1. 03 Oct, 2012 1 commit
  2. 01 Oct, 2012 1 commit
    • fpizlo@apple.com's avatar
      Address a FIXME in JSArray::sort · b5e07304
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98080
      <rdar://problem/12407844>
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Get rid of fast sorting of sparse maps. I don't know that it's broken but I do know that we don't
      have coverage for it. Then also address the FIXME in JSArray::sort regarding side-effecting
      compare functions.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSort):
      * runtime/JSArray.cpp:
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      * runtime/JSObject.h:
      (JSC::JSObject::hasSparseMap):
      (JSObject):
      
      LayoutTests: 
      
      * fast/js/jsc-test-list:
      * fast/js/script-tests/sort-with-side-effecting-comparisons.js: Added.
      * fast/js/sort-with-side-effecting-comparisons-expected.txt: Added.
      * fast/js/sort-with-side-effecting-comparisons.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130102 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b5e07304
  3. 26 Sep, 2012 1 commit
    • msaboff@apple.com's avatar
      Add ability for JSArray::unshiftCount to unshift in middle of an array · a1c33e2b
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97691
      
      Reviewed by Filip Pizlo.
      
      Changed JSArray::unshiftCount and unshiftCountSlowCase to handle unshifting from the middle of an
      array.  Depending on where the unshift point is, either the front part of the array will be moved
      "left" or the back part will be moved right.  Given that unshiftCount only works on contiguous
      arrays it is safe to use memmove for the moves.
      
      This change is worth 25% performance improvement on pdfjs.  It doesn't seem to have any impact on
      any other benchmarks.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::unshift):
      * runtime/JSArray.cpp:
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::unshiftCount):
      * runtime/JSArray.h:
      (JSArray):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129676 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a1c33e2b
  4. 20 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      CHECK_ARRAY_CONSISTENCY isn't being used or tested, so we should remove it · 658e5ebd
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97260
      
      Rubber stamped by Geoffrey Garen.
              
      Supporting it will become difficult as we add more indexing types. It makes more
      sense to kill, especially since we don't appear to use it or test it, ever.
      
      * runtime/ArrayConventions.h:
      (JSC):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSplice):
      * runtime/ArrayStorage.h:
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (ArrayStorage):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      (JSC::createArrayButterfly):
      (JSC::JSArray::tryCreateUninitialized):
      (JSC::constructArray):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC):
      * runtime/JSObject.h:
      (JSC::JSObject::initializeIndex):
      (JSObject):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129179 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      658e5ebd
  5. 17 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      If a prototype has indexed setters and its instances have indexed storage,... · 1c4a32c9
      fpizlo@apple.com authored
      If a prototype has indexed setters and its instances have indexed storage, then all put_by_val's should have a bad time
      https://bugs.webkit.org/show_bug.cgi?id=96596
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Added comprehensive support for accessors and read-only indexed properties on the
      prototype chain. This is done without any performance regression on benchmarks that
      we're aware of, by having the entire VM's strategy with respect to arrays tilted
      heavily in favor of:
              
      - The prototype chain of JSArrays never having any accessors or read-only indexed
        properties. If that changes, you're going to have a bad time.
              
      - Prototypes of non-JSArray objects either having no indexed accessors or read-only
        indexed properties, or, having those indexed accessor thingies inserted before
        any instance object (i.e. object with that prototype as its prototype) is created.
        If you add indexed accessors or read-only indexed properties to an object that is
        already used as a prototype, you're going to have a bad time.
              
      See below for the exact definition of having a bad time.
              
      Put another way, "fair" uses of indexed accessors and read-only indexed properties
      are:
              
      - Put indexed accessors and read-only indexed properties on an object that is never
        used as a prototype. This will slow down accesses to that object, but will not
        have any effect on any other object.
              
      - Put those indexed accessor thingies on an object before it is used as a prototype
        and then start instantiating objects that claim that object as their prototype.
        This will slightly slow down indexed stores to the instance objects, and greatly
        slow down all indexed accesses to the prototype, but will have no other effect.
              
      In short, "fair" uses only affect the object itself and any instance objects. But
      if you start using indexed accessors in more eclectic ways, you're going to have
      a bad time.
              
      Specifically, if an object that may be used as a prototype has an indexed accessor
      added, the VM performs a whole-heap scan to find all objects that belong to the
      same global object as the prototype you modified. If any of those objects has
      indexed storage, their indexed storage is put into slow-put mode, just as if their
      prototype chain had indexed accessors. This will happen even for objects that do
      not currently have indexed accessors in their prototype chain. As well, all JSArray
      allocations are caused to create arrays with slow-put storage, and all future
      allocations of indexed storage for non-JSArray objects are also flipped to slow-put
      mode. Note there are two aspects to having a bad time: (i) the whole-heap scan and
      (ii) the poisoning of all indexed storage in the entire global object. (i) is
      necessary for correctness. If we detect that an object that may be used as a
      prototype has had an indexed accessor or indexed read-only property inserted into
      it, then we need to ensure that henceforth all instances of that object inspect
      the prototype chain whenever an indexed hole is stored to. But by default, indexed
      stores do no such checking because doing so would be unnecessarily slow. So, we must
      find all instances of the affected object and flip them into a different array
      storage mode that omits all hole optimizations. Since prototypes never keep a list
      of instance objects, the only way to find those objects is a whole-heap scan. But
      (i) alone would be a potential disaster, if a program frequently allocated an
      object without indexed accessors, then allocated a bunch of objects that used that
      one as their prototype, and then added indexed accessors to the prototype. So, to
      prevent massive heap scan storms in such awkward programs, having a bad time also
      implies (ii): henceforth *all* objects belonging to that global object will use
      slow put indexed storage, so that we don't ever have to scan the heap again. Note
      that here we are using the global object as just an approximation of a program
      module; it may be worth investigating in the future if other approximations can be
      used instead.
      
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::isSlowPutAccess):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasIndexedProperties):
      (JSC::hasIndexingHeader):
      (JSC::hasArrayStorage):
      (JSC::shouldUseSlowPut):
      * runtime/JSArray.cpp:
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      * runtime/JSArray.h:
      (JSC::JSArray::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::addressOfArrayStructure):
      (JSC::JSGlobalObject::havingABadTimeWatchpoint):
      (JSC::JSGlobalObject::isHavingABadTime):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::resetInheritorID):
      (JSC::JSObject::inheritorID):
      (JSC::JSObject::allowsAccessFrom):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::unwrappedGlobalObject):
      (JSC::JSObject::notifyUsedAsPrototype):
      (JSC::JSObject::createInheritorID):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHole):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::mayBeUsedAsPrototype):
      (JSObject):
      (JSC::JSObject::mayInterceptIndexedAccesses):
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrNull):
      (JSC::JSObject::ensureArrayStorage):
      (JSC):
      (JSC::JSValue::putByIndex):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::putToPrimitiveByIndex):
      (JSC):
      * runtime/JSValue.h:
      (JSValue):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayEntry::put):
      (JSC):
      * runtime/SparseArrayValueMap.h:
      (JSC):
      (SparseArrayEntry):
      * runtime/Structure.cpp:
      (JSC::Structure::anyObjectInChainMayInterceptIndexedAccesses):
      (JSC):
      (JSC::Structure::suggestedIndexingTransition):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::mayInterceptIndexedAccesses):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      LayoutTests: 
      
      Removed failing expectation for primitive-property-access-edge-cases, and
      added more tests to cover the numerical-setter-on-prototype cases.
      
      * fast/js/array-bad-time-expected.txt: Added.
      * fast/js/array-bad-time.html: Added.
      * fast/js/array-slow-put-expected.txt: Added.
      * fast/js/array-slow-put.html: Added.
      * fast/js/cross-frame-bad-time-expected.txt: Added.
      * fast/js/cross-frame-bad-time.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/object-bad-time-expected.txt: Added.
      * fast/js/object-bad-time.html: Added.
      * fast/js/object-slow-put-expected.txt: Added.
      * fast/js/object-slow-put.html: Added.
      * fast/js/script-tests/array-bad-time.js: Added.
      * fast/js/script-tests/array-slow-put.js: Added.
      (foo):
      * fast/js/script-tests/cross-frame-bad-time.js: Added.
      (foo):
      * fast/js/script-tests/object-bad-time.js: Added.
      (Cons):
      * fast/js/script-tests/object-slow-put.js: Added.
      (Cons):
      (foo):
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c4a32c9
  6. 12 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should have property butterflies · d8dd0535
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91933
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      This changes the JSC object model. Previously, all objects had fast lookup for
      named properties. Integer indexed properties were only fast if you used a
      JSArray. With this change, all objects have fast indexed properties. This is
      accomplished without any space overhead by using a bidirectional object layout,
      aka butterflies. Each JSObject has a m_butterfly pointer where previously it
      had a m_outOfLineStorage pointer. To the left of the location pointed to by
      m_butterfly, we place all named out-of-line properties. To the right, we place
      all indexed properties along with indexing meta-data. Though, some indexing
      meta-data is placed in the 8-byte word immediately left of the pointed-to
      location; this is in anticipation of the indexing meta-data being small enough
      in the common case that m_butterfly always points to the first indexed
      property.
              
      This is performance neutral, except on tests that use indexed properties on
      plain objects, where the speed-up is in excess of an order of magnitude.
              
      One notable aspect of what this change brings is that it allows indexing
      storage to morph over time. Currently this is only used to allow all non-array
      objects to start out without any indexed storage. But it could be used for
      some kinds of array type inference in the future.
      
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlotByIndex):
      (JSC):
      (JSC::::getOwnNonIndexPropertyNames):
      * API/JSObjectRef.cpp:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitDirectPutById):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (AdjacencyList):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::modeSupportsLength):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::addNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryBuildPutByIdList):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateBasicStorage):
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Arguments.cpp:
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::defineOwnProperty):
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConventions.h: Added.
      (JSC):
      (JSC::isDenseEnoughForVector):
      (JSC::indexingHeaderForArray):
      (JSC::baseIndexingHeaderForArray):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::create):
      (JSC):
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      (JSC::ArrayPrototype::createStructure):
      * runtime/ArrayStorage.h: Added.
      (JSC):
      (ArrayStorage):
      (JSC::ArrayStorage::ArrayStorage):
      (JSC::ArrayStorage::from):
      (JSC::ArrayStorage::butterfly):
      (JSC::ArrayStorage::indexingHeader):
      (JSC::ArrayStorage::length):
      (JSC::ArrayStorage::setLength):
      (JSC::ArrayStorage::vectorLength):
      (JSC::ArrayStorage::setVectorLength):
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (JSC::ArrayStorage::inSparseMode):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::vectorLengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSC::ArrayStorage::indexBiasOffset):
      (JSC::ArrayStorage::sparseMapOffset):
      (JSC::ArrayStorage::sizeFor):
      * runtime/Butterfly.h: Added.
      (JSC):
      (Butterfly):
      (JSC::Butterfly::Butterfly):
      (JSC::Butterfly::totalSize):
      (JSC::Butterfly::fromBase):
      (JSC::Butterfly::offsetOfIndexingHeader):
      (JSC::Butterfly::offsetOfPublicLength):
      (JSC::Butterfly::offsetOfVectorLength):
      (JSC::Butterfly::indexingHeader):
      (JSC::Butterfly::propertyStorage):
      (JSC::Butterfly::indexingPayload):
      (JSC::Butterfly::arrayStorage):
      (JSC::Butterfly::offsetOfPropertyStorage):
      (JSC::Butterfly::indexOfPropertyStorage):
      (JSC::Butterfly::base):
      * runtime/ButterflyInlineMethods.h: Added.
      (JSC):
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::createUninitializedDuringCollection):
      (JSC::Butterfly::base):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/ClassInfo.h:
      (MethodTable):
      (JSC):
      * runtime/IndexingHeader.h: Added.
      (JSC):
      (IndexingHeader):
      (JSC::IndexingHeader::offsetOfIndexingHeader):
      (JSC::IndexingHeader::offsetOfPublicLength):
      (JSC::IndexingHeader::offsetOfVectorLength):
      (JSC::IndexingHeader::IndexingHeader):
      (JSC::IndexingHeader::vectorLength):
      (JSC::IndexingHeader::setVectorLength):
      (JSC::IndexingHeader::publicLength):
      (JSC::IndexingHeader::setPublicLength):
      (JSC::IndexingHeader::from):
      (JSC::IndexingHeader::fromEndOf):
      (JSC::IndexingHeader::propertyStorage):
      (JSC::IndexingHeader::arrayStorage):
      (JSC::IndexingHeader::butterfly):
      * runtime/IndexingHeaderInlineMethods.h: Added.
      (JSC):
      (JSC::IndexingHeader::preCapacity):
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.h: Added.
      (JSC):
      (JSC::hasIndexingHeader):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::getOwnNonIndexPropertyNames):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::getOwnNonIndexPropertyNames):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      (JSC::JSArray::JSArray):
      (JSC::JSArray::length):
      (JSC::JSArray::createStructure):
      (JSC::JSArray::isLengthWritable):
      (JSC::createArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnNonIndexPropertyNames):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC):
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::fillGetterPropertySlot):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::deallocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      (JSC::JSObject::getOwnPropertySlotSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSObject):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::butterfly):
      (JSC::JSObject::outOfLineStorage):
      (JSC::JSObject::offsetForLocation):
      (JSC::JSObject::indexingShouldBeSparse):
      (JSC::JSObject::butterflyOffset):
      (JSC::JSObject::butterflyAddress):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrZero):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::setButterflyWithoutChangingStructure):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::offsetInButterfly):
      (JSC::offsetRelativeToPatchedStorage):
      (JSC::indexRelativeToBase):
      (JSC::offsetRelativeToBase):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/JSTypeInfo.h:
      (JSC):
      (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero):
      (JSC::TypeInfo::overridesGetPropertyNames):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyOffset.h:
      (JSC::offsetInOutOfLineStorage):
      * runtime/PropertyStorage.h: Added.
      (JSC):
      * runtime/PutDirectIndexMode.h: Added.
      (JSC):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnNonIndexPropertyNames):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/Reject.h: Added.
      (JSC):
      (JSC::reject):
      * runtime/SparseArrayValueMap.cpp: Added.
      (JSC):
      * runtime/SparseArrayValueMap.h: Added.
      (JSC):
      (SparseArrayEntry):
      (JSC::SparseArrayEntry::SparseArrayEntry):
      (SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
      * runtime/SparseArrayValueMapInlineMethods.h: Added.
      (JSC):
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::~SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::destroy):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::get):
      (JSC::SparseArrayEntry::getNonSparseMode):
      (JSC::SparseArrayValueMap::visitChildren):
      * runtime/StorageBarrier.h: Removed.
      * runtime/StringObject.cpp:
      (JSC::StringObject::putByIndex):
      (JSC):
      (JSC::StringObject::deletePropertyByIndex):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::nonPropertyTransition):
      (JSC):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::indexingType):
      (JSC::Structure::indexingTypeIncludingHistory):
      (JSC::Structure::indexingTypeOffset):
      (JSC::Structure::create):
      * runtime/StructureTransitionTable.h:
      (JSC):
      (JSC::toAttributes):
      (JSC::newIndexingType):
      (JSC::StructureTransitionTable::Hash::hash):
      * tests/mozilla/js1_6/Array/regress-304828.js:
      
      Source/WebCore: 
      
      Teach the DOM that to intercept get/put on indexed properties, you now have
      to override getOwnPropertySlotByIndex and putByIndex.
      
      No new tests because no new behavior. One test was rebased because indexed
      property iteration order now matches other engines (indexed properties always
      come first).
      
      * bindings/js/ArrayValue.cpp:
      (WebCore::ArrayValue::get):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindow::putByIndex):
      (WebCore::JSDOMWindow::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindowShell::putByIndex):
      (WebCore::JSDOMWindowShell::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSWebSocketCustom.cpp:
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::serialize):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      
      LayoutTests: 
      
      Modify the JSON test to indicate that iterating over properties now returns
      indexed properties first. This is a behavior change that makes us more
      compliant with other implementations.
              
      Also check in new expected file for the edge cases of indexed property access
      with prototype accessors. This changeset introduces a known regression in that
      department, which is tracked here: https://bugs.webkit.org/show_bug.cgi?id=96596
      
      * fast/js/resources/JSON-stringify.js:
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d8dd0535
  7. 31 Aug, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSArray::putDirectIndex should by default behave like JSObject::putDirect · 3fbbc4f8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95630
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/JSArray.cpp:
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::JSArray::defineOwnNumericProperty):
      (JSC::JSArray::putDirectIndexBeyondVectorLength):
      * runtime/JSArray.h:
      (SparseArrayValueMap):
      (JSArray):
      (JSC::JSArray::putDirectIndex):
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::reifyAllProperties):
      (JSC::RegExpMatchesArray::reifyMatchProperty):
      * runtime/StringPrototype.cpp:
      (JSC::splitStringByOneCharacterImpl):
      (JSC::stringProtoFuncSplit):
      
      Source/WebCore: 
      
      No new tests because no change in behavior.
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::putProperty):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127349 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3fbbc4f8
  8. 30 Aug, 2012 2 commits
  9. 26 Jul, 2012 1 commit
  10. 26 Jun, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG::operationNewArray is unnecessarily slow, and may use the wrong array · 6c89cd3f
      fpizlo@apple.com authored
      prototype when inlined
      https://bugs.webkit.org/show_bug.cgi?id=89821
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Fixes all array allocations to use the right structure, and hence the right prototype. Adds
      inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
      empty arrays.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/JSArray.h:
      (JSC):
      (JSC::constructArray):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSC::constructArray):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
      
      * fast/js/dfg-cross-global-object-inline-new-array-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-literal.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-elements-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-elements.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-size-expected.txt: Added.
      * fast/js/dfg-cross-global-object-inline-new-array-with-size.html: Added.
      * fast/js/dfg-cross-global-object-inline-new-array.html: Added.
      * fast/js/script-tests/cross-global-object-inline-global-var.js:
      (done):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal-with-variables.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-elements.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-size.js: Added.
      (foo):
      (done):
      (doit):
      * fast/js/script-tests/dfg-cross-global-object-inline-new-array.js: Added.
      (foo):
      (done):
      (doit):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6c89cd3f
  11. 11 May, 2012 1 commit
    • barraclough@apple.com's avatar
      Introduce PropertyName class · 38d3c75b
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86241
      
      Reviewed by Geoff Garen.
      
      Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
      This change paves the way to allow for properties keyed by values that are not Identifiers.
      
      This change is largely a mechanical find & replace.
      It also changes JSFunction's constructor to take a UString& instead of an Identifier&
      (since in some cases we can no longer guarantee that we'lll have an Identifier), and
      unifies Identifier's methods to obtain array indices onto PropertyName.
      
      The new PropertyName class retains the ability to support .impl() and .ustring(), but
      in a future patch we may need to rework this, since not all PropertyNames should be
      equal based on their string representation.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlot):
      (JSC::::getOwnPropertyDescriptor):
      (JSC::::put):
      (JSC::::deleteProperty):
      (JSC::::getStaticValue):
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertySlot):
      (JSC::DebuggerActivation::put):
      (JSC::DebuggerActivation::putDirectVirtual):
      (JSC::DebuggerActivation::deleteProperty):
      (JSC::DebuggerActivation::getOwnPropertyDescriptor):
      (JSC::DebuggerActivation::defineOwnProperty):
      * debugger/DebuggerActivation.h:
      (DebuggerActivation):
      * jsc.cpp:
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      (ArrayConstructor):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      (JSC::putProperty):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      (BooleanPrototype):
      * runtime/ClassInfo.h:
      (MethodTable):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      (DateConstructor):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::getOwnPropertySlot):
      (JSC::DatePrototype::getOwnPropertyDescriptor):
      * runtime/DatePrototype.h:
      (DatePrototype):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      (ErrorPrototype):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      (FunctionPrototype):
      * runtime/Identifier.cpp:
      (JSC):
      * runtime/Identifier.h:
      (Identifier):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::deleteProperty):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      * runtime/JSArray.h:
      (JSArray):
      (JSC):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSBoundFunction.h:
      (JSBoundFunction):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnPropertySlot):
      (JSC::JSCell::put):
      (JSC::JSCell::deleteProperty):
      (JSC::JSCell::putDirectVirtual):
      (JSC::JSCell::defineOwnProperty):
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::argumentsGetter):
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::lengthGetter):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::put):
      (JSC::JSFunction::deleteProperty):
      (JSC::JSFunction::defineOwnProperty):
      (JSC::getCalculatedDisplayName):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      (JSC::JSGlobalObject::symbolTableHasProperty):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::getOwnPropertySlot):
      (JSC::JSNotAnObject::getOwnPropertyDescriptor):
      (JSC::JSNotAnObject::put):
      (JSC::JSNotAnObject::deleteProperty):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::getOwnPropertySlot):
      (JSC::JSONObject::getOwnPropertyDescriptor):
      * runtime/JSONObject.h:
      (JSONObject):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::hasProperty):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::hasOwnProperty):
      (JSC::callDefaultValueFunction):
      (JSC::JSObject::findPropertyHashEntry):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::JSObject::getPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectLocation):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::getOwnPropertySlot):
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSObject::getPropertySlot):
      (JSC::JSObject::get):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::JSValue::get):
      (JSC::JSValue::put):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSStaticScopeObject.h:
      (JSStaticScopeObject):
      * runtime/JSString.cpp:
      (JSC::JSString::getOwnPropertySlot):
      (JSC::JSString::getStringPropertyDescriptor):
      * runtime/JSString.h:
      (JSString):
      (JSC::JSString::getStringPropertySlot):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/JSValue.h:
      (JSC):
      (JSValue):
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::deleteProperty):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::putDirectVirtual):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::symbolTablePut):
      (JSC::JSVariableObject::symbolTablePutWithAttributes):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::entry):
      (JSC):
      (JSC::getStaticPropertySlot):
      (JSC::getStaticPropertyDescriptor):
      (JSC::getStaticFunctionSlot):
      (JSC::getStaticFunctionDescriptor):
      (JSC::getStaticValueSlot):
      (JSC::getStaticValueDescriptor):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::getOwnPropertySlot):
      (JSC::MathObject::getOwnPropertyDescriptor):
      * runtime/MathObject.h:
      (MathObject):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC):
      (JSC::NumberConstructor::finishCreation):
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      (JSC::NumberConstructor::put):
      (JSC::numberConstructorNaNValue):
      (JSC::numberConstructorNegInfinity):
      (JSC::numberConstructorPosInfinity):
      (JSC::numberConstructorMaxValue):
      (JSC::numberConstructorMinValue):
      * runtime/NumberConstructor.h:
      (NumberConstructor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      (NumberPrototype):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::ObjectConstructor::getOwnPropertySlot):
      (JSC::ObjectConstructor::getOwnPropertyDescriptor):
      * runtime/ObjectConstructor.h:
      (ObjectConstructor):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::defineOwnProperty):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertySlot.h:
      (PropertySlot):
      (JSC::PropertySlot::getValue):
      * runtime/RegExpConstructor.cpp:
      (JSC):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::RegExpConstructor::getOwnPropertySlot):
      (JSC::RegExpConstructor::getOwnPropertyDescriptor):
      (JSC::regExpConstructorDollar1):
      (JSC::regExpConstructorDollar2):
      (JSC::regExpConstructorDollar3):
      (JSC::regExpConstructorDollar4):
      (JSC::regExpConstructorDollar5):
      (JSC::regExpConstructorDollar6):
      (JSC::regExpConstructorDollar7):
      (JSC::regExpConstructorDollar8):
      (JSC::regExpConstructorDollar9):
      (JSC::regExpConstructorInput):
      (JSC::regExpConstructorMultiline):
      (JSC::regExpConstructorLastMatch):
      (JSC::regExpConstructorLastParen):
      (JSC::regExpConstructorLeftContext):
      (JSC::regExpConstructorRightContext):
      (JSC::RegExpConstructor::put):
      * runtime/RegExpConstructor.h:
      (RegExpConstructor):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertySlot):
      (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
      (JSC::RegExpMatchesArray::put):
      (JSC::RegExpMatchesArray::deleteProperty):
      (JSC::RegExpMatchesArray::defineOwnProperty):
      * runtime/RegExpObject.cpp:
      (JSC):
      (JSC::RegExpObject::getOwnPropertySlot):
      (JSC::RegExpObject::getOwnPropertyDescriptor):
      (JSC::RegExpObject::deleteProperty):
      (JSC::RegExpObject::defineOwnProperty):
      (JSC::regExpObjectGlobal):
      (JSC::regExpObjectIgnoreCase):
      (JSC::regExpObjectMultiline):
      (JSC::regExpObjectSource):
      (JSC::RegExpObject::put):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      (RegExpPrototype):
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::deleteProperty):
      * runtime/StrictEvalActivation.h:
      (StrictEvalActivation):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      (StringConstructor):
      * runtime/StringObject.cpp:
      (JSC::StringObject::getOwnPropertySlot):
      (JSC::StringObject::getOwnPropertyDescriptor):
      (JSC::StringObject::put):
      (JSC::StringObject::defineOwnProperty):
      (JSC::StringObject::deleteProperty):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::getOwnPropertySlot):
      (JSC::StringPrototype::getOwnPropertyDescriptor):
      * runtime/StringPrototype.h:
      (StringPrototype):
      * runtime/Structure.cpp:
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::get):
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::cssPropertyIDForJSCSSPropertyName):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertyDescriptorDelegate):
      (WebCore::JSCSSStyleDeclaration::putDelegate):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::findAtomicString):
      (WebCore::objectToStringFunctionGetter):
      * bindings/js/JSDOMBinding.h:
      (WebCore):
      (WebCore::propertyNameToString):
      (WebCore::propertyNameToAtomicString):
      * bindings/js/JSDOMMimeTypeArrayCustom.cpp:
      (WebCore::JSDOMMimeTypeArray::canGetItemsForName):
      (WebCore::JSDOMMimeTypeArray::nameGetter):
      * bindings/js/JSDOMPluginArrayCustom.cpp:
      (WebCore::JSDOMPluginArray::canGetItemsForName):
      (WebCore::JSDOMPluginArray::nameGetter):
      * bindings/js/JSDOMPluginCustom.cpp:
      (WebCore::JSDOMPlugin::canGetItemsForName):
      (WebCore::JSDOMPlugin::nameGetter):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::canGetItemsForName):
      (WebCore::JSDOMStringMap::nameGetter):
      (WebCore::JSDOMStringMap::deleteProperty):
      (WebCore::JSDOMStringMap::putDelegate):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::nonCachingStaticFunctionGetter):
      (WebCore::childFrameGetter):
      (WebCore::namedItemGetter):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindow::put):
      (WebCore::JSDOMWindow::deleteProperty):
      (WebCore::JSDOMWindow::defineOwnProperty):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlot):
      (WebCore::JSDOMWindowShell::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindowShell::put):
      (WebCore::JSDOMWindowShell::putDirectVirtual):
      (WebCore::JSDOMWindowShell::defineOwnProperty):
      (WebCore::JSDOMWindowShell::deleteProperty):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHTMLAllCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::callHTMLAllCollection):
      (WebCore::JSHTMLAllCollection::canGetItemsForName):
      (WebCore::JSHTMLAllCollection::nameGetter):
      (WebCore::JSHTMLAllCollection::item):
      * bindings/js/JSHTMLAppletElementCustom.cpp:
      (WebCore::JSHTMLAppletElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLAppletElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLAppletElement::putDelegate):
      * bindings/js/JSHTMLCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::JSHTMLCollection::canGetItemsForName):
      (WebCore::JSHTMLCollection::nameGetter):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::canGetItemsForName):
      (WebCore::JSHTMLDocument::nameGetter):
      * bindings/js/JSHTMLEmbedElementCustom.cpp:
      (WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLEmbedElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLEmbedElement::putDelegate):
      * bindings/js/JSHTMLFormElementCustom.cpp:
      (WebCore::JSHTMLFormElement::canGetItemsForName):
      (WebCore::JSHTMLFormElement::nameGetter):
      * bindings/js/JSHTMLFrameSetElementCustom.cpp:
      (WebCore::JSHTMLFrameSetElement::canGetItemsForName):
      (WebCore::JSHTMLFrameSetElement::nameGetter):
      * bindings/js/JSHTMLObjectElementCustom.cpp:
      (WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLObjectElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLObjectElement::putDelegate):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::nonCachingStaticBackFunctionGetter):
      (WebCore::nonCachingStaticForwardFunctionGetter):
      (WebCore::nonCachingStaticGoFunctionGetter):
      (WebCore::JSHistory::getOwnPropertySlotDelegate):
      (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHistory::putDelegate):
      (WebCore::JSHistory::deleteProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::nonCachingStaticReplaceFunctionGetter):
      (WebCore::nonCachingStaticReloadFunctionGetter):
      (WebCore::nonCachingStaticAssignFunctionGetter):
      (WebCore::JSLocation::getOwnPropertySlotDelegate):
      (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
      (WebCore::JSLocation::putDelegate):
      (WebCore::JSLocation::deleteProperty):
      (WebCore::JSLocation::defineOwnProperty):
      (WebCore::JSLocationPrototype::putDelegate):
      (WebCore::JSLocationPrototype::defineOwnProperty):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::canGetItemsForName):
      (WebCore::JSNamedNodeMap::nameGetter):
      * bindings/js/JSNodeListCustom.cpp:
      (WebCore::JSNodeList::canGetItemsForName):
      (WebCore::JSNodeList::nameGetter):
      * bindings/js/JSPluginElementFunctions.cpp:
      (WebCore::runtimeObjectPropertyGetter):
      (WebCore::runtimeObjectCustomGetOwnPropertySlot):
      (WebCore::runtimeObjectCustomGetOwnPropertyDescriptor):
      (WebCore::runtimeObjectCustomPut):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::canGetItemsForName):
      (WebCore::JSStorage::nameGetter):
      (WebCore::JSStorage::deleteProperty):
      (WebCore::JSStorage::putDelegate):
      * bindings/js/JSStyleSheetListCustom.cpp:
      (WebCore::JSStyleSheetList::canGetItemsForName):
      (WebCore::JSStyleSheetList::nameGetter):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::getOwnPropertySlotDelegate):
      (WebCore::JSWorkerContext::getOwnPropertyDescriptorDelegate):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertySlotBody):
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_class.h:
      (CClass):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      (JSC::Bindings::CInstance::getMethod):
      * bridge/c/c_instance.h:
      (CInstance):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::methodsNamed):
      (JavaClass::fieldNamed):
      * bridge/jni/jsc/JavaClassJSC.h:
      (JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaRuntimeMethod::create):
      (JavaRuntimeMethod::finishCreation):
      * bridge/jni/jsc/JavaInstanceJSC.h:
      (JavaInstance):
      * bridge/jsc/BridgeJSC.h:
      (Class):
      (JSC::Bindings::Class::fallbackObject):
      (JSC::Bindings::Instance::setValueOfUndefinedField):
      (Instance):
      (JSC::Bindings::Instance::getOwnPropertySlot):
      (JSC::Bindings::Instance::getOwnPropertyDescriptor):
      (JSC::Bindings::Instance::put):
      * bridge/objc/objc_class.h:
      (ObjcClass):
      * bridge/objc/objc_class.mm:
      (JSC::Bindings::ObjcClass::methodsNamed):
      (JSC::Bindings::ObjcClass::fieldNamed):
      (JSC::Bindings::ObjcClass::fallbackObject):
      * bridge/objc/objc_instance.h:
      (ObjcInstance):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::finishCreation):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::create):
      (JSC::Bindings::ObjcFallbackObjectImp::propertyName):
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertyDescriptor):
      (JSC::Bindings::ObjcFallbackObjectImp::put):
      (JSC::Bindings::callObjCFallbackObject):
      (JSC::Bindings::ObjcFallbackObjectImp::deleteProperty):
      (JSC::Bindings::ObjcFallbackObjectImp::defaultValue):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::lengthGetter):
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertyDescriptor):
      (JSC::RuntimeArray::put):
      (JSC::RuntimeArray::deleteProperty):
      * bridge/runtime_array.h:
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      (JSC::RuntimeMethod::lengthGetter):
      (JSC::RuntimeMethod::getOwnPropertySlot):
      (JSC::RuntimeMethod::getOwnPropertyDescriptor):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
      (JSC::Bindings::RuntimeObject::fieldGetter):
      (JSC::Bindings::RuntimeObject::methodGetter):
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      (JSC::Bindings::RuntimeObject::getOwnPropertyDescriptor):
      (JSC::Bindings::RuntimeObject::put):
      (JSC::Bindings::RuntimeObject::deleteProperty):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/ProxyInstance.h:
      (ProxyInstance):
      * Plugins/Hosted/ProxyInstance.mm:
      (ProxyClass):
      (WebKit::ProxyClass::methodsNamed):
      (WebKit::ProxyClass::fieldNamed):
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getMethod):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (JSNPObject):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116828 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      38d3c75b
  12. 20 Apr, 2012 1 commit
  13. 18 Apr, 2012 1 commit
    • benjamin@webkit.org's avatar
      Remove m_subclassData from JSArray, move the attribute to subclass as needed · 01a43ea1
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=84249
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-04-18
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves
      the attribute to RuntimeArray to avoid allocating memory for the pointer in the common
      case.
      
      This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations
      of CopiedSpace.
      
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      * runtime/JSArray.cpp:
      (JSC::JSArray::JSArray):
      * runtime/JSArray.h:
      
      Source/WebCore: 
      
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::getLength):
      (JSC::RuntimeArray::getConcreteArray):
      (RuntimeArray):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114539 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      01a43ea1
  14. 06 Apr, 2012 1 commit
    • benjamin@webkit.org's avatar
      Do not abuse ArrayStorage's m_length for testing array consistency · 83c15267
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=83403
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-04-06
      Reviewed by Geoffrey Garen.
      
      Array creation from a list of values is a 3 steps process:
      -JSArray::tryCreateUninitialized()
      -JSArray::initializeIndex() for each values
      -JSArray::completeInitialization()
      
      Previously, the attribute m_length was not set to the final size
      JSArray::tryCreateUninitialized() because it was used to test the array
      consistency JSArray::initializeIndex().
      
      This caused the initialization loop using JSArray::initializeIndex() maintain
      two counters:
      -index of the loop
      -storage->m_length++
      
      This patch fixes this by using the index of the initialization loop for the indinces of
      JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex
      is introduced if CHECK_ARRAY_CONSISTENCY is defined.
      
      The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined.
      
      This improves the performance of JSArray creation from literals by 8%.
      
      * runtime/JSArray.cpp:
      (JSC::JSArray::tryFinishCreationUninitialized):
      (JSC::JSArray::checkConsistency):
      * runtime/JSArray.h:
      (ArrayStorage):
      (JSC::JSArray::initializeIndex):
      (JSC::JSArray::completeInitialization):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113530 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      83c15267
  15. 05 Apr, 2012 1 commit
    • oliver@apple.com's avatar
      Replace static_cast with jsCast when casting JSCell subclasses in JSC · 0c59caf6
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=83307
      
      Reviewed by Gavin Barraclough.
      
      Replace all usage of static_cast<JSCell subtype*> with jsCast<> in JavaScriptCore.
      This results in assertions when unsafe casts are performed, but simply leaves
      a static_cast<> in release builds.
      
      * API/APICast.h:
      (toJS):
      * API/JSCallbackConstructor.cpp:
      (JSC::constructJSCallback):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::call):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::asCallbackObject):
      (JSC::::finishCreation):
      (JSC::::construct):
      (JSC::::call):
      * API/JSObjectRef.cpp:
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp:
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::finishCreation):
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.h:
      (JSC::isHostFunction):
      * runtime/JSActivation.h:
      (JSC::asActivation):
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      * runtime/JSArray.h:
      (JSC::asArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      * runtime/JSByteArray.h:
      (JSC::asByteArray):
      * runtime/JSCell.cpp:
      (JSC::JSCell::toObject):
      * runtime/JSCell.h:
      (JSC::jsCast):
      * runtime/JSGlobalObject.h:
      (JSC::asGlobalObject):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
      * runtime/JSObject.cpp:
      (JSC::JSObject::setPrototypeWithCycleCheck):
      (JSC::JSObject::allowsAccessFrom):
      (JSC::JSObject::toThisObject):
      (JSC::JSObject::unwrappedObject):
      * runtime/JSObject.h:
      (JSC::asObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC::Register::propertyNameIterator):
      * runtime/JSString.h:
      (JSC::asString):
      (JSC::JSValue::toString):
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncSubstr):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113363 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0c59caf6
  16. 29 Mar, 2012 1 commit
    • caio.oliveira@openbossa.org's avatar
      HashMap<>::add should return a more descriptive object · 4c11ee05
      caio.oliveira@openbossa.org authored
      https://bugs.webkit.org/show_bug.cgi?id=71063
      
      Reviewed by Ryosuke Niwa.
      
      Source/JavaScriptCore:
      
      Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps
      the iterator type, there's a need for its own AddResult type -- instantiated from
      HashTableAddResult template class.
      
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
      * API/JSClassRef.cpp:
      (OpaqueJSClass::contextData):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::addVar):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::addConstant):
      (JSC::BytecodeGenerator::addConstantValue):
      (JSC::BytecodeGenerator::emitLoad):
      (JSC::BytecodeGenerator::addStringConstant):
      (JSC::BytecodeGenerator::emitLazyNewFunction):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::PropertyListNode::emitBytecode):
      * debugger/Debugger.cpp:
      * dfg/DFGAssemblyHelpers.cpp:
      (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::cellConstant):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::ctiStub):
      (JSC::JITThunks::hostFunctionStub):
      * parser/Parser.cpp:
      (JSC::::parseStrictObjectLiteral):
      * parser/Parser.h:
      (JSC::Scope::declareParameter):
      * runtime/Identifier.cpp:
      (JSC::Identifier::add):
      (JSC::Identifier::add8):
      (JSC::Identifier::addSlowCase):
      * runtime/Identifier.h:
      (JSC::Identifier::add):
      (JSC::IdentifierTable::add):
      * runtime/JSArray.cpp:
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::put):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::JSArray::enterDictionaryMode):
      (JSC::JSArray::defineOwnNumericProperty):
      * runtime/JSArray.h:
      (SparseArrayValueMap):
      * runtime/PropertyNameArray.cpp:
      (JSC::PropertyNameArray::add):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      * runtime/Structure.cpp:
      (JSC::StructureTransitionTable::add):
      * runtime/WeakGCMap.h:
      (WeakGCMap):
      (JSC::WeakGCMap::add):
      (JSC::WeakGCMap::set):
      * tools/ProfileTreeNode.h:
      (JSC::ProfileTreeNode::sampleChild):
      
      Source/WebCore:
      
      Update code to use AddResult instead of a pair. No new tests, just a refactoring.
      
      * Modules/webdatabase/SQLTransactionCoordinator.cpp:
      (WebCore::SQLTransactionCoordinator::acquireLock):
      * Modules/webdatabase/chromium/QuotaTracker.cpp:
      (WebCore::QuotaTracker::updateDatabaseSize):
      * bindings/js/DOMObjectHashTableMap.h:
      (WebCore::DOMObjectHashTableMap::get):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::cacheDOMStructure):
      * bindings/js/JSDOMBinding.h:
      (WebCore::cacheWrapper):
      * bindings/js/JSDOMGlobalObject.h:
      (WebCore::getDOMConstructor):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::addListener):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::setBreakpoint):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::startObjectInternal):
      (WebCore::CloneSerializer::write):
      * bindings/v8/NPV8Object.cpp:
      (WebCore::npCreateV8ScriptObject):
      * bridge/IdentifierRep.cpp:
      (WebCore::IdentifierRep::get):
      * bridge/NP_jsobject.cpp:
      (ObjectMap::add):
      * css/CSSComputedStyleDeclaration.cpp:
      (WebCore::logUnimplementedPropertyID):
      * css/CSSFontFaceSource.cpp:
      (WebCore::CSSFontFaceSource::getFontData):
      * css/CSSFontSelector.cpp:
      (WebCore::CSSFontSelector::addFontFaceRule):
      (WebCore::CSSFontSelector::getFontData):
      * css/CSSSegmentedFontFace.cpp:
      (WebCore::CSSSegmentedFontFace::getFontData):
      * css/CSSStyleApplyProperty.cpp:
      (WebCore::ApplyPropertyCounter::applyInheritValue):
      (WebCore::ApplyPropertyCounter::applyValue):
      * css/CSSStyleSelector.cpp:
      (WebCore::CSSStyleSelector::appendAuthorStylesheets):
      (WebCore::CSSStyleSelector::collectMatchingRulesForList):
      * css/CSSValuePool.cpp:
      (WebCore::CSSValuePool::createIdentifierValue):
      (WebCore::CSSValuePool::createColorValue):
      (WebCore::CSSValuePool::createValue):
      (WebCore::CSSValuePool::createFontFamilyValue):
      (WebCore::CSSValuePool::createFontFaceValue):
      * dom/CheckedRadioButtons.cpp:
      (WebCore::RadioButtonGroup::add):
      (WebCore::CheckedRadioButtons::addButton):
      * dom/ChildListMutationScope.cpp:
      (WebCore::ChildListMutationScope::MutationAccumulationRouter::incrementScopingLevel):
      * dom/Document.cpp:
      (WebCore::Document::windowNamedItems):
      (WebCore::Document::documentNamedItems):
      (WebCore::Document::getCSSCanvasElement):
      (WebCore::Document::getItems):
      * dom/DocumentEventQueue.cpp:
      (WebCore::DocumentEventQueue::enqueueEvent):
      (WebCore::DocumentEventQueue::enqueueOrDispatchScrollEvent):
      (WebCore::DocumentEventQueue::pendingEventTimerFired):
      * dom/DocumentOrderedMap.cpp:
      (WebCore::DocumentOrderedMap::add):
      * dom/EventListenerMap.cpp:
      (WebCore::EventListenerMap::add):
      * dom/Node.cpp:
      (WebCore::Node::dumpStatistics):
      (WebCore::Node::getElementsByTagName):
      (WebCore::Node::getElementsByTagNameNS):
      (WebCore::Node::getElementsByName):
      (WebCore::Node::getElementsByClassName):
      (WebCore::Node::collectMatchingObserversForMutation):
      * dom/QualifiedName.cpp:
      (WebCore::QualifiedName::init):
      * dom/SpaceSplitString.cpp:
      (WebCore::SpaceSplitStringData::create):
      * dom/StyledElement.cpp:
      (WebCore::StyledElement::updateAttributeStyle):
      * html/HTMLCollection.cpp:
      (WebCore::HTMLCollection::append):
      * inspector/DOMPatchSupport.cpp:
      (WebCore::DOMPatchSupport::diff):
      * inspector/InspectorCSSAgent.cpp:
      (WebCore::SelectorProfile::commitSelector):
      * inspector/InspectorDOMAgent.cpp:
      (WebCore::InspectorDOMAgent::performSearch):
      * inspector/InspectorDebuggerAgent.cpp:
      (WebCore::InspectorDebuggerAgent::resolveBreakpoint):
      * inspector/InspectorValues.h:
      (WebCore::InspectorObject::setValue):
      (WebCore::InspectorObject::setObject):
      (WebCore::InspectorObject::setArray):
      * loader/appcache/ApplicationCacheGroup.cpp:
      (WebCore::ApplicationCacheGroup::addEntry):
      * loader/appcache/ApplicationCacheStorage.cpp:
      (WebCore::ApplicationCacheStorage::findOrCreateCacheGroup):
      * page/EventHandler.cpp:
      (WebCore::EventHandler::handleTouchEvent):
      * page/PageGroup.cpp:
      (WebCore::PageGroup::pageGroup):
      (WebCore::PageGroup::addVisitedLink):
      (WebCore::PageGroup::addUserScriptToWorld):
      (WebCore::PageGroup::addUserStyleSheetToWorld):
      * page/SecurityPolicy.cpp:
      (WebCore::SecurityPolicy::addOriginAccessWhitelistEntry):
      * page/TouchAdjustment.cpp:
      (WebCore::TouchAdjustment::compileSubtargetList):
      * platform/cf/BinaryPropertyList.cpp:
      (WebCore::BinaryPropertyListPlan::writeInteger):
      (WebCore::BinaryPropertyListPlan::writeString):
      (WebCore::BinaryPropertyListPlan::writeIntegerArray):
      * platform/graphics/blackberry/LayerTiler.cpp:
      (WebCore::LayerTiler::addTileJob):
      * platform/graphics/ca/GraphicsLayerCA.cpp:
      (WebCore::GraphicsLayerCA::findOrMakeClone):
      * platform/graphics/ca/mac/TileCache.mm:
      (WebCore::TileCache::revalidateTiles):
      * platform/graphics/ca/win/LayerChangesFlusher.cpp:
      (WebCore::LayerChangesFlusher::flushPendingLayerChangesSoon):
      * platform/graphics/chromium/FontUtilsChromiumWin.cpp:
      (WebCore::getDerivedFontData):
      * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
      (WebCore::CCLayerAnimationController::startAnimationsWaitingForTargetAvailability):
      * platform/graphics/mac/ComplexTextControllerATSUI.cpp:
      (WebCore::initializeATSUStyle):
      * platform/graphics/mac/SimpleFontDataCoreText.cpp:
      (WebCore::SimpleFontData::getCFStringAttributes):
      * platform/graphics/mac/SimpleFontDataMac.mm:
      (WebCore::SimpleFontData::canRenderCombiningCharacterSequence):
      * platform/graphics/wince/FontPlatformData.cpp:
      (WebCore::FixedSizeFontData::create):
      * platform/gtk/RenderThemeGtk3.cpp:
      (WebCore::getStyleContext):
      * platform/mac/ThreadCheck.mm:
      (WebCoreReportThreadViolation):
      * platform/network/HTTPHeaderMap.cpp:
      (WebCore::HTTPHeaderMap::add):
      * platform/network/HTTPHeaderMap.h:
      (HTTPHeaderMap):
      * platform/network/ResourceRequestBase.cpp:
      (WebCore::ResourceRequestBase::addHTTPHeaderField):
      * plugins/PluginDatabase.cpp:
      (WebCore::PluginDatabase::add):
      (WebCore::PluginDatabase::loadPersistentMetadataCache):
      * plugins/win/PluginDatabaseWin.cpp:
      (WebCore::PluginDatabase::getPluginPathsInDirectories):
      * rendering/RenderBlock.cpp:
      (WebCore::RenderBlock::addPercentHeightDescendant):
      * rendering/RenderBlockLineLayout.cpp:
      (WebCore::setLogicalWidthForTextRun):
      * rendering/RenderNamedFlowThread.cpp:
      (WebCore::RenderNamedFlowThread::addDependencyOnFlowThread):
      * rendering/RenderRegion.cpp:
      (WebCore::RenderRegion::setRenderBoxRegionInfo):
      * rendering/svg/RenderSVGResourceGradient.cpp:
      (WebCore::RenderSVGResourceGradient::applyResource):
      * rendering/svg/RenderSVGResourcePattern.cpp:
      (WebCore::RenderSVGResourcePattern::applyResource):
      * storage/StorageMap.cpp:
      (WebCore::StorageMap::setItem):
      (WebCore::StorageMap::importItem):
      * svg/SVGDocumentExtensions.cpp:
      (WebCore::SVGDocumentExtensions::addPendingResource):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::setRequestHeaderInternal):
      * xml/XPathFunctions.cpp:
      (WebCore::XPath::FunId::evaluate):
      * xml/XPathPath.cpp:
      (WebCore::XPath::LocationPath::evaluate):
      * xml/XPathPredicate.cpp:
      (WebCore::XPath::Union::evaluate):
      
      Source/WebKit/chromium:
      
      Update code to use AddResult instead of a pair.
      
      * src/WebHTTPLoadInfo.cpp:
      (WebKit::addHeader):
      * src/WebURLResponse.cpp:
      (WebKit::WebURLResponse::addHTTPHeaderField):
      
      Source/WebKit/mac:
      
      Update code to use AddResult instead of a pair.
      
      * Plugins/Hosted/NetscapePluginHostManager.mm:
      (WebKit::NetscapePluginHostManager::hostForPlugin):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      * WebCoreSupport/WebNotificationClient.mm:
      (WebNotificationClient::show):
      
      Source/WebKit/win:
      
      Update code to use AddResult instead of a pair.
      
      * WebKitCOMAPI.cpp:
      (classFactory):
      
      Source/WebKit2:
      
      Update code to use AddResult instead of a pair.
      
      * Platform/CoreIPC/ArgumentCoders.h:
      * Platform/CoreIPC/Connection.cpp:
      (CoreIPC::Connection::SyncMessageState::getOrCreate):
      * Shared/MutableDictionary.cpp:
      (WebKit::MutableDictionary::add):
      (WebKit::MutableDictionary::set):
      * Shared/UserMessageCoders.h:
      (WebKit::UserMessageDecoder::baseDecode):
      * Shared/mac/CommandLineMac.cpp:
      (WebKit::CommandLine::parse):
      * UIProcess/API/mac/WKPrintingView.mm:
      (pageDidDrawToPDF):
      * UIProcess/API/mac/WKView.mm:
      (-[WKView validateUserInterfaceItem:]):
      * UIProcess/WebProcessProxy.cpp:
      (WebKit::WebProcessProxy::addBackForwardItem):
      * WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp:
      (WebKit::InjectedBundleNodeHandle::getOrCreate):
      * WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:
      (WebKit::InjectedBundleRangeHandle::getOrCreate):
      * WebProcess/Notifications/WebNotificationManager.cpp:
      (WebKit::WebNotificationManager::show):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::createWebPage):
      (WebKit::WebProcess::webPageGroup):
      
      Source/WTF:
      
      Make HashTable<>::add() and derivate functions return an AddResult struct instead
      of a pair. This struct contains contains 'iterator' and 'isNewEntry' members, that are
      more readable at callsites than previous 'first' and 'second'.
      
      * wtf/HashCountedSet.h:
      (HashCountedSet):
      (WTF::::add):
      * wtf/HashMap.h:
      (HashMap):
      (WTF):
      (WTF::::set):
      * wtf/HashSet.h:
      (HashSet):
      (WTF::::add):
      (WTF):
      * wtf/HashTable.h:
      (WTF::HashTableAddResult::HashTableAddResult):
      (HashTableAddResult):
      (WTF):
      (HashTable):
      (WTF::HashTable::add):
      (WTF::::add):
      (WTF::::addPassingHashCode):
      * wtf/ListHashSet.h:
      (ListHashSet):
      (WTF::::add):
      (WTF::::insertBefore):
      * wtf/RefPtrHashMap.h:
      (WTF):
      (WTF::::set):
      * wtf/Spectrum.h:
      (WTF::Spectrum::add):
      * wtf/WTFThreadData.cpp:
      (JSC::IdentifierTable::add):
      * wtf/WTFThreadData.h:
      (IdentifierTable):
      * wtf/text/AtomicString.cpp:
      (WTF::addToStringTable):
      (WTF::AtomicString::addSlowCase):
      
      Tools:
      
      Update code to use AddResult instead of a pair.
      
      * DumpRenderTree/mac/LayoutTestControllerMac.mm:
      (LayoutTestController::evaluateScriptInIsolatedWorld):
      * DumpRenderTree/win/LayoutTestControllerWin.cpp:
      (LayoutTestController::evaluateScriptInIsolatedWorld):
      * WebKitTestRunner/InjectedBundle/LayoutTestController.cpp:
      (WTR::LayoutTestController::evaluateScriptInIsolatedWorld):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@112555 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4c11ee05
  17. 07 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      Array.prototype functions should throw if delete fails · 1052f503
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80467
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
      In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
      in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
      one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
      routines, for handling arrays with holes. These three copies should be unified.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::shift):
      (JSC::unshift):
          - Added - shared copies of the shift/unshift functionality.
      (JSC::arrayProtoFuncPop):
          - should throw if the delete fails.
      (JSC::arrayProtoFuncReverse):
          - should throw if the delete fails.
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
          - use shift/unshift.
      * runtime/JSArray.cpp:
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
          - Don't try to handle arrays with holes; return a value indicating
            the generic routine should be used instead.
      * runtime/JSArray.h:
          - declaration for shiftCount/unshiftCount changed.
      * tests/mozilla/js1_6/Array/regress-304828.js:
          - this was asserting incorrect behaviour.
      
      LayoutTests: 
      
      * fast/js/mozilla/strict/15.4.4.12-expected.txt:
      * fast/js/mozilla/strict/15.4.4.13-expected.txt:
      * fast/js/mozilla/strict/15.4.4.6-expected.txt:
      * fast/js/mozilla/strict/15.4.4.8-expected.txt:
      * fast/js/mozilla/strict/15.4.4.9-expected.txt:
          - check in passing test results.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@110026 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1052f503
  18. 06 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      putByIndex should throw in strict mode · b1db28d8
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80335
      
      Reviewed by Filip Pizlo.
      
      Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
      
      Source/JavaScriptCore: 
      
      This is a largely mechanical change, simply adding an extra parameter to a number
      of functions. Some call sites need perform additional exception checks, and
      operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
      
      This patch doesn't fix a missing throw from some cases of shift/unshift (this is
      an existing bug), I'll follow up with a third patch to handle that.
      
      * API/JSObjectRef.cpp:
      (JSObjectSetPropertyAtIndex):
      * JSCTypedArrayStubs.h:
      (JSC):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      * runtime/ClassInfo.h:
      (MethodTable):
      * runtime/JSArray.cpp:
      (JSC::SparseArrayValueMap::put):
      (JSC::JSArray::put):
      (JSC::JSArray::putByIndex):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      * runtime/JSArray.h:
      (SparseArrayValueMap):
      (JSArray):
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::putByIndex):
      * runtime/JSByteArray.h:
      (JSByteArray):
      * runtime/JSCell.cpp:
      (JSC::JSCell::putByIndex):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::putByIndex):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putByIndex):
      * runtime/JSObject.h:
      (JSC::JSValue::putByIndex):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpMatchesArray::fillArrayInstance):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::putByIndex):
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncSplit):
      
      Source/WebCore: 
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::putProperty):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/NP_jsobject.cpp:
      (_NPN_SetProperty):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::setSlot):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::putByIndex):
      * bridge/runtime_array.h:
      (RuntimeArray):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::setProperty):
      
      LayoutTests: 
      
      * fast/js/Object-defineProperty-expected.txt:
      * fast/js/mozilla/strict/15.4.4.12-expected.txt:
      * fast/js/mozilla/strict/15.4.4.13-expected.txt:
      * fast/js/mozilla/strict/15.4.4.8-expected.txt:
      * fast/js/mozilla/strict/15.4.4.9-expected.txt:
      * fast/js/mozilla/strict/15.5.5.2-expected.txt:
      * fast/js/mozilla/strict/8.12.5-expected.txt:
      * fast/js/preventExtensions-expected.txt:
      * fast/js/primitive-property-access-edge-cases-expected.txt:
          - Checking in passing test results.
      * fast/js/script-tests/Object-defineProperty.js:
          - Added test cases for putting to numeric properties where property is read-only,
            length is read-only, or property is accessor with missing set function.
      * fast/js/script-tests/preventExtensions.js:
          - Added test case, putting numeric property to non-extensible array.
      * fast/js/script-tests/primitive-property-access-edge-cases.js:
          - Enabled test cases for putting numeric properties to primitive strings.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109866 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b1db28d8
  19. 03 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      Split JSArray's [[Put]] & [[DefineOwnProperty]] traps. · cd37404e
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80217
      
      Reviewed by Filip Pizlo.
      
      putByIndex() provides similar behavior to put(), but for indexed property names.
      Many places in ArrayPrototype call putByIndex() where they really mean to call
      [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
      calling numeric accessors (& respecting numeric read only properties) on the
      prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
      putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::reject):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::JSArray::defineOwnNumericProperty):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::putDirectIndexBeyondVectorLength):
      * runtime/JSArray.h:
      (SparseArrayValueMap):
      (JSArray):
      (JSC::JSArray::putDirectIndex):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109673 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd37404e
  20. 26 Feb, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Implement fast path for op_new_array in the baseline JIT · 87ff87df
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=78612
      
      Reviewed by Filip Pizlo.
      
      heap/CopiedAllocator.h:
      (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
      * heap/CopiedSpace.h:
      (CopiedSpace): Friended the JIT to allow access to isOversize.
      (JSC::CopiedSpace::allocator):
      * heap/Heap.h:
      (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
      can use it for simple allocation i.e. when we can just bump the offset without having to 
      do anything else.
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
      we have to bail out because the fast allocation path fails for whatever reason.
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
      allocate generic backing stores. This function is used by emitAllocateJSArray.
      (JSC):
      (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
      more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
      it will also be used for emit_op_new_array_buffer.
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
      a stub call for oversize arrays.
      (JSC):
      (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 
      fail in any way on the fast path.
      * runtime/JSArray.cpp:
      (JSC):
      * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
      initialize in the JIT.
      (ArrayStorage):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::allocBaseOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSArray):
      (JSC::JSArray::sparseValueMapOffset):
      (JSC::JSArray::subclassDataOffset):
      (JSC::JSArray::indexBiasOffset):
      (JSC):
      (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
      to being a static function in the JSArray class. This move allows the JIT to call it to 
      see what size it should allocate.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108934 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      87ff87df
  21. 22 Feb, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Allocations from CopiedBlocks should always be 8-byte aligned · bd5ac227
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=79271
      
      Reviewed by Geoffrey Garen.
      
      * heap/CopiedAllocator.h:
      (JSC::CopiedAllocator::allocate):
      * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always 
      guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
      (CopiedBlock):
      * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
      (JSC::CopiedSpace::tryAllocateOversize):
      (JSC::CopiedSpace::getFreshBlock):
      * heap/CopiedSpaceInlineMethods.h:
      (JSC::CopiedSpace::allocateFromBlock):
      * runtime/JSArray.h:
      (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte 
      aligned on both 64- and 32-bit platforms.
      * wtf/StdLibExtras.h:
      (WTF::is8ByteAligned): Added new utility function that functions similarly to the 
      way isPointerAligned does, but it just always checks for 8 byte alignment.
      (WTF):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108553 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bd5ac227
  22. 21 Feb, 2012 2 commits
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 7bbcaab7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108444 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7bbcaab7
    • aroben@apple.com's avatar
      Roll out r108309, r108323, and r108326 · e089d623
      aroben@apple.com authored
      They broke the 32-bit Lion build.
      
      Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      * bytecode/BytecodeConventions.h: Removed.
      * bytecode/CallLinkStatus.cpp:
      * bytecode/CallLinkStatus.h:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/GetByIdStatus.cpp:
      * bytecode/GetByIdStatus.h:
      * bytecode/Instruction.h:
      * bytecode/LLIntCallLinkInfo.h: Removed.
      * bytecode/MethodCallLinkStatus.cpp:
      * bytecode/Opcode.cpp:
      * bytecode/Opcode.h:
      * bytecode/PutByIdStatus.cpp:
      * bytecode/PutByIdStatus.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCapabilities.h:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      * heap/MarkStack.cpp:
      * heap/MarkedAllocator.h:
      * heap/MarkedSpace.h:
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * interpreter/Interpreter.h:
      * interpreter/RegisterFile.h:
      * jit/ExecutableAllocator.h:
      * jit/HostCallReturnValue.cpp: Removed.
      * jit/HostCallReturnValue.h: Removed.
      * jit/JIT.cpp:
      * jit/JITCode.h:
      * jit/JITDriver.h:
      * jit/JITExceptions.cpp:
      * jit/JITInlineMethods.h:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/JSInterfaceJIT.h:
      * llint/LLIntCommon.h: Removed.
      * llint/LLIntData.cpp: Removed.
      * llint/LLIntData.h: Removed.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntExceptions.cpp: Removed.
      * llint/LLIntExceptions.h: Removed.
      * llint/LLIntOfflineAsmConfig.h: Removed.
      * llint/LLIntOffsetsExtractor.cpp: Removed.
      * llint/LLIntSlowPaths.cpp: Removed.
      * llint/LLIntSlowPaths.h: Removed.
      * llint/LLIntThunks.cpp: Removed.
      * llint/LLIntThunks.h: Removed.
      * llint/LowLevelInterpreter.asm: Removed.
      * llint/LowLevelInterpreter.cpp: Removed.
      * llint/LowLevelInterpreter.h: Removed.
      * offlineasm/armv7.rb: Removed.
      * offlineasm/asm.rb: Removed.
      * offlineasm/ast.rb: Removed.
      * offlineasm/backends.rb: Removed.
      * offlineasm/generate_offset_extractor.rb: Removed.
      * offlineasm/instructions.rb: Removed.
      * offlineasm/offset_extractor_constants.rb: Removed.
      * offlineasm/offsets.rb: Removed.
      * offlineasm/opt.rb: Removed.
      * offlineasm/parser.rb: Removed.
      * offlineasm/registers.rb: Removed.
      * offlineasm/self_hash.rb: Removed.
      * offlineasm/settings.rb: Removed.
      * offlineasm/transform.rb: Removed.
      * offlineasm/x86.rb: Removed.
      * runtime/CodeSpecializationKind.h: Removed.
      * runtime/CommonSlowPaths.h:
      * runtime/Executable.cpp:
      * runtime/Executable.h:
      * runtime/ExecutionHarness.h: Removed.
      * runtime/JSArray.h:
      * runtime/JSCell.h:
      * runtime/JSFunction.h:
      * runtime/JSGlobalData.cpp:
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.h:
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSString.h:
      * runtime/JSTypeInfo.h:
      * runtime/JSValue.cpp:
      * runtime/JSValue.h:
      * runtime/JSVariableObject.h:
      * runtime/Options.cpp:
      * runtime/Options.h:
      * runtime/ScopeChain.h:
      * runtime/Structure.cpp:
      * runtime/Structure.h:
      * runtime/StructureChain.h:
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      * wtf/text/StringImpl.h:
      
      Source/WebCore:
      
      * CMakeLists.txt:
      
      Source/WebKit:
      
      * CMakeLists.txt:
      
      Tools:
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108358 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e089d623
  23. 20 Feb, 2012 3 commits
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 091129f4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108309 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      091129f4
    • fpizlo@apple.com's avatar
      Unreviewed, rolling out http://trac.webkit.org/changeset/108291 · 29229227
      fpizlo@apple.com authored
      It completely broke the 32-bit JIT.
      
      * heap/CopiedAllocator.h:
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * heap/Heap.h:
      (JSC::Heap::allocatorForObjectWithDestructor):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      * runtime/JSArray.cpp:
      (JSC::storageSize):
      (JSC):
      * runtime/JSArray.h:
      (ArrayStorage):
      (JSArray):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108307 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      29229227
    • mhahnenberg@apple.com's avatar
      Implement fast path for op_new_array in the baseline JIT · d249ef82
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=78612
      
      Reviewed by Filip Pizlo.
      
      * heap/CopiedAllocator.h:
      (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
      * heap/CopiedSpace.h:
      (CopiedSpace): Friended the JIT to allow access to
      (JSC::CopiedSpace::allocator):
      * heap/Heap.h:
      (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
      can use it for simple allocation i.e. when we can just bump the offset without having to
      do anything else.
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
      we have to bail out because the fast allocation path fails for whatever reason.
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
      allocate generic backing stores. This function is used by emitAllocateJSArray.
      (JSC):
      (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
      more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
      it will also be used for emit_op_new_array_buffer.
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
      a stub call for oversize arrays.
      (JSC):
      (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on
      the fast path.
      * runtime/JSArray.cpp:
      (JSC):
      * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
      initialize in the JIT.
      (ArrayStorage):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::allocBaseOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSArray):
      (JSC::JSArray::sparseValueMapOffset):
      (JSC::JSArray::subclassDataOffset):
      (JSC::JSArray::indexBiasOffset):
      (JSC):
      (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
      to being a static function in the JSArray class. This move allows the JIT to call it to
      see what size it should allocate.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108291 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d249ef82
  24. 16 Feb, 2012 1 commit
  25. 10 Feb, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Split MarkedSpace into destructor and destructor-free subspaces · c2748329
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=77761
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
      * heap/Heap.h:
      (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to 
      pick which subspace they want to allocate out of.
      (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
      (Heap):
      (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
      (JSC):
      (JSC::Heap::allocateWithoutDestructor): Ditto.
      * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate 
      their MarkedBlocks correctly.
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::cellsNeedDestruction):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC):
      (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
      an init function that does all of that stuff in fewer lines.
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::recycle):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make 
      checking the m_cellsNeedDestructor flag faster and cleaner looking.
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (MarkedBlock):
      (JSC::MarkedBlock::cellsNeedDestruction):
      (JSC):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::TakeIfUnmarked::operator()):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (Subspace):
      (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of 
      allocators.
      (JSC):
      (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
      (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
      (JSC::MarkedSpace::allocateWithDestructor): Ditto.
      (JSC::MarkedSpace::forEachBlock):
      * jit/JIT.h:
      * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSFunction):
      * runtime/JSArray.cpp:
      (JSC):
      * runtime/JSArray.h:
      (JSArray):
      (JSC::JSArray::create):
      (JSC):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSCell.h:
      (JSCell):
      (JSC):
      (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires 
      destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this 
      constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
      (JSC::allocateCell): 
      * runtime/JSFunction.cpp:
      (JSC):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      (JSNonFinalObject):
      (JSC):
      (JSFinalObject):
      (JSC::JSFinalObject::create):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSDOMWindowShell.cpp: Removed old operator new, which was just used in the create
      function so that we can use allocateCell instead.
      (WebCore):
      * bindings/js/JSDOMWindowShell.h:
      (WebCore::JSDOMWindowShell::create):
      (JSDOMWindowShell):
      * bindings/scripts/CodeGeneratorJS.pm: Added destructor back to root JS DOM nodes (e.g. JSNode, etc)
      because their destroy functions need to be called, so we don't want the NeedsDestructor struct to 
      think they don't need destruction due to having empty/trivial destructors.
      Removed ASSERT_HAS_TRIVIAL_DESTRUCTOR from all JS DOM wrapper auto-generated objects because their 
      ancestors now have non-trivial destructors. 
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDefinition):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107445 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c2748329
  26. 01 Feb, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Replace JSArray destructor with finalizer · 59415ea5
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=77488
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.exp:
      * runtime/JSArray.cpp:
      (JSC::JSArray::finalize): Added finalizer.
      (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
      (JSC):
      (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
      (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode 
      because the old name was confusing because we could have a sparse array that never 
      called enterSparseMode.
      (JSC::JSArray::defineOwnNumericProperty):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      
      LayoutTests: 
      
      * fast/js/script-tests/sparse-array.js: Added code to test oscillation between 
      sparse and dense arrays.
      * fast/js/sparse-array-expected.txt:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106496 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      59415ea5
  27. 19 Jan, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Implement a new allocator for backing stores · 5d0b30a2
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75181
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      We want to move away from using fastMalloc for the backing stores for 
      some of our objects (e.g. JSArray, JSObject, JSString, etc).  These backing 
      stores have a nice property in that they only have a single owner (i.e. a 
      single pointer to them at any one time).  One way that we can take advantage 
      of this property is to implement a simple bump allocator/copying collector, 
      which will run alongside our normal mark/sweep collector, that only needs to 
      update the single owner pointer rather than having to redirect an arbitrary 
      number of pointers in from-space to to-space.
      
      This plan can give us a number of benefits. We can beat fastMalloc in terms 
      of both performance and memory usage, we can track how much memory we're using 
      far more accurately than our rough estimation now through the use of 
      reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed 
      to being limited to size classes like we have been historically). This is also 
      another step toward moving away from lazy destruction, which will improve our memory footprint.
      
      We start by creating said allocator and moving the ArrayStorage for JSArray 
      to use it rather than fastMalloc.
      
      The design of the collector is as follows:
      Allocation:
      -The collector allocates 64KB chunks from the OS to use for object allocation.
      -Each chunk contains an offset, a flag indicating if the block has been pinned, 
       and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
      -Any allocation greater than 64KB gets its own separate oversize block, which 
       is managed separately from the rest.
      -If the allocator receives a request for more than the remaining amount in the 
       current block, it grabs a fresh block.
      -Grabbing a fresh block means grabbing one off of the global free list (which is now 
       shared between the mark/sweep allocator and the bump allocator) if there is one. 
       If there isn't a new one we do one of two things: allocate a new block from the OS 
       if we're not ready for a GC yet, or run a GC and then try again. If we still don't 
       have enough space after the GC, we allocate a new block from the OS.
      
      Garbage collection:
      -At the start of garbage collection during conservative stack scanning, if we encounter 
       what appears to be a pointer to a bump-allocated block of memory, we pin that block so 
       that it will not be copied for this round of collection.
      -We also pin any oversize blocks that we encounter, which effectively doubles as a 
       "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying 
       are given back to the OS.
      -Marking threads are now also responsible for copying bump-allocated objects to newSpace
      -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
      -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
      -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
      -At the conclusion of copying (which is done by the end of the marking phase), we un-pin 
       any pinned blocks and give any blocks left in from-space to the global free list.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/WTF/WTF.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * heap/AllocationSpace.cpp:
      (JSC::AllocationSpace::allocateSlowCase):
      (JSC::AllocationSpace::allocateBlock):
      (JSC::AllocationSpace::freeBlocks):
      * heap/AllocationSpace.h:
      (JSC::AllocationSpace::waterMark):
      * heap/BumpBlock.h: Added.
      (JSC::BumpBlock::BumpBlock):
      * heap/BumpSpace.cpp: Added.
      (JSC::BumpSpace::tryAllocateSlowCase):
      * heap/BumpSpace.h: Added.
      (JSC::BumpSpace::isInCopyPhase):
      (JSC::BumpSpace::totalMemoryAllocated):
      (JSC::BumpSpace::totalMemoryUtilized):
      * heap/BumpSpaceInlineMethods.h: Added.
      (JSC::BumpSpace::BumpSpace):
      (JSC::BumpSpace::init):
      (JSC::BumpSpace::contains):
      (JSC::BumpSpace::pin):
      (JSC::BumpSpace::startedCopying):
      (JSC::BumpSpace::doneCopying):
      (JSC::BumpSpace::doneFillingBlock):
      (JSC::BumpSpace::recycleBlock):
      (JSC::BumpSpace::getFreshBlock):
      (JSC::BumpSpace::borrowBlock):
      (JSC::BumpSpace::addNewBlock):
      (JSC::BumpSpace::allocateNewBlock):
      (JSC::BumpSpace::fitsInBlock):
      (JSC::BumpSpace::fitsInCurrentBlock):
      (JSC::BumpSpace::tryAllocate):
      (JSC::BumpSpace::tryAllocateOversize):
      (JSC::BumpSpace::allocateFromBlock):
      (JSC::BumpSpace::tryReallocate):
      (JSC::BumpSpace::tryReallocateOversize):
      (JSC::BumpSpace::isOversize):
      (JSC::BumpSpace::isPinned):
      (JSC::BumpSpace::oversizeBlockFor):
      (JSC::BumpSpace::blockFor):
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::ConservativeRoots):
      (JSC::ConservativeRoots::genericAddPointer):
      (JSC::ConservativeRoots::add):
      * heap/ConservativeRoots.h:
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::blockFreeingThreadMain):
      (JSC::Heap::reportExtraMemoryCostSlowCase):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      (JSC::Heap::collect):
      (JSC::Heap::releaseFreeBlocks):
      * heap/Heap.h:
      (JSC::Heap::waterMark):
      (JSC::Heap::highWaterMark):
      (JSC::Heap::setHighWaterMark):
      (JSC::Heap::tryAllocateStorage):
      (JSC::Heap::tryReallocateStorage):
      * heap/HeapBlock.h: Added.
      (JSC::HeapBlock::HeapBlock):
      * heap/MarkStack.cpp:
      (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
      (JSC::SlotVisitor::drain):
      (JSC::SlotVisitor::drainFromShared):
      (JSC::SlotVisitor::startCopying):
      (JSC::SlotVisitor::allocateNewSpace):
      (JSC::SlotVisitor::copy):
      (JSC::SlotVisitor::copyAndAppend):
      (JSC::SlotVisitor::doneCopying):
      * heap/MarkStack.h:
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::recycle):
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::MarkedSpace):
      * heap/MarkedSpace.h:
      (JSC::MarkedSpace::allocate):
      (JSC::MarkedSpace::forEachBlock):
      (JSC::MarkedSpace::SizeClass::resetAllocator):
      * heap/SlotVisitor.h:
      (JSC::SlotVisitor::SlotVisitor):
      * heap/TinyBloomFilter.h:
      (JSC::TinyBloomFilter::reset):
      * runtime/JSArray.cpp:
      (JSC::JSArray::JSArray):
      (JSC::JSArray::finishCreation):
      (JSC::JSArray::tryFinishCreationUninitialized):
      (JSC::JSArray::~JSArray):
      (JSC::JSArray::enterSparseMode):
      (JSC::JSArray::defineOwnNumericProperty):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::getOwnPropertySlotByIndex):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::deletePropertyByIndex):
      (JSC::JSArray::getOwnPropertyNames):
      (JSC::JSArray::increaseVectorLength):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::visitChildren):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
      (JSC::JSArray::subclassData):
      (JSC::JSArray::setSubclassData):
      (JSC::JSArray::checkConsistency):
      * runtime/JSArray.h:
      (JSC::JSArray::inSparseMode):
      (JSC::JSArray::isLengthWritable):
      * wtf/CheckedBoolean.h: Added.
      (CheckedBoolean::CheckedBoolean):
      (CheckedBoolean::~CheckedBoolean):
      (CheckedBoolean::operator bool):
      * wtf/DoublyLinkedList.h:
      (WTF::::push):
      * wtf/StdLibExtras.h:
      (WTF::isPointerAligned):
      
      Source/JavaScriptGlue: 
      
      Added forwarding header for new CheckedBoolean used in the bump allocator.
      
      * ForwardingHeaders/wtf/CheckedBoolean.h: Added.
      
      Source/WebCore: 
      
      No new tests.
      
      Added forwarding header for new CheckedBoolean used in the bump allocator.
      
      * ForwardingHeaders/wtf/CheckedBoolean.h: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105442 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5d0b30a2
  28. 13 Jan, 2012 1 commit
    • morrita@google.com's avatar
      JavaScriptCore: Mark all exported symbols in the header file automatically. · f0dd2d91
      morrita@google.com authored
      https://bugs.webkit.org/show_bug.cgi?id=72855
      
      Reviewed by Darin Adler.
      
      Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files.
      The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables)
      
      * API/OpaqueJSString.h:
      * bytecode/CodeBlock.h:
      * bytecode/SamplingTool.h:
      * debugger/Debugger.h:
      * debugger/DebuggerActivation.h:
      * debugger/DebuggerCallFrame.h:
      * heap/AllocationSpace.h:
      * heap/HandleHeap.h:
      * heap/Heap.h:
      * heap/MachineStackMarker.h:
      * heap/MarkStack.h:
      * heap/VTableSpectrum.h:
      * heap/WriteBarrierSupport.h:
      * parser/Nodes.h:
      * parser/ParserArena.h:
      * profiler/Profile.h:
      * runtime/ArgList.h:
      * runtime/CallData.h:
      * runtime/Completion.h:
      * runtime/ConstructData.h:
      * runtime/DateInstance.h:
      * runtime/Error.h:
      * runtime/ExceptionHelpers.h:
      * runtime/FunctionConstructor.h:
      * runtime/Identifier.h:
      * runtime/InitializeThreading.h:
      * runtime/InternalFunction.h:
      * runtime/JSArray.h:
      * runtime/JSByteArray.h:
      * runtime/JSCell.h:
      * runtime/JSFunction.h:
      * runtime/JSGlobalData.cpp:
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.h:
      * runtime/JSGlobalThis.h:
      * runtime/JSLock.h:
      * runtime/JSObject.h:
      * runtime/JSString.h:
      * runtime/JSValue.h:
      * runtime/JSVariableObject.h:
      * runtime/Lookup.h:
      * runtime/MemoryStatistics.h:
      * runtime/ObjectPrototype.h:
      * runtime/Options.h:
      * runtime/PropertyDescriptor.h:
      * runtime/PropertyNameArray.h:
      * runtime/PropertySlot.h:
      * runtime/RegExp.h:
      * runtime/RegExpObject.h:
      * runtime/SamplingCounter.h:
      * runtime/SmallStrings.h:
      * runtime/StringObject.h:
      * runtime/Structure.h:
      * runtime/TimeoutChecker.h:
      * runtime/UString.h:
      * runtime/WriteBarrier.h:
      * wtf/ArrayBufferView.h:
      * wtf/ByteArray.h:
      * wtf/CryptographicallyRandomNumber.h:
      * wtf/CurrentTime.h:
      * wtf/DateMath.h:
      * wtf/DecimalNumber.h:
      * wtf/FastMalloc.cpp:
      * wtf/FastMalloc.h:
      * wtf/MD5.h:
      * wtf/MainThread.h:
      * wtf/MetaAllocator.h:
      * wtf/MetaAllocatorHandle.h:
      * wtf/OSAllocator.h:
      * wtf/PageBlock.h:
      * wtf/RandomNumber.h:
      * wtf/RefCountedLeakCounter.h:
      * wtf/SHA1.h:
      * wtf/Threading.cpp:
      * wtf/Threading.h:
      * wtf/ThreadingPrimitives.h:
      * wtf/WTFThreadData.h:
      * wtf/dtoa.h:
      * wtf/text/AtomicString.h:
      * wtf/text/CString.h:
      * wtf/text/StringBuilder.h:
      * wtf/text/StringImpl.h:
      * wtf/text/WTFString.h:
      * wtf/unicode/Collator.h:
      * wtf/unicode/UTF8.h:
      * yarr/Yarr.h:
      * yarr/YarrPattern.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104900 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f0dd2d91
  29. 10 Jan, 2012 1 commit
    • barraclough@apple.com's avatar
      Source/JavaScriptCore: Do not allow Array length to be set if it is non-configurable · cd7d2b0a
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75935
      
      Reviewed by Sam Weinig.
      
      Do not allow Array length to be set if it is non-configurable, and if the new
      length is less than the old length then intervening properties should removed
      in reverse order. Removal of properties should cease if an intervening indexed
      property being removed is non-configurable.
      
      * JavaScriptCore.exp:
          - Removed export for setLength.
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncConcat):
          - JSArray::setLength now takes an ExecState*
      (JSC::arrayProtoFuncSlice):
          - JSArray::setLength now takes an ExecState*
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
          - JSArray::setLength now takes an ExecState*
      (JSC::JSArray::put):
          - JSArray::setLength now takes an ExecState*
      (JSC::compareKeysForQSort):
          - Keys extracted from the map can be stored as unsigneds.
      (JSC::JSArray::getOwnPropertyNames):
          - Keys extracted from the map can be stored as unsigneds.
      (JSC::JSArray::setLength):
          - Check lengthIsReadOnly(), rather than copying the entire map to iterate
            over to determine which keys to remove, instead just copy the keys from
            the map to a Vector. When inSparseMode sort the keys in the Vector so
            that we can remove properties in reverse order.
      * runtime/JSArray.h:
          - JSArray::setLength now takes an ExecState*
      
      Source/WebCore: Do not allow Array length to be set if it is non-configurable
      https://bugs.webkit.org/show_bug.cgi?id=75935
      
      Reviewed by Sam Weinig.
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::deserialize):
          - remove unnecessary call to JSArray::setLength.
      
      LayoutTests: rebaselining some canvas images
      https://bugs.webkit.org/show_bug.cgi?id=75552
      
      Patch by Elliot Poger <epoger@google.com> on 2012-01-10
      Reviewed by Ryosuke Niwa.
      
      * platform/chromium-gpu-linux/fast/canvas/canvas-text-baseline-expected.png:
      * platform/chromium-gpu-linux/fast/canvas/quadraticCurveTo-expected.png:
      * platform/chromium-gpu-mac/fast/canvas/canvas-text-baseline-expected.png: Added.
      * platform/chromium-gpu-mac/fast/canvas/quadraticCurveTo-expected.png: Added.
      * platform/chromium-gpu-win/fast/canvas/canvas-text-baseline-expected.png:
      * platform/chromium-gpu-win/fast/canvas/quadraticCurveTo-expected.png:
      * platform/chromium-mac-leopard/fast/canvas/quadraticCurveTo-expected.png: Added.
      * platform/chromium-mac-snowleopard/fast/canvas/canvas-lineWidth-expected.txt: Added.
      * platform/chromium-mac-snowleopard/fast/canvas/canvas-text-baseline-expected.png: Added.
      * platform/chromium-mac-snowleopard/fast/canvas/quadraticCurveTo-expected.png: Added.
      * platform/chromium/test_expectations.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104604 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd7d2b0a
  30. 09 Jan, 2012 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75789 · 166c9077
      barraclough@apple.com authored
      defineOwnProperty not implemented for Array objects
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      Implements support for getter/setter & non-default attribute properties on arrays,
      by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
      test failures.
      
      * JavaScriptCore.exp:
          - Updated exports.
      * dfg/DFGOperations.cpp:
          - JSArray::pop now requires an exec state.
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncPop):
          - JSArray::pop now requires an exec state.
      * runtime/JSArray.cpp:
      (JSC::SparseArrayValueMap::add):
          - Add a potentially empty entry into the map.
      (JSC::SparseArrayValueMap::put):
          - Changed to call setter.
      (JSC::SparseArrayEntry::get):
          - calls getters.
      (JSC::SparseArrayEntry::getNonSparseMode):
          - does not call getters.
      (JSC::JSArray::enterSparseMode):
          - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
      (JSC::JSArray::putDescriptor):
          - Create a numeric property based on a descriptor.
      (JSC::sameValue):
          - See ES5.1 9.12.
      (JSC::reject):
          - Helper for the [[DefineOwnProperty]] algorithm.
      (JSC::JSArray::defineOwnNumericProperty):
          - Define an indexed property on an array object.
      (JSC::JSArray::setLengthWritable):
          - Marks the length read-only, enters SparseMode as necessary.
      (JSC::JSArray::defineOwnProperty):
          - Defines either an indexed property or 'length' on an array object.
      (JSC::JSArray::getOwnPropertySlotByIndex):
          - Updated to correctly handle accessor descriptors & attributes.
      (JSC::JSArray::getOwnPropertyDescriptor):
          - Updated to correctly handle accessor descriptors & attributes.
      (JSC::JSArray::put):
          - Pass strict mode flag to setLength.
      (JSC::JSArray::putByIndex):
          - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
      (JSC::JSArray::putByIndexBeyondVectorLength):
          - Pass exec to SparseArrayValueMap::put.
      (JSC::JSArray::deletePropertyByIndex):
          - Do not allow deletion of non-configurable properties.
      (JSC::compareKeysForQSort):
          - used in implementation of getOwnPropertyNames.
      (JSC::JSArray::getOwnPropertyNames):
          - Properties in the sparse map should be iterated in order.
      (JSC::JSArray::setLength):
          - Updated to take a 'shouldThrow' flag, return a result indicating error.
      (JSC::JSArray::pop):
          - pop should throw an error if length is not writable, even if the array is empty.
      (JSC::JSArray::push):
          - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
      (JSC::JSArray::sort):
          - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
      (JSC::JSArray::compactForSorting):
          - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
      * runtime/JSArray.h:
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
          - Check if the length is read only.
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
          - Mark the length as read only.
      (JSC::SparseArrayValueMap::find):
          - Moved into header.
      (JSC::JSArray::isLengthWritable):
          - Wraps SparseArrayValueMap::lengthIsReadOnly.
      * runtime/JSObject.cpp:
      (JSC::JSObject::defineOwnProperty):
          - Should be returning the result of putDescriptor.
      * runtime/PropertyDescriptor.cpp:
      (JSC::PropertyDescriptor::attributesOverridingCurrent):
          - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
      * runtime/PropertyDescriptor.h:
          - Added attributesOverridingCurrent.
      
      LayoutTests: 
      
      * fast/js/array-defineOwnProperty-expected.txt: Added.
      * fast/js/array-defineOwnProperty.html: Added.
      * fast/js/script-tests/array-defineOwnProperty.js: Added.
          - Added tests for array properties with accessors & non-defulat attributes.
      * fast/js/mozilla/strict/15.4.4.6-expected.txt:
      * fast/js/mozilla/strict/8.12.5-expected.txt:
      * ietestcenter/Javascript/15.4.4.14-9-a-12-expected.txt:
      * ietestcenter/Javascript/15.4.4.15-8-a-12-expected.txt:
          - Check in passing results.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104488 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      166c9077
  31. 05 Jan, 2012 1 commit
    • barraclough@apple.com's avatar
      unshift/pop fifo may consume excessive memory · 5e4d2f12
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75588
      
      Reviewed by Sam Weinig.
      
      The Array object commonly store data in a vector, consisting of a portion that
      is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
      m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
      current algorithm for increasePrefixVectorLength (used by unshift) will never
      stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
      of memory, whilst having a relatively small active length.
      
      * runtime/JSArray.cpp:
      (JSC::storageSize):
          - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
      (JSC::SparseArrayValueMap::put):
          - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
      (JSC::JSArray::increaseVectorLength):
          - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
      (JSC::JSArray::unshiftCountSlowCase):
          - renamed from increaseVectorPrefixLength (this was a bad name, since it
            also moved the ArrayStorage header), rewritten.
      (JSC::JSArray::shiftCount):
          - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
      (JSC::JSArray::unshiftCount):
          - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
            increaseVectorPrefixLength renamed to unshiftCountSlowCase
      (JSC::JSArray::sortNumeric):
      * runtime/JSArray.h:
          - Updated function declarations, m_indexBias should be unsigned.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104120 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5e4d2f12
  32. 03 Jan, 2012 2 commits
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75140 · cf553561
      barraclough@apple.com authored
      Reviewed by Sam Weinig.
      
      Rewrite JSArray::putSlowCase to be much cleaner & simpler.
      
      This rewrite only significantly changes behaviour for sparse array, specifically
      in how sparse arrays are reified back to vector form. This does not affect arrays
      with less than 10000 entries (since these always use a vector). The more common
      cases of sparse array behavior (though large sparse arrays are rare) - arrays that
      always remain sparse, and arrays that are filled in reverse sequential order -
      should be just as fast or faster (since reification is simpler & no longer
      requires map lookups) after these changes.
      
      Simplifying this code allows all cases of putByIndex that need to grow the vector
      to do so via increaseVectorLength, which means that this method can encapsulate
      the policy of determining how the vector should be grown.
      
      No performance impact.
      
      * runtime/JSArray.cpp:
      (JSC::isDenseEnoughForVector):
          - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
      (JSC::JSArray::putByIndex):
          - simplify & comment.
      (JSC::JSArray::putByIndexBeyondVectorLength):
          - Re-written to be much clearer & simpler.
      (JSC::JSArray::increaseVectorLength):
      (JSC::JSArray::increaseVectorPrefixLength):
          - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
      (JSC::JSArray::push):
          - simplify & comment.
      * runtime/JSArray.h:
          - removed SparseArrayValueMap::take.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103964 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cf553561
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75140 · 535d8bb7
      barraclough@apple.com authored
      Reviewed by Sam Weinig.
      
      Simplify JSArray creation - remove ArgsList/JSValue* create methods
      (this functionality can be implemented in terms of tryCreateUninitialized).
      
      * JavaScriptCore.exp:
      * runtime/ArrayConstructor.cpp:
          - use constructArray/constructEmptyArray instead of calling JSArray::create directly
      (JSC::constructArrayWithSizeQuirk):
      * runtime/JSArray.cpp:
      * runtime/JSArray.h:
          - removed ArgsList/JSValue* create methods
      * runtime/JSGlobalObject.h:
      (JSC::constructEmptyArray):
      (JSC::constructArray):
          - changed to be implemented in terms of JSArray::tryCreateUninitialized
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103960 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      535d8bb7
  33. 29 Dec, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75140 · 907d1a40
      barraclough@apple.com authored
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Start cleaning up JSArray construction. JSArray has a set of create methods,
      one of which (currently) takes a 'creation mode' enum parameter. Based on that
      parameter, the constructor does one of two completely different things. If the
      parameter is 'CreateInitialized' it creates an array, setting the length, but
      does not eagerly allocate a storage vector of the specified length. A small
      (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
      access to the vector will read the hole value (return undefined). The alternate
      usage of this method ('CreateCompact') does something very different. It tries
      to create an array of the requested length, and also allocates a storage vector
      large enough to hold all properties. It does not clear the storage vector,
      leaving the memory uninitialized and requiring the user to call a method
      'uncheckedSetIndex' to initialize values in the vector.
      
      This patch factors out these two behaviours, moving the 'CreateCompact' mode
      into its own method, 'tryCreateUninitialized' (matching the naming for this
      functionality in the string classes). 'tryCreateUninitialized' may return 0 if
      memory allocation fails during construction of the object. The construction
      pattern changes such that values added during initialization will be marked if
      a GC is triggered during array allocation. 'CreateInitialized' no longer need
      be passed to create a normal, fully constructed array with a length, and this
      method is merged with the version of 'create' that does not take an initial
      length (length parameter defaults to 0).
      
      * JavaScriptCore.exp:
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
          - removed 'CreateInitialized' argument
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSplice):
          - changed to call 'tryCreateUninitialized'
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
          - changed to call 'tryCreateUninitialized'
      * runtime/JSArray.cpp:
      (JSC::JSArray::JSArray):
          - initialize m_storage to null; if construction fails, make destruction safe
      (JSC::JSArray::finishCreation):
          - merge versions of this method, takes an initialLength parameter defaulting to zero
      (JSC::JSArray::tryFinishCreationUninitialized):
          - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
      (JSC::JSArray::~JSArray):
          - check for null m_storage, in case array construction failed.
      (JSC::JSArray::increaseVectorPrefixLength):
      * runtime/JSArray.h:
      (JSC::JSArray::create):
          - merge versions of this method, takes an initialLength parameter defaulting to zero
      (JSC::JSArray::tryCreateUninitialized):
          - version of 'create' that tries to eagerly allocate storage; may fail & return 0
      (JSC::JSArray::initializeIndex):
      (JSC::JSArray::completeInitialization):
          - used in conjunction with 'tryCreateUninitialized' to initialize the array
      * runtime/JSGlobalObject.h:
      (JSC::constructEmptyArray):
          - removed 'CreateInitialized' argument
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpMatchesArray::finishCreation):
          - removed 'CreateInitialized' argument
      
      LayoutTests: 
      
      Added test case.
      
      * fast/js/script-tests/array-splice.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103823 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      907d1a40
  34. 22 Dec, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=75151 · 617f4646
      barraclough@apple.com authored
      Add attributes field to JSArray's SparseMap
      
      Reviewed by Sam Weinig.
      
      This will be necessary to be able to support non- writable/configurable/enumerable
      properties, and helpful for getters/setters.
      
      Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSort):
          - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
            (must fall back to generic sort alogrithm).
      * runtime/JSArray.cpp:
      (JSC::JSArray::finishCreation):
          - moved reportedMapCapacity into the SparseArrayValueMap object.
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::put):
      (JSC::SparseArrayValueMap::visitChildren):
          - Added.
      (JSC::JSArray::getOwnPropertySlotByIndex):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::putSlowCase):
      (JSC::JSArray::deletePropertyByIndex):
      (JSC::JSArray::getOwnPropertyNames):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::visitChildren):
          - Updated for changes in SparseArrayValueMap.
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
          - Disallow on 'SparseMode' arrays.
      * runtime/JSArray.h:
      (JSC::SparseArrayEntry::SparseArrayEntry):
          - An entry in the sparse array - value (WriteBarrier) + attributes.
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
          - Flags to track whether an Array is forced into SparseMode.
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
          - accessors to the map
      (JSC::SparseArrayValueMap::take):
          - only for use on non-SpareMode arrays.
      (JSC::JSArray::inSparseMode):
          - Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103598 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      617f4646
  35. 19 Dec, 2011 1 commit
    • ggaren@apple.com's avatar
      Placement new does an unnecessary NULL check · 215589e0
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74676
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      We can define our own version, which skips the NULL check.
              
      Not a measurable speedup, but code inspection shows better code generated,
      and I believe this is a step toward turning off -fomit-frame-pointer.
      
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::create):
      * API/JSCallbackFunction.h:
      (JSC::JSCallbackFunction::create): Use the NotNull version of placement
      new to skip the NULL check.
      
      * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
      
      (JSC::JSCallbackObject::create):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::create):
      * heap/HandleHeap.cpp:
      (JSC::HandleHeap::grow):
      * heap/HandleHeap.h:
      (JSC::HandleHeap::allocate):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::recycle):
      * jit/JITCode.h:
      (JSC::JITCode::clear):
      * jsc.cpp:
      (GlobalObject::create):
      * profiler/CallIdentifier.h:
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::create):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::create):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::create):
      * runtime/BooleanObject.h:
      (JSC::BooleanObject::create):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::create):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::create):
      * runtime/DateInstance.h:
      (JSC::DateInstance::create):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::create):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::create):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::create):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::create):
      * runtime/ExceptionHelpers.h:
      (JSC::InterruptedExecutionError::create):
      (JSC::TerminatedExecutionError::create):
      * runtime/Executable.h:
      (JSC::NativeExecutable::create):
      (JSC::EvalExecutable::create):
      (JSC::ProgramExecutable::create):
      (JSC::FunctionExecutable::create):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::create):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::create):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::create):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      * runtime/JSArray.h:
      (JSC::JSArray::create):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      * runtime/JSByteArray.h:
      (JSC::JSByteArray::create): Use the NotNull version of placement
      new to skip the NULL check.
      
      * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
      
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      * runtime/JSFunction.h:
      (JSC::JSFunction::create):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::create):
      * runtime/JSGlobalThis.h:
      (JSC::JSGlobalThis::create):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::create):
      * runtime/JSONObject.h:
      (JSC::JSONObject::create):
      * runtime/JSObject.h:
      (JSC::JSFinalObject::create):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSStaticScopeObject.h:
      (JSC::JSStaticScopeObject::create):
      * runtime/JSString.cpp:
      (JSC::StringObject::create):
      * runtime/JSString.h:
      (JSC::RopeBuilder::createNull):
      (JSC::RopeBuilder::create):
      (JSC::RopeBuilder::createHasOtherOwner):
      * runtime/MathObject.h:
      (JSC::MathObject::create):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::create):
      * runtime/NativeErrorPrototype.h:
      (JSC::NativeErrorPrototype::create):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::create):
      * runtime/NumberObject.h:
      (JSC::NumberObject::create):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::create):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::create):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::create):
      * runtime/RegExp.cpp:
      (JSC::RegExp::createWithoutCaching):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::create):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::create):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::create):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::create):
      * runtime/ScopeChain.h:
      (JSC::ScopeChainNode::create):
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::create):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::create):
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::create):
      * runtime/Structure.h:
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      * runtime/StructureChain.h:
      (JSC::StructureChain::create):
      * testRegExp.cpp:
      (GlobalObject::create):
      * wtf/BitVector.cpp:
      (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
      new to skip the NULL check.
      
      * wtf/BumpPointerAllocator.h:
      (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
      
      * wtf/ByteArray.cpp:
      (WTF::ByteArray::create):
      * wtf/Deque.h:
      (WTF::::append):
      (WTF::::prepend): Use NotNull, as above.
      
      * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
      hide the name of the global placement new.
      
      (WTF::fastNew): Standardized spacing. Most of these functions don't need
      NotNull, since they check for NULL, and the optimizer can see that.
      
      * wtf/HashTable.h:
      * wtf/HashTraits.h:
      (WTF::SimpleClassHashTraits::constructDeletedValue):
      * wtf/MetaAllocator.cpp:
      (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
      
      * wtf/StdLibExtras.h:
      (throw): This is our NotNull placement new. Declaring that we throw is
      the C++ way to say that operator new will not return NULL.
      
      * wtf/ThreadSpecific.h:
      (WTF::T):
      * wtf/Vector.h:
      (WTF::::append):
      (WTF::::tryAppend):
      (WTF::::uncheckedAppend):
      (WTF::::insert):
      * wtf/text/AtomicStringHash.h:
      * wtf/text/StringImpl.cpp:
      (WTF::StringImpl::createUninitialized):
      (WTF::StringImpl::reallocate):
      * wtf/text/StringImpl.h:
      (WTF::StringImpl::tryCreateUninitialized):
      * wtf/text/StringStatics.cpp:
      (WTF::AtomicString::init): Use NotNull, as above.
      
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::Interpreter::allocDisjunctionContext):
      (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
      (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
      spacing for easy grep.
      
      Source/WebCore: 
      
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::create):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateConstructorDeclaration):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::create):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaRuntimeMethod::create):
      * bridge/jni/jsc/JavaRuntimeObject.h:
      (JSC::Bindings::JavaRuntimeObject::create):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::create):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::create):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::create):
      * dom/Document.h:
      (WebCore::FormElementKeyHashTraits::constructDeletedValue): Use NotNull
      placement new, as in JavaScriptCore.
      
      * platform/PODArena.h:
      (WebCore::PODArena::allocateObject): No need to check for NULL explicitly,
      since that's the built-in behavior of placement new.
      
      * platform/graphics/FontCache.cpp:
      (WebCore::FontDataCacheKeyTraits::constructDeletedValue):
      * platform/graphics/IntRectHash.h:
      * platform/graphics/IntSizeHash.h: More NotNull.
      
      * rendering/RenderObject.h: Declaring that we throw is the C++ way to say
      that operator new will not return NULL.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      215589e0