFGSimplificationPhase::findOperandSource):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
      (OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
      (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      (JSC::DFG::performCFGSimplification):
      * dfg/DFGCFGSimplificationPhase.h: Added.
      (DFG):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::run):
      (CSEPhase):
      (JSC::DFG::CSEPhase::impureCSE):
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::checkStructureLoadElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      (JSC::DFG::CSEPhase::performBlockCSE):
      (JSC::DFG::performCSE):
      * dfg/DFGCSEPhase.h:
      (DFG):
      * dfg/DFGCommon.h:
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      (JSC::DFG::performConstantFolding):
      * dfg/DFGConstantFoldingPhase.h:
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.h:
      (Edge):
      (JSC::DFG::Edge::operator UnspecifiedBoolType*):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupBlock):
      (JSC::DFG::performFixup):
      * dfg/DFGFixupPhase.h:
      (DFG):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::handleSuccessor):
      (DFG):
      (JSC::DFG::Graph::determineReachability):
      (JSC::DFG::Graph::resetReachability):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::deref):
      (JSC::DFG::Graph::changeIndex):
      (Graph):
      (JSC::DFG::Graph::changeEdge):
      (JSC::DFG::Graph::numSuccessors):
      (JSC::DFG::Graph::successor):
      (JSC::DFG::Graph::successorForCondition):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      (JSC::DFG::Graph::numChildren):
      (JSC::DFG::Graph::child):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToConstant):
      (JSC::DFG::Node::numSuccessors):
      (Node):
      (JSC::DFG::Node::successor):
      (JSC::DFG::Node::successorForCondition):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGPhase.h:
      (JSC::DFG::runPhase):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::run):
      (JSC::DFG::performPredictionPropagation):
      * dfg/DFGPredictionPropagationPhase.h:
      (DFG):
      * dfg/DFGRedundantPhiEliminationPhase.cpp:
      (JSC::DFG::RedundantPhiEliminationPhase::run):
      (JSC::DFG::performRedundantPhiElimination):
      * dfg/DFGRedundantPhiEliminationPhase.h:
      (DFG):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::use):
      (ScoreBoard):
      (JSC::DFG::ScoreBoard::useIfHasResult):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::createOSREntries):
      (JSC::DFG::SpeculativeJIT::linkOSREntries):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileRegExpExec):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::nextBlock):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::jump):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp: Added.
      (DFG):
      (Validate):
      (JSC::DFG::Validate::Validate):
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::reportValidationContext):
      (JSC::DFG::Validate::dumpData):
      (JSC::DFG::Validate::dumpGraphIfAppropriate):
      (JSC::DFG::validate):
      * dfg/DFGValidate.h: Added.
      (DFG):
      (JSC::DFG::validate):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      (JSC::DFG::performVirtualRegisterAllocation):
      * dfg/DFGVirtualRegisterAllocationPhase.h:
      (DFG):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      * runtime/JSString.cpp:
      (JSC::JSString::toBoolean):
      * runtime/JSString.h:
      (JSString):
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      
      Source/WebCore: 
      
      Reviewed by Oliver Hunt.
      
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      No new tests, because no new behavior.
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDirectoryEntryCustom.cpp:
      (WebCore::JSDirectoryEntry::getFile):
      (WebCore::JSDirectoryEntry::getDirectory):
      * bindings/js/JSDirectoryEntrySyncCustom.cpp:
      (WebCore::getFlags):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::JSInspectorFrontendHost::showContextMenu):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateEventListenerCall):
      (GenerateImplementation):
      (JSValueToNative):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      
      Source/WebKit/mac: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      
      Source/WebKit2: 
      
      Reviewed by Oliver Hunt.
      
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117646 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      79c51ee1
  14. 11 May, 2012 1 commit
    • barraclough@apple.com's avatar
      Introduce PropertyName class · 38d3c75b
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86241
      
      Reviewed by Geoff Garen.
      
      Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
      This change paves the way to allow for properties keyed by values that are not Identifiers.
      
      This change is largely a mechanical find & replace.
      It also changes JSFunction's constructor to take a UString& instead of an Identifier&
      (since in some cases we can no longer guarantee that we'lll have an Identifier), and
      unifies Identifier's methods to obtain array indices onto PropertyName.
      
      The new PropertyName class retains the ability to support .impl() and .ustring(), but
      in a future patch we may need to rework this, since not all PropertyNames should be
      equal based on their string representation.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlot):
      (JSC::::getOwnPropertyDescriptor):
      (JSC::::put):
      (JSC::::deleteProperty):
      (JSC::::getStaticValue):
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertySlot):
      (JSC::DebuggerActivation::put):
      (JSC::DebuggerActivation::putDirectVirtual):
      (JSC::DebuggerActivation::deleteProperty):
      (JSC::DebuggerActivation::getOwnPropertyDescriptor):
      (JSC::DebuggerActivation::defineOwnProperty):
      * debugger/DebuggerActivation.h:
      (DebuggerActivation):
      * jsc.cpp:
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      (ArrayConstructor):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      (JSC::putProperty):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      (BooleanPrototype):
      * runtime/ClassInfo.h:
      (MethodTable):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      (DateConstructor):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::getOwnPropertySlot):
      (JSC::DatePrototype::getOwnPropertyDescriptor):
      * runtime/DatePrototype.h:
      (DatePrototype):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      (ErrorPrototype):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      (FunctionPrototype):
      * runtime/Identifier.cpp:
      (JSC):
      * runtime/Identifier.h:
      (Identifier):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::deleteProperty):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      * runtime/JSArray.h:
      (JSArray):
      (JSC):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSBoundFunction.h:
      (JSBoundFunction):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnPropertySlot):
      (JSC::JSCell::put):
      (JSC::JSCell::deleteProperty):
      (JSC::JSCell::putDirectVirtual):
      (JSC::JSCell::defineOwnProperty):
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::argumentsGetter):
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::lengthGetter):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::put):
      (JSC::JSFunction::deleteProperty):
      (JSC::JSFunction::defineOwnProperty):
      (JSC::getCalculatedDisplayName):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      (JSC::JSGlobalObject::symbolTableHasProperty):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::getOwnPropertySlot):
      (JSC::JSNotAnObject::getOwnPropertyDescriptor):
      (JSC::JSNotAnObject::put):
      (JSC::JSNotAnObject::deleteProperty):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::getOwnPropertySlot):
      (JSC::JSONObject::getOwnPropertyDescriptor):
      * runtime/JSONObject.h:
      (JSONObject):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::hasProperty):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::hasOwnProperty):
      (JSC::callDefaultValueFunction):
      (JSC::JSObject::findPropertyHashEntry):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::JSObject::getPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectLocation):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::getOwnPropertySlot):
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSObject::getPropertySlot):
      (JSC::JSObject::get):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::JSValue::get):
      (JSC::JSValue::put):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSStaticScopeObject.h:
      (JSStaticScopeObject):
      * runtime/JSString.cpp:
      (JSC::JSString::getOwnPropertySlot):
      (JSC::JSString::getStringPropertyDescriptor):
      * runtime/JSString.h:
      (JSString):
      (JSC::JSString::getStringPropertySlot):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/JSValue.h:
      (JSC):
      (JSValue):
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::deleteProperty):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::putDirectVirtual):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::symbolTablePut):
      (JSC::JSVariableObject::symbolTablePutWithAttributes):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::entry):
      (JSC):
      (JSC::getStaticPropertySlot):
      (JSC::getStaticPropertyDescriptor):
      (JSC::getStaticFunctionSlot):
      (JSC::getStaticFunctionDescriptor):
      (JSC::getStaticValueSlot):
      (JSC::getStaticValueDescriptor):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::getOwnPropertySlot):
      (JSC::MathObject::getOwnPropertyDescriptor):
      * runtime/MathObject.h:
      (MathObject):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC):
      (JSC::NumberConstructor::finishCreation):
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      (JSC::NumberConstructor::put):
      (JSC::numberConstructorNaNValue):
      (JSC::numberConstructorNegInfinity):
      (JSC::numberConstructorPosInfinity):
      (JSC::numberConstructorMaxValue):
      (JSC::numberConstructorMinValue):
      * runtime/NumberConstructor.h:
      (NumberConstructor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      (NumberPrototype):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::ObjectConstructor::getOwnPropertySlot):
      (JSC::ObjectConstructor::getOwnPropertyDescriptor):
      * runtime/ObjectConstructor.h:
      (ObjectConstructor):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::defineOwnProperty):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertySlot.h:
      (PropertySlot):
      (JSC::PropertySlot::getValue):
      * runtime/RegExpConstructor.cpp:
      (JSC):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::RegExpConstructor::getOwnPropertySlot):
      (JSC::RegExpConstructor::getOwnPropertyDescriptor):
      (JSC::regExpConstructorDollar1):
      (JSC::regExpConstructorDollar2):
      (JSC::regExpConstructorDollar3):
      (JSC::regExpConstructorDollar4):
      (JSC::regExpConstructorDollar5):
      (JSC::regExpConstructorDollar6):
      (JSC::regExpConstructorDollar7):
      (JSC::regExpConstructorDollar8):
      (JSC::regExpConstructorDollar9):
      (JSC::regExpConstructorInput):
      (JSC::regExpConstructorMultiline):
      (JSC::regExpConstructorLastMatch):
      (JSC::regExpConstructorLastParen):
      (JSC::regExpConstructorLeftContext):
      (JSC::regExpConstructorRightContext):
      (JSC::RegExpConstructor::put):
      * runtime/RegExpConstructor.h:
      (RegExpConstructor):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertySlot):
      (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
      (JSC::RegExpMatchesArray::put):
      (JSC::RegExpMatchesArray::deleteProperty):
      (JSC::RegExpMatchesArray::defineOwnProperty):
      * runtime/RegExpObject.cpp:
      (JSC):
      (JSC::RegExpObject::getOwnPropertySlot):
      (JSC::RegExpObject::getOwnPropertyDescriptor):
      (JSC::RegExpObject::deleteProperty):
      (JSC::RegExpObject::defineOwnProperty):
      (JSC::regExpObjectGlobal):
      (JSC::regExpObjectIgnoreCase):
      (JSC::regExpObjectMultiline):
      (JSC::regExpObjectSource):
      (JSC::RegExpObject::put):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      (RegExpPrototype):
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::deleteProperty):
      * runtime/StrictEvalActivation.h:
      (StrictEvalActivation):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      (StringConstructor):
      * runtime/StringObject.cpp:
      (JSC::StringObject::getOwnPropertySlot):
      (JSC::StringObject::getOwnPropertyDescriptor):
      (JSC::StringObject::put):
      (JSC::StringObject::defineOwnProperty):
      (JSC::StringObject::deleteProperty):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::getOwnPropertySlot):
      (JSC::StringPrototype::getOwnPropertyDescriptor):
      * runtime/StringPrototype.h:
      (StringPrototype):
      * runtime/Structure.cpp:
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::get):
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::cssPropertyIDForJSCSSPropertyName):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertyDescriptorDelegate):
      (WebCore::JSCSSStyleDeclaration::putDelegate):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::findAtomicString):
      (WebCore::objectToStringFunctionGetter):
      * bindings/js/JSDOMBinding.h:
      (WebCore):
      (WebCore::propertyNameToString):
      (WebCore::propertyNameToAtomicString):
      * bindings/js/JSDOMMimeTypeArrayCustom.cpp:
      (WebCore::JSDOMMimeTypeArray::canGetItemsForName):
      (WebCore::JSDOMMimeTypeArray::nameGetter):
      * bindings/js/JSDOMPluginArrayCustom.cpp:
      (WebCore::JSDOMPluginArray::canGetItemsForName):
      (WebCore::JSDOMPluginArray::nameGetter):
      * bindings/js/JSDOMPluginCustom.cpp:
      (WebCore::JSDOMPlugin::canGetItemsForName):
      (WebCore::JSDOMPlugin::nameGetter):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::canGetItemsForName):
      (WebCore::JSDOMStringMap::nameGetter):
      (WebCore::JSDOMStringMap::deleteProperty):
      (WebCore::JSDOMStringMap::putDelegate):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::nonCachingStaticFunctionGetter):
      (WebCore::childFrameGetter):
      (WebCore::namedItemGetter):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindow::put):
      (WebCore::JSDOMWindow::deleteProperty):
      (WebCore::JSDOMWindow::defineOwnProperty):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlot):
      (WebCore::JSDOMWindowShell::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindowShell::put):
      (WebCore::JSDOMWindowShell::putDirectVirtual):
      (WebCore::JSDOMWindowShell::defineOwnProperty):
      (WebCore::JSDOMWindowShell::deleteProperty):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHTMLAllCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::callHTMLAllCollection):
      (WebCore::JSHTMLAllCollection::canGetItemsForName):
      (WebCore::JSHTMLAllCollection::nameGetter):
      (WebCore::JSHTMLAllCollection::item):
      * bindings/js/JSHTMLAppletElementCustom.cpp:
      (WebCore::JSHTMLAppletElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLAppletElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLAppletElement::putDelegate):
      * bindings/js/JSHTMLCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::JSHTMLCollection::canGetItemsForName):
      (WebCore::JSHTMLCollection::nameGetter):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::canGetItemsForName):
      (WebCore::JSHTMLDocument::nameGetter):
      * bindings/js/JSHTMLEmbedElementCustom.cpp:
      (WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLEmbedElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLEmbedElement::putDelegate):
      * bindings/js/JSHTMLFormElementCustom.cpp:
      (WebCore::JSHTMLFormElement::canGetItemsForName):
      (WebCore::JSHTMLFormElement::nameGetter):
      * bindings/js/JSHTMLFrameSetElementCustom.cpp:
      (WebCore::JSHTMLFrameSetElement::canGetItemsForName):
      (WebCore::JSHTMLFrameSetElement::nameGetter):
      * bindings/js/JSHTMLObjectElementCustom.cpp:
      (WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLObjectElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLObjectElement::putDelegate):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::nonCachingStaticBackFunctionGetter):
      (WebCore::nonCachingStaticForwardFunctionGetter):
      (WebCore::nonCachingStaticGoFunctionGetter):
      (WebCore::JSHistory::getOwnPropertySlotDelegate):
      (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHistory::putDelegate):
      (WebCore::JSHistory::deleteProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::nonCachingStaticReplaceFunctionGetter):
      (WebCore::nonCachingStaticReloadFunctionGetter):
      (WebCore::nonCachingStaticAssignFunctionGetter):
      (WebCore::JSLocation::getOwnPropertySlotDelegate):
      (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
      (WebCore::JSLocation::putDelegate):
      (WebCore::JSLocation::deleteProperty):
      (WebCore::JSLocation::defineOwnProperty):
      (WebCore::JSLocationPrototype::putDelegate):
      (WebCore::JSLocationPrototype::defineOwnProperty):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::canGetItemsForName):
      (WebCore::JSNamedNodeMap::nameGetter):
      * bindings/js/JSNodeListCustom.cpp:
      (WebCore::JSNodeList::canGetItemsForName):
      (WebCore::JSNodeList::nameGetter):
      * bindings/js/JSPluginElementFunctions.cpp:
      (WebCore::runtimeObjectPropertyGetter):
      (WebCore::runtimeObjectCustomGetOwnPropertySlot):
      (WebCore::runtimeObjectCustomGetOwnPropertyDescriptor):
      (WebCore::runtimeObjectCustomPut):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::canGetItemsForName):
      (WebCore::JSStorage::nameGetter):
      (WebCore::JSStorage::deleteProperty):
      (WebCore::JSStorage::putDelegate):
      * bindings/js/JSStyleSheetListCustom.cpp:
      (WebCore::JSStyleSheetList::canGetItemsForName):
      (WebCore::JSStyleSheetList::nameGetter):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::getOwnPropertySlotDelegate):
      (WebCore::JSWorkerContext::getOwnPropertyDescriptorDelegate):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertySlotBody):
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_class.h:
      (CClass):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      (JSC::Bindings::CInstance::getMethod):
      * bridge/c/c_instance.h:
      (CInstance):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::methodsNamed):
      (JavaClass::fieldNamed):
      * bridge/jni/jsc/JavaClassJSC.h:
      (JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaRuntimeMethod::create):
      (JavaRuntimeMethod::finishCreation):
      * bridge/jni/jsc/JavaInstanceJSC.h:
      (JavaInstance):
      * bridge/jsc/BridgeJSC.h:
      (Class):
      (JSC::Bindings::Class::fallbackObject):
      (JSC::Bindings::Instance::setValueOfUndefinedField):
      (Instance):
      (JSC::Bindings::Instance::getOwnPropertySlot):
      (JSC::Bindings::Instance::getOwnPropertyDescriptor):
      (JSC::Bindings::Instance::put):
      * bridge/objc/objc_class.h:
      (ObjcClass):
      * bridge/objc/objc_class.mm:
      (JSC::Bindings::ObjcClass::methodsNamed):
      (JSC::Bindings::ObjcClass::fieldNamed):
      (JSC::Bindings::ObjcClass::fallbackObject):
      * bridge/objc/objc_instance.h:
      (ObjcInstance):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::finishCreation):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::create):
      (JSC::Bindings::ObjcFallbackObjectImp::propertyName):
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertyDescriptor):
      (JSC::Bindings::ObjcFallbackObjectImp::put):
      (JSC::Bindings::callObjCFallbackObject):
      (JSC::Bindings::ObjcFallbackObjectImp::deleteProperty):
      (JSC::Bindings::ObjcFallbackObjectImp::defaultValue):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::lengthGetter):
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertyDescriptor):
      (JSC::RuntimeArray::put):
      (JSC::RuntimeArray::deleteProperty):
      * bridge/runtime_array.h:
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      (JSC::RuntimeMethod::lengthGetter):
      (JSC::RuntimeMethod::getOwnPropertySlot):
      (JSC::RuntimeMethod::getOwnPropertyDescriptor):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
      (JSC::Bindings::RuntimeObject::fieldGetter):
      (JSC::Bindings::RuntimeObject::methodGetter):
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      (JSC::Bindings::RuntimeObject::getOwnPropertyDescriptor):
      (JSC::Bindings::RuntimeObject::put):
      (JSC::Bindings::RuntimeObject::deleteProperty):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/ProxyInstance.h:
      (ProxyInstance):
      * Plugins/Hosted/ProxyInstance.mm:
      (ProxyClass):
      (WebKit::ProxyClass::methodsNamed):
      (WebKit::ProxyClass::fieldNamed):
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getMethod):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (JSNPObject):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116828 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      38d3c75b
  15. 17 Apr, 2012 1 commit
    • barraclough@apple.com's avatar
      Array.prototype.toString should be generic · 364138ec
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=81588
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncToString):
          - check for join function, use fast case if base object is array & join is present & default.
      * runtime/CommonIdentifiers.h:
          - added 'join'.
      
      LayoutTests: 
      
      * fast/js/array-functions-non-arrays-expected.txt:
          - check in new results
      * fast/js/array-prototype-properties-expected.txt:
          - new more detailed error message.
      * fast/js/script-tests/array-functions-non-arrays.js:
          - added new test cases, fix incorrect one.
      * sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.2_Array_prototype_toString/S15.4.4.2_A2_T1-expected.txt:
          - check in failing result (test is wrong)
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114405 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      364138ec
  16. 13 Apr, 2012 2 commits
  17. 05 Apr, 2012 2 commits
    • benjamin@webkit.org's avatar
      Speed up the conversion from JSValue to String for bulk operations · 8063cc71
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=83243
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-04-05
      Reviewed by Geoffrey Garen.
      
      When making operations on primitive types, we loose some time converting
      values to JSString in order to extract the string.
      
      This patch speeds up some basic Array operations by avoiding the creation
      of intermediary JSString when possible.
      
      For the cases where we need to convert a lot of JSValue in a tight loop,
      an inline conversion is used.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncToLocaleString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncSort):
      * runtime/CommonIdentifiers.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::sort):
      * runtime/JSString.h:
      (JSC::JSValue::toUString):
      (JSC):
      (JSC::inlineJSValueNotStringtoUString):
      (JSC::JSValue::toUStringInline):
      * runtime/JSValue.cpp:
      (JSC::JSValue::toUStringSlowCase):
      (JSC):
      * runtime/JSValue.h:
      (JSValue):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113396 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8063cc71
    • benjamin@webkit.org's avatar
      Make something faster than JSStringBuilder for joining an array of JSValue · 7be398bf
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=83180
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-04-05
      Reviewed by Geoffrey Garen.
      
      This patch add the class JSStringJoiner optimized for join() operations.
      
      This class makes stricter constraints than JSStringBuilder in order avoid
      memory allocations.
      
      In the best case, the class allocate memory only twice:
      -Allocate an array to keep a list of UString to join.
      -Allocate the final string.
      
      We also avoid the conversion from 8bits strings to 16bits strings since
      they are costly and unlikly to help for subsequent calls.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncToLocaleString):
      (JSC::arrayProtoFuncJoin):
      * runtime/JSStringJoiner.cpp: Added.
      (JSC):
      (JSC::appendStringToData):
      (JSC::joinStrings):
      (JSC::JSStringJoiner::build):
      * runtime/JSStringJoiner.h: Added.
      (JSC):
      (JSStringJoiner):
      (JSC::JSStringJoiner::JSStringJoiner):
      (JSC::JSStringJoiner::append):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113355 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7be398bf
  18. 22 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      Add JSValue::isFunction · 484a9d31
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=81935
      
      Reviewed by Geoff Garen.
      
      This would be useful in the WebCore bindings code.
      Also, remove asFunction, replace with jsCast<JSFunction*>.
      
      Source/JavaScriptCore: 
      
      * API/JSContextRef.cpp:
      * debugger/Debugger.cpp:
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::functionName):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueOfFunctionConstant):
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::isInlineCallFrameSlow):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreation):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncToString):
      * runtime/JSArray.cpp:
      (JSC::JSArray::sort):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::argumentsGetter):
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::lengthGetter):
      * runtime/JSFunction.h:
      (JSC):
      (JSC::asJSFunction):
      (JSC::JSValue::isFunction):
      * runtime/JSGlobalData.cpp:
      (WTF::Recompiler::operator()):
      (JSC::JSGlobalData::releaseExecutableMemory):
      * runtime/JSValue.h:
      * runtime/StringPrototype.cpp:
      (JSC::replaceUsingRegExpSearch):
      
      Source/WebCore: 
      
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::JSInjectedScriptHost::functionDetails):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@111739 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      484a9d31
  19. 09 Mar, 2012 1 commit
  20. 07 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      Array.prototype functions should throw if delete fails · 1052f503
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80467
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
      In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
      in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
      one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
      routines, for handling arrays with holes. These three copies should be unified.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::shift):
      (JSC::unshift):
          - Added - shared copies of the shift/unshift functionality.
      (JSC::arrayProtoFuncPop):
          - should throw if the delete fails.
      (JSC::arrayProtoFuncReverse):
          - should throw if the delete fails.
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
          - use shift/unshift.
      * runtime/JSArray.cpp:
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
          - Don't try to handle arrays with holes; return a value indicating
            the generic routine should be used instead.
      * runtime/JSArray.h:
          - declaration for shiftCount/unshiftCount changed.
      * tests/mozilla/js1_6/Array/regress-304828.js:
          - this was asserting incorrect behaviour.
      
      LayoutTests: 
      
      * fast/js/mozilla/strict/15.4.4.12-expected.txt:
      * fast/js/mozilla/strict/15.4.4.13-expected.txt:
      * fast/js/mozilla/strict/15.4.4.6-expected.txt:
      * fast/js/mozilla/strict/15.4.4.8-expected.txt:
      * fast/js/mozilla/strict/15.4.4.9-expected.txt:
          - check in passing test results.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@110026 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1052f503
  21. 06 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      putByIndex should throw in strict mode · b1db28d8
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80335
      
      Reviewed by Filip Pizlo.
      
      Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
      
      Source/JavaScriptCore: 
      
      This is a largely mechanical change, simply adding an extra parameter to a number
      of functions. Some call sites need perform additional exception checks, and
      operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
      
      This patch doesn't fix a missing throw from some cases of shift/unshift (this is
      an existing bug), I'll follow up with a third patch to handle that.
      
      * API/JSObjectRef.cpp:
      (JSObjectSetPropertyAtIndex):
      * JSCTypedArrayStubs.h:
      (JSC):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      * runtime/ClassInfo.h:
      (MethodTable):
      * runtime/JSArray.cpp:
      (JSC::SparseArrayValueMap::put):
      (JSC::JSArray::put):
      (JSC::JSArray::putByIndex):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      * runtime/JSArray.h:
      (SparseArrayValueMap):
      (JSArray):
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::putByIndex):
      * runtime/JSByteArray.h:
      (JSByteArray):
      * runtime/JSCell.cpp:
      (JSC::JSCell::putByIndex):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::putByIndex):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putByIndex):
      * runtime/JSObject.h:
      (JSC::JSValue::putByIndex):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpMatchesArray::fillArrayInstance):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::putByIndex):
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncSplit):
      
      Source/WebCore: 
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::putProperty):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/NP_jsobject.cpp:
      (_NPN_SetProperty):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::setSlot):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::putByIndex):
      * bridge/runtime_array.h:
      (RuntimeArray):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::setProperty):
      
      LayoutTests: 
      
      * fast/js/Object-defineProperty-expected.txt:
      * fast/js/mozilla/strict/15.4.4.12-expected.txt:
      * fast/js/mozilla/strict/15.4.4.13-expected.txt:
      * fast/js/mozilla/strict/15.4.4.8-expected.txt:
      * fast/js/mozilla/strict/15.4.4.9-expected.txt:
      * fast/js/mozilla/strict/15.5.5.2-expected.txt:
      * fast/js/mozilla/strict/8.12.5-expected.txt:
      * fast/js/preventExtensions-expected.txt:
      * fast/js/primitive-property-access-edge-cases-expected.txt:
          - Checking in passing test results.
      * fast/js/script-tests/Object-defineProperty.js:
          - Added test cases for putting to numeric properties where property is read-only,
            length is read-only, or property is accessor with missing set function.
      * fast/js/script-tests/preventExtensions.js:
          - Added test case, putting numeric property to non-extensible array.
      * fast/js/script-tests/primitive-property-access-edge-cases.js:
          - Enabled test cases for putting numeric properties to primitive strings.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109866 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b1db28d8
  22. 03 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      Split JSArray's [[Put]] & [[DefineOwnProperty]] traps. · cd37404e
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80217
      
      Reviewed by Filip Pizlo.
      
      putByIndex() provides similar behavior to put(), but for indexed property names.
      Many places in ArrayPrototype call putByIndex() where they really mean to call
      [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
      calling numeric accessors (& respecting numeric read only properties) on the
      prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
      putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::reject):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::JSArray::defineOwnNumericProperty):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::putDirectIndexBeyondVectorLength):
      * runtime/JSArray.h:
      (SparseArrayValueMap):
      (JSArray):
      (JSC::JSArray::putDirectIndex):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109673 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd37404e
  23. 24 Jan, 2012 2 commits
    • ggaren@apple.com's avatar
      JSValue::toString() should return a JSString* instead of a UString · 511464d4
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=76861
      
      Source/JavaScriptCore: 
      
      Fixed two failing layout tests after my last patch.
      
      Reviewed by Gavin Barraclough.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
      in all other cases.
              
      I missed this case because the JSString* type has a valid operator<,
      so the compiler didn't complain.
      
      LayoutTests: 
      
      Reviewed by Gavin Barraclough.
              
      Added a unit test for something I got wrong while writing this patch.
      
      * fast/js/add-to-primitive-expected.txt: Added.
      * fast/js/add-to-primitive.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105811 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      511464d4
    • ggaren@apple.com's avatar
      JSValue::toString() should return a JSString* instead of a UString · 64be5e90
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=76861
      
      ../JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      This makes the common case -- toString() on a string -- faster and
      inline-able. (Not a measureable speedup, but we can now remove a bunch
      of duplicate hand-rolled code for this optimization.)
              
      This also clarifies the boundary between "C++ strings" and "JS strings".
              
      In all cases other than true, false, null, undefined, and multi-digit
      numbers, the JS runtime was just retrieving a UString from a JSString,
      so returning a JSString* is strictly better. In the other cases, we can
      optimize to avoid creating a new JSString if we care to, but it doesn't
      seem to be a big deal.
      
      * JavaScriptCore.exp: Export!
              
      * jsc.cpp:
      (functionPrint):
      (functionDebug):
      (functionRun):
      (functionLoad):
      (functionCheckSyntax):
      (runWithScripts):
      (runInteractive):
      * API/JSValueRef.cpp:
      (JSValueToStringCopy):
      * bytecode/CodeBlock.cpp:
      (JSC::valueToSourceString): Call value() after calling toString(), to
      convert from "JS string" (JSString*) to "C++ string" (UString), since
      toString() no longer returns a "C++ string".
      
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationValueAddNotNumber):
      * jit/JITStubs.cpp:
      (op_add): Updated for removal of toPrimitiveString():
      all '+' operands can use toString(), except for object operands, which
      need to take a slow path to call toPrimitive().
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncToLocaleString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncPush):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/DateConstructor.cpp:
      (JSC::dateParse):
      * runtime/DatePrototype.cpp:
      (JSC::formatLocaleDate): Call value() after calling toString(), as above.
      
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::create): Simplified down to one canonical create()
      function, to make string handling easier.
      
      * runtime/ErrorPrototype.cpp:
      (JSC::errorProtoFuncToString):
      * runtime/ExceptionHelpers.cpp:
      (JSC::createInvalidParamError):
      (JSC::createNotAConstructorError):
      (JSC::createNotAFunctionError):
      (JSC::createNotAnObjectError):
      * runtime/FunctionConstructor.cpp:
      (JSC::constructFunctionSkippingEvalEnabledCheck):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/JSArray.cpp:
      (JSC::JSArray::sort): Call value() after calling toString(), as above.
      
      * runtime/JSCell.cpp:
      * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
      job now. Doing it in JSCell is slower (requires extra type checking), and
      creates the misimpression that language-defined toString() behavior is
      an implementation detail of JSCell.
              
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::encode):
      (JSC::decode):
      (JSC::globalFuncEval):
      (JSC::globalFuncParseInt):
      (JSC::globalFuncParseFloat):
      (JSC::globalFuncEscape):
      (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
      
      * runtime/JSONObject.cpp:
      (JSC::unwrapBoxedPrimitive):
      (JSC::Stringifier::Stringifier):
      (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
      takes care of.
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::toString):
      * runtime/JSObject.h: Updated to return JSString*.
      
      * runtime/JSString.cpp:
      * runtime/JSString.h:
      (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
      
      * runtime/JSValue.cpp:
      (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
      spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
      basically did what we want all the time. (Note that the toPrimitive()
      preference changes from NoPreference to PreferString, because that's
      how ToString is defined in the language. op_add does not want this behavior.)
      
      * runtime/NumberPrototype.cpp:
      (JSC::numberProtoFuncToString):
      (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
      returns a JSString*.
      
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorDefineProperty):
      * runtime/ObjectPrototype.cpp:
      (JSC::objectProtoFuncHasOwnProperty):
      (JSC::objectProtoFuncDefineGetter):
      (JSC::objectProtoFuncDefineSetter):
      (JSC::objectProtoFuncLookupGetter):
      (JSC::objectProtoFuncLookupSetter):
      (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
      
      * runtime/Operations.cpp:
      (JSC::jsAddSlowCase): Need to check for object before taking the toString()
      fast path becuase adding an object to a string requires calling toPrimitive()
      on the object, not toString(). (They differ in their preferred conversion
      type.)
      
      * runtime/Operations.h:
      (JSC::jsString):
      (JSC::jsStringFromArguments): This code gets simpler, now that toString()
      does the right thing.
      
      (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
      
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorInput):
      (JSC::constructRegExp):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::match):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      (JSC::regExpProtoFuncToString): More calls to value(), as above.
      
      * runtime/StringConstructor.cpp:
      (JSC::constructWithStringConstructor):
      (JSC::callStringConstructor): This code gets simpler, now that toString()
      does the right thing.
      
      * runtime/StringPrototype.cpp:
      (JSC::replaceUsingRegExpSearch):
      (JSC::replaceUsingStringSearch):
      (JSC::stringProtoFuncReplace):
      (JSC::stringProtoFuncCharAt):
      (JSC::stringProtoFuncCharCodeAt):
      (JSC::stringProtoFuncConcat):
      (JSC::stringProtoFuncIndexOf):
      (JSC::stringProtoFuncLastIndexOf):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSlice):
      (JSC::stringProtoFuncSplit):
      (JSC::stringProtoFuncSubstr):
      (JSC::stringProtoFuncSubstring):
      (JSC::stringProtoFuncToLowerCase):
      (JSC::stringProtoFuncToUpperCase):
      (JSC::stringProtoFuncLocaleCompare):
      (JSC::stringProtoFuncBig):
      (JSC::stringProtoFuncSmall):
      (JSC::stringProtoFuncBlink):
      (JSC::stringProtoFuncBold):
      (JSC::stringProtoFuncFixed):
      (JSC::stringProtoFuncItalics):
      (JSC::stringProtoFuncStrike):
      (JSC::stringProtoFuncSub):
      (JSC::stringProtoFuncSup):
      (JSC::stringProtoFuncFontcolor):
      (JSC::stringProtoFuncFontsize):
      (JSC::stringProtoFuncAnchor):
      (JSC::stringProtoFuncLink):
      (JSC::trimString): Some of this code gets simpler, now that toString()
      does the right thing. More calls to value(), as above.
      
      ../JavaScriptGlue: 
      
      Reviewed by Gavin Barraclough.
      
      * JSUtils.cpp:
      (KJSValueToCFTypeInternal):
      
      ../WebCore: 
      
      Reviewed by Gavin Barraclough.
      
      Mechanical changes to call value() after calling toString(), to
      convert from "JS string" (JSString*) to "C++ string" (UString), since
      toString() no longer returns a "C++ string".
      
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::createIDBKeyFromValue):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::getPropertyCSSValue):
      * bindings/js/JSClipboardCustom.cpp:
      (WebCore::JSClipboard::clearData):
      (WebCore::JSClipboard::getData):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::valueToStringWithNullCheck):
      (WebCore::valueToStringWithUndefinedOrNullCheck):
      (WebCore::reportException):
      * bindings/js/JSDOMFormDataCustom.cpp:
      (WebCore::JSDOMFormData::append):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::putDelegate):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::setLocation):
      (WebCore::JSDOMWindow::open):
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDocumentCustom.cpp:
      (WebCore::JSDocument::setLocation):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSHTMLAllCollectionCustom.cpp:
      (WebCore::callHTMLAllCollection):
      (WebCore::JSHTMLAllCollection::item):
      (WebCore::JSHTMLAllCollection::namedItem):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSHTMLCollectionCustom.cpp:
      (WebCore::JSHTMLCollection::item):
      (WebCore::JSHTMLCollection::namedItem):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::documentWrite):
      * bindings/js/JSHTMLInputElementCustom.cpp:
      (WebCore::JSHTMLInputElement::setSelectionDirection):
      (WebCore::JSHTMLInputElement::setSelectionRange):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::JSInspectorFrontendHost::showContextMenu):
      * bindings/js/JSJavaScriptCallFrameCustom.cpp:
      (WebCore::JSJavaScriptCallFrame::evaluate):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::setHref):
      (WebCore::JSLocation::setProtocol):
      (WebCore::JSLocation::setHost):
      (WebCore::JSLocation::setHostname):
      (WebCore::JSLocation::setPort):
      (WebCore::JSLocation::setPathname):
      (WebCore::JSLocation::setSearch):
      (WebCore::JSLocation::setHash):
      (WebCore::JSLocation::replace):
      (WebCore::JSLocation::assign):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSSQLTransactionCustom.cpp:
      (WebCore::JSSQLTransaction::executeSql):
      * bindings/js/JSSQLTransactionSyncCustom.cpp:
      (WebCore::JSSQLTransactionSync::executeSql):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorkerConstructor::constructJSSharedWorker):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::putDelegate):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::getExtension):
      * bindings/js/JSWebSocketCustom.cpp:
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      (WebCore::JSWebSocket::send):
      (WebCore::JSWebSocket::close):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::importScripts):
      * bindings/js/JSWorkerCustom.cpp:
      (WebCore::JSWorkerConstructor::constructJSWorker):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/JSXSLTProcessorCustom.cpp:
      (WebCore::JSXSLTProcessor::setParameter):
      (WebCore::JSXSLTProcessor::getParameter):
      (WebCore::JSXSLTProcessor::removeParameter):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::create):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::toString):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateEventListenerCall):
      (JSValueToNative):
      (GenerateConstructorDefinition):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertArrayInstanceToJavaArray):
      (JSC::Bindings::convertValueToJValue):
      * bridge/jni/jsc/JavaFieldJSC.cpp:
      (JavaField::dispatchValueFromInstance):
      (JavaField::valueFromInstance):
      (JavaField::dispatchSetValueToInstance):
      (JavaField::setValueToInstance):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaInstance::invokeMethod):
      * testing/js/JSInternalsCustom.cpp:
      (WebCore::JSInternals::setUserPreferredLanguages):
      
      ../WebKit/mac: 
      
      Reviewed by Gavin Barraclough.
      
      Mechanical changes to call value() after calling toString(), to
      convert from "JS string" (JSString*) to "C++ string" (UString), since
      toString() no longer returns a "C++ string".
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      
      ../WebKit2: 
      
      Reviewed by Gavin Barraclough.
      
      Mechanical changes to call value() after calling toString(), to
      convert from "JS string" (JSString*) to "C++ string" (UString), since
      toString() no longer returns a "C++ string".
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105698 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      64be5e90
  24. 10 Jan, 2012 1 commit
    • barraclough@apple.com's avatar
      Source/JavaScriptCore: Do not allow Array length to be set if it is non-configurable · cd7d2b0a
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75935
      
      Reviewed by Sam Weinig.
      
      Do not allow Array length to be set if it is non-configurable, and if the new
      length is less than the old length then intervening properties should removed
      in reverse order. Removal of properties should cease if an intervening indexed
      property being removed is non-configurable.
      
      * JavaScriptCore.exp:
          - Removed export for setLength.
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncConcat):
          - JSArray::setLength now takes an ExecState*
      (JSC::arrayProtoFuncSlice):
          - JSArray::setLength now takes an ExecState*
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
          - JSArray::setLength now takes an ExecState*
      (JSC::JSArray::put):
          - JSArray::setLength now takes an ExecState*
      (JSC::compareKeysForQSort):
          - Keys extracted from the map can be stored as unsigneds.
      (JSC::JSArray::getOwnPropertyNames):
          - Keys extracted from the map can be stored as unsigneds.
      (JSC::JSArray::setLength):
          - Check lengthIsReadOnly(), rather than copying the entire map to iterate
            over to determine which keys to remove, instead just copy the keys from
            the map to a Vector. When inSparseMode sort the keys in the Vector so
            that we can remove properties in reverse order.
      * runtime/JSArray.h:
          - JSArray::setLength now takes an ExecState*
      
      Source/WebCore: Do not allow Array length to be set if it is non-configurable
      https://bugs.webkit.org/show_bug.cgi?id=75935
      
      Reviewed by Sam Weinig.
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::deserialize):
          - remove unnecessary call to JSArray::setLength.
      
      LayoutTests: rebaselining some canvas images
      https://bugs.webkit.org/show_bug.cgi?id=75552
      
      Patch by Elliot Poger <epoger@google.com> on 2012-01-10
      Reviewed by Ryosuke Niwa.
      
      * platform/chromium-gpu-linux/fast/canvas/canvas-text-baseline-expected.png:
      * platform/chromium-gpu-linux/fast/canvas/quadraticCurveTo-expected.png:
      * platform/chromium-gpu-mac/fast/canvas/canvas-text-baseline-expected.png: Added.
      * platform/chromium-gpu-mac/fast/canvas/quadraticCurveTo-expected.png: Added.
      * platform/chromium-gpu-win/fast/canvas/canvas-text-baseline-expected.png:
      * platform/chromium-gpu-win/fast/canvas/quadraticCurveTo-expected.png:
      * platform/chromium-mac-leopard/fast/canvas/quadraticCurveTo-expected.png: Added.
      * platform/chromium-mac-snowleopard/fast/canvas/canvas-lineWidth-expected.txt: Added.
      * platform/chromium-mac-snowleopard/fast/canvas/canvas-text-baseline-expected.png: Added.
      * platform/chromium-mac-snowleopard/fast/canvas/quadraticCurveTo-expected.png: Added.
      * platform/chromium/test_expectations.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104604 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd7d2b0a
  25. 09 Jan, 2012 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75789 · 166c9077
      barraclough@apple.com authored
      defineOwnProperty not implemented for Array objects
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      Implements support for getter/setter & non-default attribute properties on arrays,
      by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
      test failures.
      
      * JavaScriptCore.exp:
          - Updated exports.
      * dfg/DFGOperations.cpp:
          - JSArray::pop now requires an exec state.
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncPop):
          - JSArray::pop now requires an exec state.
      * runtime/JSArray.cpp:
      (JSC::SparseArrayValueMap::add):
          - Add a potentially empty entry into the map.
      (JSC::SparseArrayValueMap::put):
          - Changed to call setter.
      (JSC::SparseArrayEntry::get):
          - calls getters.
      (JSC::SparseArrayEntry::getNonSparseMode):
          - does not call getters.
      (JSC::JSArray::enterSparseMode):
          - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
      (JSC::JSArray::putDescriptor):
          - Create a numeric property based on a descriptor.
      (JSC::sameValue):
          - See ES5.1 9.12.
      (JSC::reject):
          - Helper for the [[DefineOwnProperty]] algorithm.
      (JSC::JSArray::defineOwnNumericProperty):
          - Define an indexed property on an array object.
      (JSC::JSArray::setLengthWritable):
          - Marks the length read-only, enters SparseMode as necessary.
      (JSC::JSArray::defineOwnProperty):
          - Defines either an indexed property or 'length' on an array object.
      (JSC::JSArray::getOwnPropertySlotByIndex):
          - Updated to correctly handle accessor descriptors & attributes.
      (JSC::JSArray::getOwnPropertyDescriptor):
          - Updated to correctly handle accessor descriptors & attributes.
      (JSC::JSArray::put):
          - Pass strict mode flag to setLength.
      (JSC::JSArray::putByIndex):
          - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
      (JSC::JSArray::putByIndexBeyondVectorLength):
          - Pass exec to SparseArrayValueMap::put.
      (JSC::JSArray::deletePropertyByIndex):
          - Do not allow deletion of non-configurable properties.
      (JSC::compareKeysForQSort):
          - used in implementation of getOwnPropertyNames.
      (JSC::JSArray::getOwnPropertyNames):
          - Properties in the sparse map should be iterated in order.
      (JSC::JSArray::setLength):
          - Updated to take a 'shouldThrow' flag, return a result indicating error.
      (JSC::JSArray::pop):
          - pop should throw an error if length is not writable, even if the array is empty.
      (JSC::JSArray::push):
          - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
      (JSC::JSArray::sort):
          - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
      (JSC::JSArray::compactForSorting):
          - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
      * runtime/JSArray.h:
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
          - Check if the length is read only.
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
          - Mark the length as read only.
      (JSC::SparseArrayValueMap::find):
          - Moved into header.
      (JSC::JSArray::isLengthWritable):
          - Wraps SparseArrayValueMap::lengthIsReadOnly.
      * runtime/JSObject.cpp:
      (JSC::JSObject::defineOwnProperty):
          - Should be returning the result of putDescriptor.
      * runtime/PropertyDescriptor.cpp:
      (JSC::PropertyDescriptor::attributesOverridingCurrent):
          - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
      * runtime/PropertyDescriptor.h:
          - Added attributesOverridingCurrent.
      
      LayoutTests: 
      
      * fast/js/array-defineOwnProperty-expected.txt: Added.
      * fast/js/array-defineOwnProperty.html: Added.
      * fast/js/script-tests/array-defineOwnProperty.js: Added.
          - Added tests for array properties with accessors & non-defulat attributes.
      * fast/js/mozilla/strict/15.4.4.6-expected.txt:
      * fast/js/mozilla/strict/8.12.5-expected.txt:
      * ietestcenter/Javascript/15.4.4.14-9-a-12-expected.txt:
      * ietestcenter/Javascript/15.4.4.15-8-a-12-expected.txt:
          - Check in passing results.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104488 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      166c9077
  26. 05 Jan, 2012 1 commit
  27. 29 Dec, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75140 · 907d1a40
      barraclough@apple.com authored
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Start cleaning up JSArray construction. JSArray has a set of create methods,
      one of which (currently) takes a 'creation mode' enum parameter. Based on that
      parameter, the constructor does one of two completely different things. If the
      parameter is 'CreateInitialized' it creates an array, setting the length, but
      does not eagerly allocate a storage vector of the specified length. A small
      (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
      access to the vector will read the hole value (return undefined). The alternate
      usage of this method ('CreateCompact') does something very different. It tries
      to create an array of the requested length, and also allocates a storage vector
      large enough to hold all properties. It does not clear the storage vector,
      leaving the memory uninitialized and requiring the user to call a method
      'uncheckedSetIndex' to initialize values in the vector.
      
      This patch factors out these two behaviours, moving the 'CreateCompact' mode
      into its own method, 'tryCreateUninitialized' (matching the naming for this
      functionality in the string classes). 'tryCreateUninitialized' may return 0 if
      memory allocation fails during construction of the object. The construction
      pattern changes such that values added during initialization will be marked if
      a GC is triggered during array allocation. 'CreateInitialized' no longer need
      be passed to create a normal, fully constructed array with a length, and this
      method is merged with the version of 'create' that does not take an initial
      length (length parameter defaults to 0).
      
      * JavaScriptCore.exp:
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
          - removed 'CreateInitialized' argument
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSplice):
          - changed to call 'tryCreateUninitialized'
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
          - changed to call 'tryCreateUninitialized'
      * runtime/JSArray.cpp:
      (JSC::JSArray::JSArray):
          - initialize m_storage to null; if construction fails, make destruction safe
      (JSC::JSArray::finishCreation):
          - merge versions of this method, takes an initialLength parameter defaulting to zero
      (JSC::JSArray::tryFinishCreationUninitialized):
          - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
      (JSC::JSArray::~JSArray):
          - check for null m_storage, in case array construction failed.
      (JSC::JSArray::increaseVectorPrefixLength):
      * runtime/JSArray.h:
      (JSC::JSArray::create):
          - merge versions of this method, takes an initialLength parameter defaulting to zero
      (JSC::JSArray::tryCreateUninitialized):
          - version of 'create' that tries to eagerly allocate storage; may fail & return 0
      (JSC::JSArray::initializeIndex):
      (JSC::JSArray::completeInitialization):
          - used in conjunction with 'tryCreateUninitialized' to initialize the array
      * runtime/JSGlobalObject.h:
      (JSC::constructEmptyArray):
          - removed 'CreateInitialized' argument
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpMatchesArray::finishCreation):
          - removed 'CreateInitialized' argument
      
      LayoutTests: 
      
      Added test case.
      
      * fast/js/script-tests/array-splice.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103823 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      907d1a40
  28. 22 Dec, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75151 · 617f4646
      barraclough@apple.com authored
      Add attributes field to JSArray's SparseMap
      
      Reviewed by Sam Weinig.
      
      This will be necessary to be able to support non- writable/configurable/enumerable
      properties, and helpful for getters/setters.
      
      Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSort):
          - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
            (must fall back to generic sort alogrithm).
      * runtime/JSArray.cpp:
      (JSC::JSArray::finishCreation):
          - moved reportedMapCapacity into the SparseArrayValueMap object.
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::put):
      (JSC::SparseArrayValueMap::visitChildren):
          - Added.
      (JSC::JSArray::getOwnPropertySlotByIndex):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::putSlowCase):
      (JSC::JSArray::deletePropertyByIndex):
      (JSC::JSArray::getOwnPropertyNames):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::visitChildren):
          - Updated for changes in SparseArrayValueMap.
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
          - Disallow on 'SparseMode' arrays.
      * runtime/JSArray.h:
      (JSC::SparseArrayEntry::SparseArrayEntry):
          - An entry in the sparse array - value (WriteBarrier) + attributes.
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
          - Flags to track whether an Array is forced into SparseMode.
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
          - accessors to the map
      (JSC::SparseArrayValueMap::take):
          - only for use on non-SpareMode arrays.
      (JSC::JSArray::inSparseMode):
          - Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103598 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      617f4646
  29. 16 Dec, 2011 1 commit
    • mhahnenberg@apple.com's avatar
      De-virtualize destructors · c58d54d7
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74331
      
      Reviewed by Geoffrey Garen.
      
      .: 
      
      * Source/autotools/symbols.filter: Removed symbol no longer present.
      
      Source/JavaScriptCore: 
      
      This is a megapatch which frees us from the chains of virtual destructors.
      
      In order to remove the virtual destructors, which are the last of the virtual 
      functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to 
      the cell rather than to the structure because in order to be able to lazily call 
      the static destroy() functions that will replace the virtual destructors, we 
      need to be able to access the ClassInfo without the danger of the object's 
      Structure being collected before the object itself.
      
      After adding the ClassInfo to the cell, we can then begin to remove our use 
      of vptrs for optimizations within the JIT and the GC.  When we have removed 
      all of the stored vptrs from JSGlobalData, we can then also remove all of 
      the related VPtrStealingHack code.
      
      The replacement for virtual destructors will be to add a static destroy function 
      pointer to the MethodTable stored in ClassInfo.  Any subclass of JSCell that has 
      a non-trivial destructor will require its own static destroy function to static 
      call its corresponding destructor, which will now be non-virtual.  In future 
      patches we will slowly move away from destructors altogether as we make more and 
      more objects backed by GC memory rather than malloc-ed memory.  The GC will now 
      call the static destroy method rather than the virtual destructor.
      
      As we go through the hierarchy and add static destroy functions to classes, 
      we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes 
      to which it applies.  The future goal is to eventually have every class have that assert.
      
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call 
      ~JSCallbackConstructor because it has some extra destruction logic.
      * API/JSCallbackConstructor.h:
      * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction.
      * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject 
      because it has a member OwnPtr that needs destruction.
      (JSC::::destroy):
      * API/JSCallbackObject.h:
      * JavaScriptCore.exp: Add/remove necessary symbols for JSC.
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols.
      * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't 
      have its own ClassInfo despite the fact that it overrides a number of MethodTable 
      methods.  Added the ClassInfo, along with an assertion that its destructor is trivial.
      * debugger/DebuggerActivation.h:
      * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray, 
      isJSString, as it is no longer necessary.
      (JSC::DFG::putByVal):
      * dfg/DFGRepatch.cpp:  Ditto.  Also remove uses of jsArrayVPtr in favor of using the 
      JSArray ClassInfo pointer.
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:  Replace uses of the old vptrs with new ClassInfo 
      comparisons since we don't have vptrs anymore.
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
      (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT.h: Ditto.
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * dfg/DFGSpeculativeJIT32_64.cpp: Ditto.
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp: Ditto.
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with 
      ClassInfo comparisons.
      (JSC::Heap::Heap):
      * heap/MarkStack.cpp: Ditto.
      (JSC::MarkStackThreadSharedData::markingThreadMain):
      (JSC::visitChildren):
      (JSC::SlotVisitor::drain):
      * heap/MarkStack.h: Ditto.
      (JSC::MarkStack::MarkStack):
      * heap/MarkedBlock.cpp: Ditto.
      (JSC::MarkedBlock::callDestructor):
      (JSC::MarkedBlock::specializedSweep):
      * heap/MarkedBlock.h: Ditto.
      * heap/SlotVisitor.h: Ditto.
      (JSC::SlotVisitor::SlotVisitor):
      * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them.  
      We'll have to rename this class and make it use ClassInfo ptrs in a future patch.
      (JSC::VTableSpectrum::count):
      * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray, 
      etc. functions.
      (JSC::loadVarargs):
      (JSC::Interpreter::tryCacheGetByID):
      (JSC::Interpreter::privateExecute):
      * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject 
      * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting, 
      remove all vtable related code.
      (JSC::JIT::emitLoadCharacterString):
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSFunction):
      * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo.
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emit_op_convert_this):
      * jit/JITOpcodes32_64.cpp: Ditto.
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emitSlow_op_eq):
      (JSC::JIT::emitSlow_op_neq):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_convert_this):
      * jit/JITPropertyAccess.cpp: Ditto.
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp: Ditto.
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITStubs.cpp: Remove global data argument from isJSString, etc.
      (JSC::JITThunks::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff.
      (JSC::SpecializedThunkJIT::loadJSStringArgument):
      * runtime/ArrayConstructor.cpp: Add trivial destructor assert.
      * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray.
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/BooleanConstructor.cpp: Add trivial destructor assert.
      * runtime/BooleanObject.cpp: Ditto.
      * runtime/BooleanPrototype.cpp: Ditto.
      * runtime/ClassInfo.h: Add destroy function pointer to MethodTable.
      * runtime/DateConstructor.cpp: Add trivial destructor assert.
      * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr 
      that needs destruction.
      (JSC::DateInstance::destroy):
      * runtime/DateInstance.h:
      * runtime/Error.cpp: Ditto (because of UString member).
      (JSC::StrictModeTypeErrorFunction::destroy):
      * runtime/Error.h:
      * runtime/ErrorConstructor.cpp: Add trivial destructor assert.
      * runtime/ErrorInstance.cpp: Ditto.
      * runtime/ExceptionHelpers.cpp: Ditto.
      * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses.
      (JSC::ExecutableBase::destroy):
      (JSC::NativeExecutable::destroy):
      (JSC::ScriptExecutable::destroy):
      (JSC::EvalExecutable::destroy):
      (JSC::ProgramExecutable::destroy):
      (JSC::FunctionExecutable::destroy):
      * runtime/Executable.h:
      * runtime/FunctionConstructor.cpp: Add trivial destructor assert.
      * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray.
      (JSC::functionProtoFuncApply):
      * runtime/GetterSetter.cpp: Ditto.
      * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no 
      longer exists.
      (JSC::initializeThreadingOnce):
      * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert, 
      remove first arg from isJSString.
      (JSC::InternalFunction::displayName):
      * runtime/InternalFunction.h: Remove VPtrStealingHack.
      * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert.
      * runtime/JSArray.cpp: Add static destroy to call ~JSArray.  Replace vptr checks in 
      destructor with ClassInfo checks.
      (JSC::JSArray::~JSArray):
      (JSC::JSArray::destroy):
      * runtime/JSArray.h: Remove VPtrStealingHack.  Remove globalData argument from isJSArray 
      and change them to check the ClassInfo rather than the vptrs.
      (JSC::isJSArray):
      * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray.
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks.
      (JSC::JSByteArray::~JSByteArray):
      (JSC::JSByteArray::destroy):
      * runtime/JSByteArray.h: Remove VPtrStealingHack code.
      (JSC::isJSByteArray):
      * runtime/JSCell.cpp: Add trivial destructor assert.  Add static destroy function.
      (JSC::JSCell::destroy):
      * runtime/JSCell.h: Remove VPtrStealingHack code.  Add function for returning the offset 
      of the ClassInfo pointer in the object for use by the JIT.  Add the ClassInfo pointer to 
      the JSCell itself, and grab it from the Structure.  Remove the vptr and setVPtr functions, 
      as they are no longer used.  Add a validatedClassInfo function to JSCell for any clients 
      that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the 
      same one as that contained in the Structure.  This isn't used too often, because most of 
      the places where we compare the ClassInfo to things can be called during destruction.  
      Since the Structure is unreliable during the phase when destructors are being called, 
      we can't call validatedClassInfo.
      (JSC::JSCell::classInfoOffset):
      (JSC::JSCell::structure):
      (JSC::JSCell::classInfo):
      * runtime/JSFunction.cpp: Remove VPtrStealingHack code.  Add static destroy, remove vtableAnchor, 
      remove first arg from call to isJSString.
      (JSC::JSFunction::destroy):
      (JSC::JSFunction::displayName):
      * runtime/JSFunction.h: 
      * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs, 
      as these vptrs are no longer needed in the codebase.
      * runtime/JSGlobalData.h:
      (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use 
      ClassInfo rather than the vptr.
      * runtime/JSGlobalObject.cpp: Add static destroy function.
      (JSC::JSGlobalObject::destroy):
      * runtime/JSGlobalObject.h:
      * runtime/JSGlobalThis.cpp: Add trivial destructor assert.
      * runtime/JSNotAnObject.cpp: Ditto.
      * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls.
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp: 
      (JSC::JSFinalObject::destroy):
      (JSC::JSNonFinalObject::destroy):
      (JSC::JSObject::destroy):
      * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor 
      from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and 
      JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code.
      (JSC::JSObject::finishCreation):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::finishCreation):
      (JSC::isJSFinalObject):
      * runtime/JSPropertyNameIterator.cpp: Add static destroy.
      (JSC::JSPropertyNameIterator::destroy):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSStaticScopeObject.cpp: Ditto.
      (JSC::JSStaticScopeObject::destroy):
      * runtime/JSStaticScopeObject.h: Ditto. 
      * runtime/JSString.cpp:
      (JSC::JSString::destroy):
      * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code, 
      since we no longer need to fixup vptrs.
      (JSC::jsSingleCharacterString):
      (JSC::jsSingleCharacterSubstring):
      (JSC::jsNontrivialString):
      (JSC::jsString):
      (JSC::jsSubstring8):
      (JSC::jsSubstring):
      (JSC::jsOwnedString):
      (JSC::jsStringBuilder):
      (JSC::isJSString):
      * runtime/JSVariableObject.cpp: 
      (JSC::JSVariableObject::destroy):
      * runtime/JSVariableObject.h: Ditto.
      * runtime/JSWrapperObject.cpp:
      * runtime/JSWrapperObject.h: Add trivial destructor assert.
      * runtime/MathObject.cpp: Ditto.
      * runtime/NativeErrorConstructor.cpp: Ditto.
      * runtime/NumberConstructor.cpp: Ditto.
      * runtime/NumberObject.cpp: Ditto.
      * runtime/NumberPrototype.cpp: Ditto.
      * runtime/ObjectConstructor.cpp: Ditto.
      * runtime/ObjectPrototype.cpp: Ditto.
      * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString.
      (JSC::jsString):
      (JSC::jsLess):
      (JSC::jsLessEq):
      * runtime/RegExp.cpp: Add static destroy.
      (JSC::RegExp::destroy):
      * runtime/RegExp.h:
      * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray.
      (JSC::RegExpConstructor::destroy):
      (JSC::RegExpMatchesArray::destroy):
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.h:
      * runtime/RegExpObject.cpp: Add static destroy.
      (JSC::RegExpObject::destroy):
      * runtime/RegExpObject.h:
      * runtime/ScopeChain.cpp: Add trivial destructor assert.
      * runtime/ScopeChain.h:
      * runtime/StrictEvalActivation.cpp: Ditto.
      * runtime/StringConstructor.cpp:
      * runtime/StringObject.cpp: Ditto. Remove vtableAnchor.
      * runtime/StringObject.h:
      * runtime/StringPrototype.cpp: Ditto.
      * runtime/Structure.cpp: Add static destroy.
      (JSC::Structure::destroy):
      * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h 
      because they need to have the full Structure type to access the ClassInfo to store in the JSCell.
      (JSC::JSCell::setStructure):
      (JSC::JSCell::validatedClassInfo):
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      * runtime/StructureChain.cpp: Add static destroy.
      (JSC::StructureChain::destroy):
      * runtime/StructureChain.h:
      * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs 
      ability to tell us when a class has a trivial destructor. We will use this assert 
      more in future patches as we move toward having all JSC objects backed by GC memory, 
      which means moving away from using destructors/finalizers.
      
      Source/JavaScriptGlue: 
      
      * UserObjectImp.cpp: Add static destroy function.
      (UserObjectImp::destroy):
      * UserObjectImp.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Doing everything here that was done to the JSCell hierarchy in JavaScriptCore. 
      See the ChangeLog for this commit for a more in-depth description.
      
      * WebCore.exp.in: Add/remove symbols.
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp: Remove first arg from isJSArray call.
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMBinding.cpp: Add trival destructor assert for DOMConstructorObject 
      and DOMConstructorWithDocument.
      * bindings/js/JSDOMGlobalObject.cpp: Add static destroy.  Add implementation for 
      scriptExecutionContext that dispatches to different functions in subclasses 
      depending on our current ClassInfo.  We do this so that we can get rid of the 
      virtual-ness of scriptExecutionContext, because any virtual functions will throw 
      off the layout of the object and we'll crash at runtime.
      (WebCore::JSDOMGlobalObject::destroy):
      (WebCore::JSDOMGlobalObject::scriptExecutionContext):
      * bindings/js/JSDOMGlobalObject.h:
      * bindings/js/JSDOMWindowBase.cpp: Add static destroy.
      (WebCore::JSDOMWindowBase::destroy):
      * bindings/js/JSDOMWindowBase.h: De-virtualize scriptExecutionContext.
      * bindings/js/JSDOMWindowShell.cpp: Add static destroy.
      (WebCore::JSDOMWindowShell::destroy):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSDOMWrapper.cpp: Add trivial destructor assert.
      * bindings/js/JSDOMWrapper.h: Add a ClassInfo to JSDOMWrapper since it now overrides 
      a MethodTable function. Remove vtableAnchor virtual function.
      * bindings/js/JSImageConstructor.cpp: Add trivial destructor assert.
      * bindings/js/JSNodeCustom.cpp: Change implementation of pushEventHandlerScope so that 
      it dispatches to the correct function depending on the 
      identity of the class as specified by the ClassInfo.  
      See JSDOMGlobalObject::scriptExecutionContext for explanation.
      (WebCore::JSNode::pushEventHandlerScope):
      * bindings/js/JSWebSocketCustom.cpp: Remove first arg to isJSArray call.
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      * bindings/js/JSWorkerContextBase.cpp: Add static destroy.
      (WebCore::JSWorkerContextBase::destroy):
      * bindings/js/JSWorkerContextBase.h: 
      * bindings/js/ScriptValue.cpp: Remove first arg to isJSArray call.
      (WebCore::jsToInspectorValue): 
      * bindings/js/SerializedScriptValue.cpp: Ditto.
      (WebCore::CloneSerializer::isArray):
      (WebCore::CloneSerializer::getSparseIndex):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader): Remove virtual-ness of any custom pushEventHandlerScope (see 
      JSNodeCustom::pushEventHandlerScope for explanation).  Remove virtual toBoolean 
      for anybody who masquerades as undefined, since our JSObject implementation handles 
      this based on the TypeInfo in the Structure. Add trivial destructor assert for any 
      class other than DOMWindow or WorkerContexts.
      (GenerateImplementation): Change ClassInfo definitions to use Base::s_info, since 
      typing the parent class more than once is duplication of information and increases 
      the likelihood of mistakes.  Pass ClassInfo to TypeArrayDescriptors instead of vptr. 
      (GenerateConstructorDefinition): Add trivial destructor assert for all generated constructors.
      * bridge/c/CRuntimeObject.cpp: Remove empty virtual destructor.
      * bridge/c/CRuntimeObject.h: 
      * bridge/jni/jsc/JavaRuntimeObject.cpp: Ditto.
      * bridge/jni/jsc/JavaRuntimeObject.h: 
      * bridge/objc/ObjCRuntimeObject.h: Ditto.
      * bridge/objc/ObjCRuntimeObject.mm:
      * bridge/objc/objc_runtime.h: Add static destroy for ObjcFallbackObjectImp. De-virtualize 
      toBoolean in the short term.  Need longer term fix.
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::destroy):
      * bridge/qt/qt_runtime.cpp: Add static destroy to QtRuntimeMethod.
      (JSC::Bindings::QtRuntimeMethod::destroy):
      * bridge/qt/qt_runtime.h: De-virtualize ~QtRuntimeMethod.
      * bridge/runtime_array.cpp: De-virtualize destructor. Add static destroy.
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp: Remove vtableAnchor. Add static destroy.
      (JSC::RuntimeMethod::destroy):
      * bridge/runtime_method.h:
      * bridge/runtime_object.cpp: Add static destroy.
      (JSC::Bindings::RuntimeObject::destroy):
      * bridge/runtime_object.h:
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/ProxyRuntimeObject.h: Remove empty virtual destructor.
      * Plugins/Hosted/ProxyRuntimeObject.mm:
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp: Add trivial destructor assert.
      * WebProcess/Plugins/Netscape/JSNPObject.cpp: Add static destroy.
      (WebKit::JSNPObject::destroy):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      * win/WebKit2.def: Add/remove necessary symbols.
      * win/WebKit2CFLite.def: Ditto.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103083 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c58d54d7
  30. 25 Nov, 2011 1 commit
  31. 11 Nov, 2011 1 commit
    • mhahnenberg@apple.com's avatar
      Add jsCast to replace static_cast · 135f0517
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=72071
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Added new jsCast and changed all of the static_cast sites in functions that 
      are in the MethodTable to use jsCast instead.
      
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::toStringCallback):
      (JSC::JSCallbackFunction::valueOfCallback):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::visitChildren):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::className):
      (JSC::::getOwnPropertySlot):
      (JSC::::getOwnPropertyDescriptor):
      (JSC::::put):
      (JSC::::deleteProperty):
      (JSC::::deletePropertyByIndex):
      (JSC::::getConstructData):
      (JSC::::hasInstance):
      (JSC::::getCallData):
      (JSC::::getOwnPropertyNames):
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      (JSC::DebuggerActivation::className):
      (JSC::DebuggerActivation::getOwnPropertySlot):
      (JSC::DebuggerActivation::put):
      (JSC::DebuggerActivation::putWithAttributes):
      (JSC::DebuggerActivation::deleteProperty):
      (JSC::DebuggerActivation::getOwnPropertyNames):
      (JSC::DebuggerActivation::getOwnPropertyDescriptor):
      (JSC::DebuggerActivation::defineGetter):
      (JSC::DebuggerActivation::defineSetter):
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      (JSC::Arguments::getOwnPropertySlotByIndex):
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::getOwnPropertyNames):
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::deleteProperty):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::getOwnPropertySlot):
      (JSC::DatePrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/Executable.cpp:
      (JSC::ExecutableBase::clearCode):
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::getOwnPropertyNames):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putWithAttributes):
      * runtime/JSArray.cpp:
      (JSC::JSArray::getOwnPropertySlotByIndex):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::putByIndex):
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::deletePropertyByIndex):
      (JSC::JSArray::getOwnPropertyNames):
      (JSC::JSArray::visitChildren):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::hasInstance):
      (JSC::JSBoundFunction::visitChildren):
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::getOwnPropertySlot):
      (JSC::JSByteArray::getOwnPropertyDescriptor):
      (JSC::JSByteArray::getOwnPropertySlotByIndex):
      (JSC::JSByteArray::put):
      (JSC::JSByteArray::putByIndex):
      (JSC::JSByteArray::getOwnPropertyNames):
      * runtime/JSCell.h:
      (JSC::JSCell::visitChildren):
      (JSC::jsCast):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::visitChildren):
      (JSC::JSFunction::getCallData):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnPropertyNames):
      (JSC::JSFunction::put):
      (JSC::JSFunction::deleteProperty):
      (JSC::JSFunction::getConstructData):
      * runtime/JSGlobalData.cpp:
      (JSC::StackPreservingRecompiler::operator()):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putWithAttributes):
      (JSC::JSGlobalObject::defineGetter):
      (JSC::JSGlobalObject::defineSetter):
      (JSC::JSGlobalObject::visitChildren):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      (JSC::JSGlobalObject::clearRareData):
      * runtime/JSGlobalThis.cpp:
      (JSC::JSGlobalThis::visitChildren):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::getOwnPropertySlot):
      (JSC::JSONObject::getOwnPropertyDescriptor):
      * runtime/JSObject.cpp:
      (JSC::JSObject::finalize):
      (JSC::JSObject::visitChildren):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::deletePropertyByIndex):
      * runtime/JSObject.h:
      (JSC::JSObject::getOwnPropertySlot):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::visitChildren):
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putWithAttributes):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSString.cpp:
      (JSC::JSString::visitChildren):
      (JSC::JSString::toThisObject):
      (JSC::JSString::getOwnPropertySlot):
      (JSC::JSString::getOwnPropertySlotByIndex):
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::deleteProperty):
      (JSC::JSVariableObject::getOwnPropertyNames):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/MathObject.cpp:
      (JSC::MathObject::getOwnPropertySlot):
      (JSC::MathObject::getOwnPropertyDescriptor):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::getOwnPropertySlot):
      (JSC::ObjectConstructor::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::getOwnPropertySlot):
      (JSC::RegExpConstructor::getOwnPropertyDescriptor):
      (JSC::RegExpConstructor::put):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertySlot):
      (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
      (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
      (JSC::RegExpMatchesArray::put):
      (JSC::RegExpMatchesArray::putByIndex):
      (JSC::RegExpMatchesArray::deleteProperty):
      (JSC::RegExpMatchesArray::deletePropertyByIndex):
      (JSC::RegExpMatchesArray::getOwnPropertyNames):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::visitChildren):
      (JSC::RegExpObject::getOwnPropertySlot):
      (JSC::RegExpObject::getOwnPropertyDescriptor):
      (JSC::RegExpObject::put):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::visitChildren):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringObject.cpp:
      (JSC::StringObject::getOwnPropertySlot):
      (JSC::StringObject::getOwnPropertySlotByIndex):
      (JSC::StringObject::getOwnPropertyDescriptor):
      (JSC::StringObject::deleteProperty):
      (JSC::StringObject::getOwnPropertyNames):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::getOwnPropertySlot):
      (JSC::StringPrototype::getOwnPropertyDescriptor):
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      
      Source/JavaScriptGlue: 
      
      Added new jsCast and changed all of the static_cast sites in functions that 
      are in the MethodTable to use jsCast instead.
      
      * UserObjectImp.cpp:
      (UserObjectImp::getCallData):
      (UserObjectImp::getOwnPropertyNames):
      (UserObjectImp::getOwnPropertySlot):
      (UserObjectImp::put):
      (UserObjectImp::visitChildren):
      
      Source/WebCore: 
      
      No new tests. 
      
      Added new jsCast and changed all of the static_cast sites in functions that 
      are in the MethodTable to use jsCast instead.
      
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioContextCustom.cpp:
      (WebCore::JSAudioContext::visitChildren):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::toHTMLCanvasStyle):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::visitChildren):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::getOwnPropertyNames):
      (WebCore::JSDOMStringMap::deleteProperty):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::toThisObject):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindow::put):
      (WebCore::JSDOMWindow::deleteProperty):
      (WebCore::JSDOMWindow::getPropertyNames):
      (WebCore::JSDOMWindow::getOwnPropertyNames):
      (WebCore::JSDOMWindow::defineGetter):
      (WebCore::JSDOMWindow::defineSetter):
      (WebCore::JSDOMWindow::defineOwnProperty):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::className):
      (WebCore::JSDOMWindowShell::getOwnPropertySlot):
      (WebCore::JSDOMWindowShell::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindowShell::put):
      (WebCore::JSDOMWindowShell::putWithAttributes):
      (WebCore::JSDOMWindowShell::defineOwnProperty):
      (WebCore::JSDOMWindowShell::deleteProperty):
      (WebCore::JSDOMWindowShell::getPropertyNames):
      (WebCore::JSDOMWindowShell::getOwnPropertyNames):
      (WebCore::JSDOMWindowShell::defineGetter):
      (WebCore::JSDOMWindowShell::defineSetter):
      * bindings/js/JSHTMLAppletElementCustom.cpp:
      (WebCore::JSHTMLAppletElement::getCallData):
      * bindings/js/JSHTMLEmbedElementCustom.cpp:
      (WebCore::JSHTMLEmbedElement::getCallData):
      * bindings/js/JSHTMLObjectElementCustom.cpp:
      (WebCore::JSHTMLObjectElement::getCallData):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deleteProperty):
      (WebCore::JSHistory::getOwnPropertyNames):
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      (WebCore::JSJavaScriptAudioNode::visitChildren):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deleteProperty):
      (WebCore::JSLocation::getOwnPropertyNames):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deleteProperty):
      (WebCore::JSStorage::getOwnPropertyNames):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterface::getOwnPropertySlot):
      (WebCore::JSTestInterface::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerPrototype::getOwnPropertySlot):
      (WebCore::JSTestMediaQueryListListenerPrototype::getOwnPropertyDescriptor):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertySlot):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructor::getOwnPropertySlot):
      (WebCore::JSTestNamedConstructor::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjPrototype::getOwnPropertySlot):
      (WebCore::JSTestObjPrototype::getOwnPropertyDescriptor):
      (WebCore::JSTestObj::getOwnPropertySlot):
      (WebCore::JSTestObj::getOwnPropertyDescriptor):
      (WebCore::JSTestObj::put):
      (WebCore::JSTestObj::visitChildren):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertySlot):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertyDescriptor):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::getCallData):
      (JSC::Bindings::ObjcFallbackObjectImp::defaultValue):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::visitChildren):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMetaMethod::visitChildren):
      (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertySlot):
      (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyDescriptor):
      (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertySlot):
      (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyDescriptor):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::getOwnPropertyNames):
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertyDescriptor):
      (JSC::RuntimeArray::getOwnPropertySlotByIndex):
      (JSC::RuntimeArray::put):
      (JSC::RuntimeArray::putByIndex):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::getOwnPropertySlot):
      (JSC::RuntimeMethod::getOwnPropertyDescriptor):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      (JSC::Bindings::RuntimeObject::getOwnPropertyDescriptor):
      (JSC::Bindings::RuntimeObject::put):
      (JSC::Bindings::RuntimeObject::defaultValue):
      (JSC::Bindings::RuntimeObject::getCallData):
      (JSC::Bindings::RuntimeObject::getConstructData):
      (JSC::Bindings::RuntimeObject::getOwnPropertyNames):
      
      Source/WebKit2: 
      
      Added new jsCast and changed all of the static_cast sites in functions that 
      are in the MethodTable to use jsCast instead.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getCallData):
      (WebKit::JSNPObject::getConstructData):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::deletePropertyByIndex):
      (WebKit::JSNPObject::getOwnPropertyNames):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100006 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      135f0517
  32. 09 Nov, 2011 1 commit
    • mhahnenberg@apple.com's avatar
      De-virtualize JSObject::getOwnPropertyDescriptor · 7f2f7e53
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71523
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
      virtual versions of getOwnPropertyDescriptor to static ones, and 
      changed all of the call sites to the corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertyDescriptor):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertyDescriptor):
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertyDescriptor):
      * runtime/Arguments.h:
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      * runtime/ClassInfo.h:
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::getOwnPropertyDescriptor):
      * runtime/DatePrototype.h:
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::getOwnPropertyDescriptor):
      * runtime/JSArray.h:
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::getOwnPropertyDescriptor):
      * runtime/JSByteArray.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertyDescriptor):
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::getOwnPropertyDescriptor):
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::getOwnPropertyDescriptor):
      * runtime/JSONObject.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::vtableAnchor):
      (JSC::JSObject::propertyIsEnumerable):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::JSObject::getPropertyDescriptor):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a 
      bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject.  There were 
      no call sites for this version of getOwnPropertyDescriptor in the entire project.
      * runtime/JSString.h:
      * runtime/Lookup.h:
      (JSC::getStaticPropertyDescriptor):
      (JSC::getStaticFunctionDescriptor):
      (JSC::getStaticValueDescriptor):
      * runtime/MathObject.cpp:
      (JSC::MathObject::getOwnPropertyDescriptor):
      * runtime/MathObject.h:
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      * runtime/NumberConstructor.h:
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::getOwnPropertyDescriptor):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      * runtime/ObjectConstructor.h:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::getOwnPropertyDescriptor):
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnPropertyDescriptor):
      * runtime/RegExpObject.h:
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      * runtime/StringObject.cpp:
      (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
      (JSC::StringObject::getOwnPropertyDescriptor):
      * runtime/StringObject.h:
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::getOwnPropertyDescriptor):
      * runtime/StringPrototype.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
      virtual versions of getOwnPropertyDescriptor to static ones, and 
      changed all of the call sites to the corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertyDescriptor):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::getOwnPropertyDescriptorDelegate):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestInterface::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestInterface.h:
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestMediaQueryListListenerPrototype::getOwnPropertyDescriptor):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestObjPrototype::getOwnPropertyDescriptor):
      (WebCore::JSTestObj::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestObj.h:
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertyDescriptor):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyDescriptor):
      (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyDescriptor):
      * bridge/qt/qt_runtime.h:
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::getOwnPropertyDescriptor):
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::vtableAnchor): Added to prevent a weak vtable.
      (JSC::RuntimeMethod::getOwnPropertyDescriptor):
      * bridge/runtime_method.h: Changed getOwnPropertyDescriptor from private to protected to allow 
      subclasses to use it in their MethodTables.
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::getOwnPropertyDescriptor):
      * bridge/runtime_object.h:
      
      Source/WebKit2: 
      
      Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
      virtual versions of getOwnPropertyDescriptor to static ones, and 
      changed all of the call sites to the corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99754 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7f2f7e53
  33. 26 Oct, 2011 1 commit
    • mhahnenberg@apple.com's avatar
      Remove getOwnPropertySlotVirtual · 5c103b05
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=70741
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertyDescriptor):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertySlot):
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConstructor.h:
      * runtime/ArrayPrototype.cpp:
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      * runtime/BooleanPrototype.h:
      * runtime/DateConstructor.cpp:
      * runtime/DateConstructor.h:
      * runtime/DatePrototype.cpp:
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::create):
      * runtime/ErrorPrototype.cpp:
      * runtime/ErrorPrototype.h:
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::getOwnPropertySlotByIndex):
      * runtime/JSArray.h:
      * runtime/JSByteArray.cpp:
      * runtime/JSByteArray.h:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnPropertyNames):
      (JSC::JSFunction::put):
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSONObject.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::hasOwnProperty):
      * runtime/JSObject.h:
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSObject::getPropertySlot):
      (JSC::JSValue::get):
      * runtime/JSStaticScopeObject.cpp:
      * runtime/JSStaticScopeObject.h:
      * runtime/JSString.cpp:
      (JSC::JSString::getOwnPropertySlot):
      * runtime/JSString.h:
      * runtime/MathObject.cpp:
      * runtime/MathObject.h:
      (JSC::MathObject::create):
      * runtime/NumberConstructor.cpp:
      * runtime/NumberConstructor.h:
      * runtime/NumberPrototype.cpp:
      * runtime/NumberPrototype.h:
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectConstructor.h:
      * runtime/ObjectPrototype.cpp:
      * runtime/ObjectPrototype.h:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      * runtime/RegExpObject.h:
      * runtime/RegExpPrototype.cpp:
      * runtime/RegExpPrototype.h:
      * runtime/StringConstructor.cpp:
      * runtime/StringConstructor.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
      * runtime/StringPrototype.cpp:
      * runtime/StringPrototype.h:
      
      Source/JavaScriptGlue: 
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * UserObjectImp.cpp:
      * UserObjectImp.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::DialogHandler::returnValue):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlot):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::getSparseIndex):
      (WebCore::CloneSerializer::getProperty):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      * bridge/runtime_method.h:
      * bridge/runtime_object.cpp:
      * bridge/runtime_object.h:
      
      Source/WebKit2: 
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98501 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5c103b05
  34. 25 Oct, 2011 2 commits
    • mhahnenberg@apple.com's avatar
      Remove deletePropertyVirtual · c0f87c17
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=70738
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::deletePropertyByIndex):
      * API/JSObjectRef.cpp:
      (JSObjectDeleteProperty):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::deleteProperty):
      * debugger/DebuggerActivation.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::deletePropertyByIndex):
      * runtime/JSArray.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::deleteProperty):
      (JSC::JSCell::deletePropertyByIndex):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      * runtime/JSVariableObject.cpp:
      * runtime/JSVariableObject.h:
      * runtime/RegExpMatchesArray.h:
      * runtime/StrictEvalActivation.cpp:
      * runtime/StrictEvalActivation.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deleteProperty):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::deleteProperty):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::deleteProperty):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deleteProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deleteProperty):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deleteProperty):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::remove):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject removeWebScriptKey:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      * bridge/NP_jsobject.cpp:
      (_NPN_RemoveProperty):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::removeMember):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      * bridge/runtime_object.cpp:
      * bridge/runtime_object.h:
      
      Source/WebKit/mac: 
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      
      Source/WebKit2: 
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::removeProperty):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98422 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c0f87c17
    • mhahnenberg@apple.com's avatar
      Remove putVirtual · 39512785
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=70740
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      * API/JSObjectRef.cpp:
      (JSObjectSetProperty):
      (JSObjectSetPropertyAtIndex):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::put):
      * debugger/DebuggerActivation.h:
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/ArrayPrototype.cpp:
      (JSC::putProperty):
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::putSlowCase):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      * runtime/JSArray.h:
      * runtime/JSByteArray.cpp:
      * runtime/JSByteArray.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::put):
      (JSC::JSCell::putByIndex):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      (JSC::JSValue::put):
      * runtime/JSStaticScopeObject.cpp:
      * runtime/JSStaticScopeObject.h:
      * runtime/ObjectPrototype.cpp:
      * runtime/ObjectPrototype.h:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.h:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpObject.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncSplit):
      
      Source/JavaScriptGlue:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * JSValueWrapper.cpp:
      (JSValueWrapper::JSObjectSetProperty):
      * UserObjectImp.cpp:
      * UserObjectImp.h:
      
      Source/WebCore:
      
      No new tests.
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::put):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSPluginElementFunctions.cpp:
      (WebCore::runtimeObjectCustomPut):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::putProperty):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/NP_jsobject.cpp:
      (_NPN_SetProperty):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::setMember):
      (JavaJSObject::setSlot):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertQVariantToValue):
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      * bridge/runtime_object.cpp:
      * bridge/runtime_object.h:
      * bridge/testqtbindings.cpp:
      (main):
      
      Source/WebKit/efl:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/mac:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      
      Source/WebKit/qt:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * Api/qwebframe.cpp:
      (QWebFrame::addToJavaScriptWindowObject):
      
      Source/WebKit2:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::setProperty):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98415 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      39512785