1. 07 Sep, 2013 2 commits
    • andersca@apple.com's avatar
      VectorMover should use std::move · 2d655a2f
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120959
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Work around a bug in GCC by changing the type of the callType bitfield
      in CallLinkInfo to be unsigned instead of CallType.
      
      * bytecode/CallLinkInfo.h:
      
      Source/WTF:
      
      This lets the compiler use move constructors when moving data, which can be a performance improvement.
      If the vector element type isn't movable it will be copied instead.
      
      * wtf/Vector.h:
      (WTF::VectorTypeOperations::move):
      (WTF::VectorTypeOperations::moveOverlapping):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155258 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2d655a2f
    • andersca@apple.com's avatar
      Get rid of FastAllocBase.h · 3d185a87
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120952
      
      Reviewed by Antti Koivisto.
      
      Source/JavaScriptCore:
      
      Include FastMalloc.h instead of FastAllocBase.h.
      
      * assembler/LinkBuffer.h:
      * bytecode/CodeBlock.h:
      * bytecode/StructureStubClearingWatchpoint.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGLongLivedState.h:
      * dfg/DFGSlowPathGenerator.h:
      * ftl/FTLAbstractHeap.h:
      * heap/JITStubRoutineSet.h:
      * jit/CompactJITCodeMap.h:
      * profiler/ProfilerDatabase.h:
      * profiler/ProfilerExecutionCounter.h:
      
      Source/WebCore:
      
      Include FastMalloc.h instead of FastAllocBase.h.
      
      * Modules/webdatabase/SQLTransactionClient.h:
      * bindings/js/GCController.h:
      * bridge/Bridge.h:
      * bridge/IdentifierRep.h:
      * dom/DocumentStyleSheetCollection.h:
      * dom/TransformSource.h:
      * html/InputType.h:
      * inspector/InspectorCounters.h:
      * inspector/InstrumentingAgents.h:
      * inspector/WorkerInspectorController.h:
      * loader/cache/CachedResourceClient.h:
      * page/FrameActionScheduler.h:
      * platform/Length.h:
      * platform/MemoryPressureHandler.h:
      * platform/ScrollAnimator.h:
      * platform/SharedTimer.h:
      * platform/audio/gstreamer/FFTFrameGStreamer.cpp:
      * platform/cairo/WidgetBackingStore.h:
      * platform/graphics/Color.h:
      * platform/graphics/FontData.h:
      * platform/graphics/Path.h:
      * platform/graphics/qt/FontCustomPlatformData.h:
      * platform/graphics/transforms/AffineTransform.h:
      * platform/graphics/transforms/TransformationMatrix.h:
      * platform/gtk/GtkDragAndDropHelper.h:
      * platform/gtk/GtkPopupMenu.h:
      * platform/network/NetworkStateNotifier.h:
      * platform/sql/SQLiteTransaction.h:
      * platform/text/enchant/TextCheckerEnchant.h:
      * rendering/RenderArena.h:
      * rendering/TableLayout.h:
      * rendering/style/StyleCustomFilterProgram.h:
      * rendering/style/StyleCustomFilterProgramCache.h:
      * svg/SVGPathConsumer.h:
      * workers/WorkerScriptLoader.h:
      
      Source/WTF:
      
      FastAllocBase.h now only contains the WTF_MAKE_FAST_ALLOCATED macro.
      Move that macro to FastMalloc.h instead and remove FastAllocBase.h.
      
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.vcxproj/WTF.vcxproj.filters:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/DeferrableRefCounted.h:
      * wtf/FastAllocBase.h: Removed.
      * wtf/FastMalloc.h:
      * wtf/HashSet.h:
      * wtf/MediaTime.h:
      * wtf/PrintStream.h:
      * wtf/RefCounted.h:
      * wtf/RefPtr.h:
      * wtf/ThreadingPrimitives.h:
      * wtf/Vector.h:
      * wtf/gobject/GMutexLocker.h:
      * wtf/unicode/Collator.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155251 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3d185a87
  2. 06 Sep, 2013 9 commits
    • fpizlo@apple.com's avatar
      FTL should support Call/Construct in the worst way possible · fa258dc0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120916
      
      Reviewed by Oliver Hunt.
              
      This adds support for Call/Construct by just calling out to C code that uses
      the JSC::call/JSC::construct runtime functions for making calls. This is slow
      and terrible, but it dramatically extends FTL coverage.
              
      Supporting calls in a meaningful way meant also supporting
      GlobalVarWatchpoint.
              
      The extension of coverage helped to find a bunch of bugs:
              
      - ObjectOrOtherUse was claimed to be supported in the FTL but speculate()
        didn't support it. That means that any node with an ObjectOrOtherUse edge
        that got DCE'd would cause the FTL to ICE.
              
      - There was a bad fall-through compileCompareStrictEq() that led to ICE.
              
      - The OSR exit reconstruction code was assuming it could do fast checks on
        node->child1() before even determining the type of node; that crashes if
        the node is HasVarArgs. Fixed by checking HasVarArgs first.
              
      - The OSR exit compiler was using the wrong peekOffset for CArgumentGetter.
        The default is 1, which assumes that you didn't push anything onto the
        stack after getting called. The OSR exit thunks push FP, so the offset
        should be 2.
              
      This passes stress tests and is probably huge performance regression if you
      --useExperimentalFTL=true. The regression will be fixed in
      https://bugs.webkit.org/show_bug.cgi?id=113621.
      
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileGlobalVarWatchpoint):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      (JSC::FTL::LowerDFGToLLVM::speculate):
      (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fa258dc0
    • fpizlo@apple.com's avatar
      jsc shell should destroy VM as a workaround for LLVM's exit-time destructors · a5c3a94c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120921
      
      Reviewed by Oliver Hunt.
              
      LLVM's exit-time destructors will fire when we exit. If there is an on-going
      FTL compile at exit, which will happen if the VM that triggered the compile
      isn't shut down, then we will crash.
              
      We should get rid of LLVM's exit-time destructors. But before we do that, we
      should just do a clean VM shutdown to suppress spurious crashes. This will
      help in expanding LLVM coverage for now.
      
      * jsc.cpp:
      (jscmain):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155239 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a5c3a94c
    • fpizlo@apple.com's avatar
      FTL ArithMod Int32Use doesn't check for negative zero correctly · 73bf3390
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120905
      
      Reviewed by Mark Hahnenberg.
      
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileArithMod):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155222 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      73bf3390
    • fpizlo@apple.com's avatar
      FTL ArithNeg Int32Use doesn't check negative zero · d3eab7da
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120900
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      
      LayoutTests: 
      
      * fast/js/regress/script-tests/negative-zero-modulo.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155220 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d3eab7da
    • andersca@apple.com's avatar
      Stop using fastNew/fastDelete in JavaScriptCore · f17c511b
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120898
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      Change all the hash table members in ExecState to be OwnPtrs and use
      adoptPtr instead. Also, since none of the hash tables can be null, change their getters
      to return references and propagate the reference types wherever we know that a HashTable can't be null.
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dataViewTable):
      (JSC::ExecState::dateTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::jsonTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectConstructorTable):
      (JSC::ExecState::privateNamePrototypeTable):
      (JSC::ExecState::regExpTable):
      (JSC::ExecState::regExpConstructorTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable):
      (JSC::ExecState::promisePrototypeTable):
      (JSC::ExecState::promiseConstructorTable):
      (JSC::ExecState::promiseResolverPrototypeTable):
      * runtime/ClassInfo.h:
      (JSC::ClassInfo::propHashTable):
      * runtime/Lookup.h:
      (JSC::getStaticPropertySlot):
      (JSC::getStaticFunctionSlot):
      (JSC::getStaticValueSlot):
      (JSC::lookupPut):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::VM::~VM):
      * runtime/VM.h:
      
      Source/WebCore:
      
      Update for changes to JavaScriptCore.
      
      * bindings/js/DOMObjectHashTableMap.h:
      (WebCore::DOMObjectHashTableMap::get):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::getHashTableForGlobalData):
      * bindings/js/JSDOMBinding.h:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::put):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore::pluginElementCustomGetOwnPropertySlot):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deleteProperty):
      (WebCore::JSStorage::putDelegate):
      * bindings/scripts/CodeGeneratorJS.pm:
      (hashTableAccessor):
      (prototypeHashTableAccessor):
      (constructorHashTableAccessor):
      (GenerateGetOwnPropertySlotBody):
      (GenerateImplementation):
      (GenerateConstructorHelperMethods):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155219 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f17c511b
    • fpizlo@apple.com's avatar
      Concurrent FTL causes !hasOptimizedReplacement() asserts in cti_optimize · 091c87e7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120890
      
      Reviewed by Mark Hahnenberg.
              
      Don't install an FTL code block if the DFG code block has already been jettisoned.
      
      * dfg/DFGToFTLDeferredCompilationCallback.cpp:
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155209 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      091c87e7
    • fpizlo@apple.com's avatar
      REGRESSION(149636, merged in 153145): ToThis conversion doesn't work in the DFG · 0fa8386c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120781
      
      Reviewed by Mark Hahnenberg.
              
      Roll this back in with a build fix.
              
      - Use some method table hacks to detect if the CheckStructure optimization is
        valid for to_this.
              
      - Introduce a FinalObjectUse and use it for ToThis->Identity conversion.
              
      This looks like it might be perf-neutral on the major benchmarks, but it
      introduces some horrible performance cliffs. For example if you add methods to
      the Array prototype, you'll get horrible performance cliffs. As in virtual calls
      to C++ every time you call a JS function even if it's inlined.
      LongSpider/3d-cube appears to hit this.
      
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::emitPutTransitionStub):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::speculateFinalObject):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isCell):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155201 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0fa8386c
    • fpizlo@apple.com's avatar
      Introduce a way to run benchmarks and JSRegress as stress tests with different... · dfbbfc12
      fpizlo@apple.com authored
      Introduce a way to run benchmarks and JSRegress as stress tests with different jsc command-line options
      https://bugs.webkit.org/show_bug.cgi?id=120808
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg and rubber stamped by Geoffrey Garen.
              
      Allow --useExperimentalFTL=true even if FTL isn't built since this simplifies
      testing.
      
      * dfg/DFGTierUpCheckInjectionPhase.cpp:
      (JSC::DFG::TierUpCheckInjectionPhase::run):
      
      Tools: 
      
      Reviewed by Mark Hahnenberg and rubber stamped by Geoffrey Garen.
              
      Add a script for running stress tests.  A stress test is a .js file that is run
      through different configurations of JSC.  It can control which configurations it
      runs by using "//@ <ruby code>" to guide the script.
              
      This script is now run as part of run-javascriptcore-tests, on Mac only.
      
      * Scripts/run-javascriptcore-tests:
      * Scripts/run-jsc-stress-tests: Added.
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg and rubber stamped by Geoffrey Garen.
              
      Make it so that long-running tests aren't run as part of the stress test (they
      will still run as part of benchmarks and LayoutTests) or run them with fewer
      configurations.
      
      * fast/js/regress/script-tests/ArrayBuffer-DataView-alloc-large-long-lived.js:
      * fast/js/regress/script-tests/ArrayBuffer-DataView-alloc-long-lived.js:
      * fast/js/regress/script-tests/ArrayBuffer-Int32Array-byteOffset.js:
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js:
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived-fragmented.js:
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js:
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js:
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js:
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js:
      * fast/js/regress/script-tests/DataView-custom-properties.js:
      * fast/js/regress/script-tests/Float32Array-to-Float64Array-set.js:
      * fast/js/regress/script-tests/Float64Array-alloc-long-lived.js:
      * fast/js/regress/script-tests/Float64Array-to-Int16Array-set.js:
      * fast/js/regress/script-tests/HashMap-put-get-iterate-keys.js:
      * fast/js/regress/script-tests/HashMap-put-get-iterate.js:
      * fast/js/regress/script-tests/HashMap-string-put-get-iterate.js:
      * fast/js/regress/script-tests/Int16Array-alloc-long-lived.js:
      * fast/js/regress/script-tests/Int16Array-to-Int32Array-set.js:
      * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js:
      * fast/js/regress/script-tests/Int32Array-alloc-huge.js:
      * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js:
      * fast/js/regress/script-tests/Int32Array-alloc-large.js:
      * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js:
      * fast/js/regress/script-tests/Int32Array-alloc.js:
      * fast/js/regress/script-tests/Int8Array-alloc-long-lived.js:
      * fast/js/regress/script-tests/array-nonarray-polymorhpic-access.js:
      * fast/js/regress/script-tests/basic-set.js:
      * fast/js/regress/script-tests/emscripten-memops.js:
      * fast/js/regress/script-tests/inline-arguments-local-escape.js:
      * fast/js/regress/script-tests/method-on-number.js:
      * fast/js/regress/script-tests/nested-function-parsing-random.js:
      * fast/js/regress/script-tests/nested-function-parsing.js:
      * fast/js/regress/script-tests/new-array-buffer-push.js:
      * fast/js/regress/script-tests/new-array-push.js:
      * fast/js/regress/script-tests/poly-stricteq.js:
      * fast/js/regress/script-tests/splice-to-remove.js:
      * fast/js/regress/script-tests/string-equality.js:
      * fast/js/regress/script-tests/string-repeat-arith.js:
      * fast/js/regress/script-tests/string-sub.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155200 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dfbbfc12
    • zandobersek@gmail.com's avatar
      Unreviewed build fix for the GTK port when building with FTL JIT enabled. · 7bda67da
      zandobersek@gmail.com authored
      * GNUmakefile.list.am: Add the missing files to the build.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155180 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7bda67da
  3. 05 Sep, 2013 8 commits
    • oliver@apple.com's avatar
      Make it simpler to introduce new data types to the global object · f3d973fb
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120801
      
      Reviewed by Gavin Barraclough.
      
      Add an iterator macro that lists all the "simple" ES types (e.g. type
      consists of instance, constructor, and prototype classes).  So that
      we don't need to have every new type litter JSGlobalObject.{cpp,h} with
      members, accessors, and manual GC visiting.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155177 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f3d973fb
    • mrowe@apple.com's avatar
      Roll out r155149 since it broke the build. · 02a390e5
      mrowe@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155166 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02a390e5
    • msaboff@apple.com's avatar
      Cleanup formatting of byte code debug output · c580864f
      msaboff@apple.com authored
      Source/JavaScriptCore/ChangeLog
      
      Rubber stamped by Filip Pizlo.
      
      Put the formatting of the byte code offset and operation into one common function to
      simplify and unify formatting.  Changed CodeBlock::registerName() to return
      "thist" for argument register 0, "argN" for other argument registers and "locN" for
      local registers.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::registerName):
      (JSC::CodeBlock::printUnaryOp):
      (JSC::CodeBlock::printBinaryOp):
      (JSC::CodeBlock::printConditionalJump):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::printPutByIdOp):
      (JSC::CodeBlock::dumpBytecode):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::printLocationAndOp):
      (JSC::CodeBlock::printLocationOpAndRegisterOperand):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155159 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c580864f
    • fpizlo@apple.com's avatar
      REGRESSION(149636, merged in 153145): ToThis conversion doesn't work in the DFG · c03e6e42
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120781
      
      Reviewed by Mark Hahnenberg.
              
      - Use some method table hacks to detect if the CheckStructure optimization is
        valid for to_this.
              
      - Introduce a FinalObjectUse and use it for ToThis->Identity conversion.
              
      This looks like it might be perf-neutral on the major benchmarks, but it
      introduces some horrible performance cliffs. For example if you add methods to
      the Array prototype, you'll get horrible performance cliffs. As in virtual calls
      to C++ every time you call a JS function even if it's inlined.
      LongSpider/3d-cube appears to hit this.
      
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::speculateFinalObject):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isCell):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155149 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c03e6e42
    • andersca@apple.com's avatar
      GCAssertions.h should use STL type traits and static_assert · 7de5aaea
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120785
      
      Reviewed by Andreas Kling.
      
      Source/JavaScriptCore:
      
      There's no need to rely on compiler specific support to figure out if a class is trivially destructable,
      we can just use type traits from STL. Do this, fix the assert macro to use static_assert directly and
      rename it from ASSERT_HAS_TRIVIAL_DESTRUCTOR to STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE to clarify that
      it's a static assert and to match the STL nomenclature.
      
      * API/JSCallbackFunction.cpp:
      * debugger/DebuggerActivation.cpp:
      * heap/GCAssertions.h:
      * runtime/ArrayConstructor.cpp:
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanObject.cpp:
      * runtime/BooleanPrototype.cpp:
      * runtime/DateConstructor.cpp:
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorInstance.cpp:
      * runtime/ErrorPrototype.cpp:
      * runtime/ExceptionHelpers.cpp:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionPrototype.cpp:
      * runtime/GetterSetter.cpp:
      * runtime/InternalFunction.cpp:
      * runtime/JSAPIValueWrapper.cpp:
      * runtime/JSArray.cpp:
      * runtime/JSCell.cpp:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSONObject.cpp:
      * runtime/JSObject.cpp:
      * runtime/JSPromiseConstructor.cpp:
      * runtime/JSPromisePrototype.cpp:
      * runtime/JSPromiseResolverConstructor.cpp:
      * runtime/JSPromiseResolverPrototype.cpp:
      * runtime/JSProxy.cpp:
      * runtime/JSScope.cpp:
      * runtime/JSWrapperObject.cpp:
      * runtime/MathObject.cpp:
      * runtime/NameConstructor.cpp:
      * runtime/NativeErrorConstructor.cpp:
      * runtime/NumberConstructor.cpp:
      * runtime/NumberObject.cpp:
      * runtime/NumberPrototype.cpp:
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      * runtime/RegExpObject.cpp:
      * runtime/StrictEvalActivation.cpp:
      * runtime/StringConstructor.cpp:
      * runtime/StringObject.cpp:
      * runtime/StringPrototype.cpp:
      
      Source/WebCore:
      
      Update for JavaScriptCore changes.
      
      * bindings/js/JSDOMBinding.cpp:
      * bindings/js/JSImageConstructor.cpp:
      
      Source/WebKit2:
      
      Update for JavaScriptCore changes.
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155143 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7de5aaea
    • bfulgham@apple.com's avatar
      [Windows] Unreviewed build fix for DebugSuffix target. · 54ff1396
      bfulgham@apple.com authored
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Don't build 64-bit assembly in 32-bit build.
      Also correct 'filters' file so that files appear in categories that match their on-disk locations.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155123 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      54ff1396
    • fpizlo@apple.com's avatar
      jsc tests should have timeouts · c88e14c6
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120725
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Add the timeout logic directly to 'jsc' because that's easier to do than
      writing shell/perl code for it.
      
      * jsc.cpp:
      (timeoutThreadMain):
      (main):
      
      Tools: 
      
      Reviewed by Geoffrey Garen.
              
      Set the timeout to 20 seconds per test for now.
      
      * Scripts/run-javascriptcore-tests:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155098 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c88e14c6
    • fpizlo@apple.com's avatar
      fast/js/dfg-* tests should wait for the concurrent JIT · 4bc850b4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120723
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      * runtime/TestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles): This should also handle constructors.
      
      LayoutTests: 
      
      Reviewed by Geoffrey Garen.
              
      Add dfgShouldBe(), a handy function that covers a lot of common cases.
      Also convert a bunch of tests.
      
      * fast/js/dfg-activation-register-overwritten-in-throw-expected.txt:
      * fast/js/dfg-add-not-number-expected.txt:
      * fast/js/dfg-allocation-profile-watch-point-exit-expected.txt:
      * fast/js/dfg-arguments-alias-escape-expected.txt:
      * fast/js/dfg-arguments-cross-code-origin-expected.txt:
      * fast/js/dfg-arguments-mixed-alias-expected.txt:
      * fast/js/dfg-arguments-strict-mode-expected.txt:
      * fast/js/dfg-arguments-unexpected-escape-expected.txt:
      * fast/js/dfg-array-dead-expected.txt:
      * fast/js/dfg-array-length-dead-expected.txt:
      * fast/js/dfg-array-pop-value-clearing-expected.txt:
      * fast/js/dfg-array-push-bad-time-expected.txt:
      * fast/js/dfg-array-push-slow-put-expected.txt:
      * fast/js/dfg-arrayify-when-late-prevent-extensions-expected.txt:
      * fast/js/dfg-arrayify-when-prevent-extensions-expected.txt:
      * fast/js/dfg-bool-to-int32-reuse-expected.txt:
      * fast/js/jsc-test-list:
      * fast/js/resources/js-test-pre.js:
      (dfgShouldBe):
      * fast/js/resources/standalone-pre.js:
      (dfgShouldBe):
      * fast/js/script-tests/dfg-activation-register-overwritten-in-throw.js:
      (g):
      * fast/js/script-tests/dfg-add-not-number.js:
      * fast/js/script-tests/dfg-allocation-profile-watch-point-exit.js:
      (foo):
      * fast/js/script-tests/dfg-arguments-alias-escape.js:
      * fast/js/script-tests/dfg-arguments-cross-code-origin.js:
      * fast/js/script-tests/dfg-arguments-mixed-alias.js:
      * fast/js/script-tests/dfg-arguments-strict-mode.js:
      * fast/js/script-tests/dfg-arguments-unexpected-escape.js:
      * fast/js/script-tests/dfg-array-dead.js:
      * fast/js/script-tests/dfg-array-length-dead.js:
      * fast/js/script-tests/dfg-array-pop-value-clearing.js:
      * fast/js/script-tests/dfg-array-push-bad-time.js:
      * fast/js/script-tests/dfg-array-push-slow-put.js:
      * fast/js/script-tests/dfg-arrayify-when-late-prevent-extensions.js:
      * fast/js/script-tests/dfg-arrayify-when-prevent-extensions.js:
      * fast/js/script-tests/dfg-bool-to-int32-reuse.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155096 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4bc850b4
  4. 04 Sep, 2013 7 commits
    • fpizlo@apple.com's avatar
      run-fast-jsc should work with new-school fast/js tests that loop until the DFG tiers up · 44225e60
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120697
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * API/JSCTestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * jsc.cpp:
      (GlobalObject::finishCreation):
      (functionNeverInlineFunction):
      (functionNumberOfDFGCompiles):
      * runtime/TestRunnerUtils.cpp: Added.
      (JSC::getExecutable):
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * runtime/TestRunnerUtils.h: Added.
      
      LayoutTests: 
      
      * fast/js/resources/standalone-pre.js:
      (testPassed):
      (testFailed):
      (dfgCompiled):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155090 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44225e60
    • mark.lam@apple.com's avatar
      Renamed StackIterator to StackVisitor. · fa2a142f
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120706.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Also did some minor refactoring:
      - Renamed StackIterator::iterate() to StackVisitor::visit().
      - Make StackVisitor::visit() a static method.
      - Move the instantiation of the StackVisitor instance into StackVisitor::visit()
        from CallFrame::iterate().
      - Removed StackIterator::resetIterator() and inline its body into the
        StackVisitor constructor since this is the only remaining caller of it.
      
      * API/JSContextRef.cpp:
      (BacktraceFunctor::operator()):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * interpreter/CallFrame.h:
      (JSC::ExecState::iterate):
      * interpreter/Interpreter.cpp:
      (JSC::DumpRegisterFunctor::operator()):
      (JSC::unwindCallFrame):
      (JSC::getStackFrameCodeType):
      (JSC::GetStackTraceFunctor::operator()):
      (JSC::UnwindFunctor::operator()):
      * interpreter/Interpreter.h:
      * interpreter/StackIterator.cpp: Removed.
      * interpreter/StackIterator.h: Removed.
      * interpreter/StackVisitor.cpp: Copied from Source/JavaScriptCore/interpreter/StackIterator.cpp.
      (JSC::StackVisitor::StackVisitor):
      (JSC::StackVisitor::gotoNextFrame):
      (JSC::StackVisitor::readFrame):
      (JSC::StackVisitor::readNonInlinedFrame):
      (JSC::StackVisitor::readInlinedFrame):
      (JSC::StackVisitor::Frame::codeType):
      (JSC::StackVisitor::Frame::functionName):
      (JSC::StackVisitor::Frame::sourceURL):
      (JSC::StackVisitor::Frame::toString):
      (JSC::StackVisitor::Frame::arguments):
      (JSC::StackVisitor::Frame::computeLineAndColumn):
      (JSC::StackVisitor::Frame::retrieveExpressionInfo):
      (JSC::StackVisitor::Frame::setToEnd):
      (JSC::StackVisitor::Frame::print):
      (DebugPrintFrameFunctor::operator()):
      * interpreter/StackVisitor.h: Copied from Source/JavaScriptCore/interpreter/StackIterator.h.
      (JSC::StackVisitor::visit):
      * jsc.cpp:
      (FunctionJSCStackFunctor::operator()):
      * profiler/ProfileGenerator.cpp:
      (JSC::AddParentForConsoleStartFunctor::operator()):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::operator()):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::GlobalFuncProtoGetterFunctor::operator()):
      (JSC::GlobalFuncProtoSetterFunctor::operator()):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/interpreter/StackIterator.h: Removed.
      * ForwardingHeaders/interpreter/StackVisitor.h: Copied from Source/WebCore/ForwardingHeaders/interpreter/StackIterator.h.
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::operator()):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::CreateScriptCallStackFunctor::operator()):
      (WebCore::CreateScriptCallStackForConsoleFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155081 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fa2a142f
    • roger_fong@apple.com's avatar
      Unreviewed Build fix for Windows DebugSuffix configuration. · a4be6512
      roger_fong@apple.com authored
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155076 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4be6512
    • mark.lam@apple.com's avatar
      Refining the StackIterator callback interface. · 99c89d43
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120695.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Introduce CallFrame::iterate() which instantiates a StackIterator and
      invoke its iterate() method with the passed in functor. The only place
      where the client code gets access to the StackIterator now is as an
      argument to the client's functor.
      
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::iterate):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::unwind):
      * interpreter/StackIterator.cpp:
      (JSC::StackIterator::StackIterator):
      (DebugPrintFrameFunctor::DebugPrintFrameFunctor):
      (DebugPrintFrameFunctor::operator()):
      (debugPrintCallFrame):
      (debugPrintStack):
      * interpreter/StackIterator.h:
      (JSC::StackIterator::iterate):
      * jsc.cpp:
      (functionJSCStack):
      * profiler/ProfileGenerator.cpp:
      (JSC::ProfileGenerator::addParentForConsoleStart):
      * runtime/JSFunction.cpp:
      (JSC::retrieveArguments):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      (JSC::retrieveCallerFunction):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoGetter):
      (JSC::globalFuncProtoSetter):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetPrototypeOf):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::SendFunctor):
      (WebCore::SendFunctor::line):
      (WebCore::SendFunctor::url):
      (WebCore::SendFunctor::operator()):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155075 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      99c89d43
    • benjamin@webkit.org's avatar
      JSGenericTypedArrayViewConstructor.h is referenced twice in the XCode project... · b1bac53f
      benjamin@webkit.org authored
      JSGenericTypedArrayViewConstructor.h is referenced twice in the XCode project build section, causing warnings
      https://bugs.webkit.org/show_bug.cgi?id=120698
      
      Reviewed by Darin Adler.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155064 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b1bac53f
    • mhahnenberg@apple.com's avatar
      ASSERT in MarkedAllocator::allocateSlowCase is wrong · 077d0425
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120639
      
      Reviewed by Oliver Hunt.
      
      ASSERT(!m_heap->shouldCollect()) is no longer true due to our use of the GC
      deferral mechanism. We could technically be beyond our byte allocation limit,
      but still not try to collect due to deferral. This patch amends shouldCollect()
      to return false if GC is currently deferred.
      
      * heap/Heap.h:
      (JSC::Heap::shouldCollect):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      077d0425
    • fpizlo@apple.com's avatar
      The DFG should be able to tier-up and OSR enter into the FTL · 532f1e51
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112838
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      This adds the ability for the DFG to tier-up into the FTL. This works in both
      of the expected tier-up modes:
              
      Replacement: frequently called functions eventually have their entrypoint
      replaced with one that goes into FTL-compiled code. Note, this will be a
      slow-down for now since we don't yet have LLVM calling convention integration.
              
      OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
              
      This means that if the DFG detects that a function is an FTL candidate, it
      inserts execution counting code similar to the kind that the baseline JIT
      would use. If you trip on a loop count in a loop header that is an OSR
      candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
      OSR almost always also implies future replacement.
              
      OSR entry into the FTL is really cool. It uses a specialized FTL compile of
      the code, where early in the DFG pipeline we replace the original root block
      with an OSR entrypoint block that jumps to the pre-header of the hot loop.
      The OSR entrypoint loads all live state at the loop pre-header using loads
      from a scratch buffer, which gets populated by the runtime's OSR entry
      preparation code (FTL::prepareOSREntry()). This approach appears to work well
      with all of our subsequent optimizations, including prediction propagation,
      CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
      with concurrent compilation: when we hit the tier-up trigger we spawn a
      compilation plan at the bytecode index from which we triggered; once the
      compilation finishes the next trigger will try to enter, at that bytecode
      index. If it can't - for example because the code has moved on to another
      loop - then we just try again. Loops that get hot enough for OSR entry (about
      25,000 iterations) will probably still be running when a concurrent compile
      finishes, so this doesn't appear to be a big problem.
              
      This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
      get a bigger speed-up by adding some more intelligence and tweaking LLVM to
      compile code faster. Those things will happen eventually but this is a good
      start. Probably this code will see more tuning as we get more coverage in the
      FTL JIT, but I'll worry about that in future patches.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::killBlockAndItsContents):
      (JSC::DFG::Graph::killUnreachableBlocks):
      * dfg/DFGGraph.h:
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      (JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
      (JSC::DFG::JITCode::optimizeNextInvocation):
      (JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
      (JSC::DFG::JITCode::optimizeAfterWarmUp):
      (JSC::DFG::JITCode::optimizeSoon):
      (JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
      (JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
      * dfg/DFGJITCode.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGLoopPreHeaderCreationPhase.cpp:
      (JSC::DFG::createPreHeader):
      (JSC::DFG::LoopPreHeaderCreationPhase::run):
      * dfg/DFGLoopPreHeaderCreationPhase.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasUnlinkedLocal):
      (JSC::DFG::Node::unlinkedLocal):
      * dfg/DFGNodeType.h:
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp: Added.
      (JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
      (JSC::DFG::OSREntrypointCreationPhase::run):
      (JSC::DFG::performOSREntrypointCreation):
      * dfg/DFGOSREntrypointCreationPhase.h: Added.
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGPlan.h:
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
      (JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
      (JSC::DFG::TierUpCheckInjectionPhase::run):
      (JSC::DFG::performTierUpCheckInjection):
      * dfg/DFGTierUpCheckInjectionPhase.h: Added.
      * dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLDeferredCompilationCallback.h: Added.
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLCapabilities.h:
      * ftl/FTLForOSREntryJITCode.cpp: Added.
      (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
      (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
      * ftl/FTLForOSREntryJITCode.h: Added.
      (JSC::FTL::ForOSREntryJITCode::entryBuffer):
      (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::countEntryFailure):
      (JSC::FTL::ForOSREntryJITCode::entryFailureCount):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::addWeakReference):
      * ftl/FTLOSREntry.cpp: Added.
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSREntry.h: Added.
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::crashNonTerminal):
      (JSC::FTL::Output::crash):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * interpreter/Register.h:
      (JSC::Register::unboxedDouble):
      * jit/JIT.cpp:
      (JSC::JIT::emitEnterOptimizationCheck):
      * jit/JITCode.cpp:
      (JSC::JITCode::ftlForOSREntry):
      * jit/JITCode.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      * runtime/Options.h:
      * runtime/VM.cpp:
      (JSC::VM::ensureWorklist):
      * runtime/VM.h:
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
              
      Fix marsaglia to check the result instead of printing, and add a second
      version that relies on OSR entry.
      
      * fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
      * fast/js/regress/marsaglia-osr-entry.html: Added.
      * fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
      (marsaglia):
      * fast/js/regress/script-tests/marsaglia.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      532f1e51
  5. 03 Sep, 2013 5 commits
    • fpizlo@apple.com's avatar
      CodeBlock memory cost reporting should be rationalized · 7c084e07
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120615
      
      Source/JavaScriptCore: 
      
      Reviewed by Darin Adler.
              
      Report the size of the instruction stream, and then remind the GC that we're
      using memory when we trace.
              
      This is a slight slow-down on some JSBench tests because it makes us GC a
      bit more frequently. But I think it's well worth it; if we really want those
      tests to GC less frequently then we can achieve that through other kinds of
      tuning. It's better that the GC knows that CodeBlocks do in fact use memory;
      what it does with that information is a somewhat orthogonal question.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      
      Source/WTF: 
      
      Reviewed by Darin Adler.
      
      * wtf/RefCountedArray.h:
      (WTF::RefCountedArray::refCount):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155021 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7c084e07
    • mark.lam@apple.com's avatar
      Converting StackIterator to a callback interface. · bce4c9ba
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120564.
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      * API/JSContextRef.cpp:
      (BacktraceFunctor::BacktraceFunctor):
      (BacktraceFunctor::operator()):
      (JSContextCreateBacktrace):
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::DumpRegisterFunctor::DumpRegisterFunctor):
      (JSC::DumpRegisterFunctor::operator()):
      (JSC::Interpreter::dumpRegisters):
      (JSC::unwindCallFrame):
      (JSC::GetStackTraceFunctor::GetStackTraceFunctor):
      (JSC::GetStackTraceFunctor::operator()):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::stackTraceAsString):
      (JSC::UnwindFunctor::UnwindFunctor):
      (JSC::UnwindFunctor::operator()):
      (JSC::Interpreter::unwind):
      * interpreter/Interpreter.h:
      * interpreter/StackIterator.cpp:
      (JSC::StackIterator::numberOfFrames):
      (JSC::StackIterator::gotoFrameAtIndex):
      (JSC::StackIterator::gotoNextFrameWithFilter):
      (JSC::StackIterator::resetIterator):
      (JSC::StackIterator::Frame::print):
      (debugPrintCallFrame):
      (DebugPrintStackFunctor::operator()):
      (debugPrintStack): Added for debugging convenience.
      * interpreter/StackIterator.h:
      (JSC::StackIterator::Frame::index):
      (JSC::StackIterator::iterate):
      * jsc.cpp:
      (FunctionJSCStackFunctor::FunctionJSCStackFunctor):
      (FunctionJSCStackFunctor::operator()):
      (functionJSCStack):
      * profiler/ProfileGenerator.cpp:
      (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
      (JSC::AddParentForConsoleStartFunctor::foundParent):
      (JSC::AddParentForConsoleStartFunctor::operator()):
      (JSC::ProfileGenerator::addParentForConsoleStart):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
      (JSC::RetrieveArgumentsFunctor::result):
      (JSC::RetrieveArgumentsFunctor::operator()):
      (JSC::retrieveArguments):
      (JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
      (JSC::RetrieveCallerFunctionFunctor::result):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      (JSC::retrieveCallerFunction):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::GlobalFuncProtoGetterFunctor::GlobalFuncProtoGetterFunctor):
      (JSC::GlobalFuncProtoGetterFunctor::result):
      (JSC::GlobalFuncProtoGetterFunctor::operator()):
      (JSC::globalFuncProtoGetter):
      (JSC::GlobalFuncProtoSetterFunctor::GlobalFuncProtoSetterFunctor):
      (JSC::GlobalFuncProtoSetterFunctor::allowsAccess):
      (JSC::GlobalFuncProtoSetterFunctor::operator()):
      (JSC::globalFuncProtoSetter):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
      (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
      (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
      (JSC::objectConstructorGetPrototypeOf):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::SendFunctor):
      (WebCore::SendFunctor::hasViableFrame):
      (WebCore::SendFunctor::operator()):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::CreateScriptCallStackFunctor::CreateScriptCallStackFunctor):
      (WebCore::CreateScriptCallStackFunctor::operator()):
      (WebCore::createScriptCallStack):
      (WebCore::CreateScriptCallStackForConsoleFunctor::CreateScriptCallStackForConsoleFunctor):
      (WebCore::CreateScriptCallStackForConsoleFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155013 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bce4c9ba
    • oliver@apple.com's avatar
      Support structured clone of Map and Set · 901740c2
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120654
      
      Reviewed by Simon Fraser.
      
      Source/JavaScriptCore:
      
      Make xcode copy the required headers, and add appropriate export attributes
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSMap.h:
      * runtime/JSSet.h:
      * runtime/MapData.h:
      
      Source/WebCore:
      
      Add support for cloning Map and Set.  Fairly self explanatory change.
      Needed to add Forwarding headers for the JSMap, JSSet and MapData classes.
      
      * ForwardingHeaders/runtime/JSMap.h: Added.
      * ForwardingHeaders/runtime/JSSet.h: Added.
      * ForwardingHeaders/runtime/MapData.h: Added.
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::isMap):
      (WebCore::CloneSerializer::isSet):
      (WebCore::CloneSerializer::startSet):
      (WebCore::CloneSerializer::startMap):
      (WebCore::CloneSerializer::serialize):
      (WebCore::CloneDeserializer::consumeMapDataTerminationIfPossible):
      (WebCore::CloneDeserializer::deserialize):
      
      LayoutTests:
      
      Tests!
      
      * fast/dom/Window/script-tests/postmessage-clone.js:
      (set new):
      (set add.set add):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155008 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      901740c2
    • rniwa@webkit.org's avatar
      Support the "json" responseType and JSON response entity in XHR · 89ac8962
      rniwa@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=73648
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Based on the patch written by Jarred Nicholls.
      
      Add JSC::JSONParse. This function will be used in XMLHttpRequest.response of type 'json'.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSONObject.cpp:
      (JSC::JSONParse):
      * runtime/JSONObject.h:
      
      Source/WebCore: 
      
      Based on the patch written by Jarred Nicholls.
      
      Implement 'json' type for XMLHttpRequest.response. We cache the result on JSC side as a cached attribute
      unlike other response types like 'document' and 'blob' for which the parsed response object is cached
      in XMLHttpRequest itself. In the long run, we should do the same for other types of response types.
      
      Also refactored the various code to share the code.
      
      Tests: fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html
             fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html
             fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html
      
      * ForwardingHeaders/runtime/JSONObject.h: Added.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      (WebCore::JSXMLHttpRequest::response): Use JSONParse to parse the response text and cache the result.
      Call didCacheResponseJSON to set the cache status and clear the original response buffer.
      
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::XMLHttpRequest): Added m_responseCacheIsValid to invalidate the cache of
      a json response.
      (WebCore::XMLHttpRequest::responseText):
      (WebCore::XMLHttpRequest::didCacheResponseJSON): Added; Updates m_responseCacheIsValid and clears the
      response buffer to save memory.
      (WebCore::XMLHttpRequest::responseXML):
      (WebCore::XMLHttpRequest::setResponseType):
      (WebCore::XMLHttpRequest::responseType):
      (WebCore::XMLHttpRequest::clearResponseBuffers):
      (WebCore::XMLHttpRequest::didReceiveData):
      
      * xml/XMLHttpRequest.h:
      (WebCore::XMLHttpRequest::doneWithoutErrors): Extracted from responseXML.
      (WebCore::XMLHttpRequest::responseTextIgnoringResponseType): Extracted from responseText.
      (WebCore::XMLHttpRequest::responseCacheIsValid): Added.
      (WebCore::XMLHttpRequest::shouldDecodeResponse): Extracted from didReceiveData.
      Also modified to decode when the response type is ResponseTypeJSON.
      
      * xml/XMLHttpRequest.idl: Added CachedAttribute IDL extention on response property. This cache is
      used when the response type is 'json'.
      
      LayoutTests: 
      
      Add regression tests for XMLHttpRequest.response of type 'json'.
      
      Two of these tests (valid & invalid) come from Jarred Nicholls's original patch.
      
      * fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json-utf-16.json: Added.
      * fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json.json: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154992 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      89ac8962
    • fpizlo@apple.com's avatar
      CodeBlock::jettison() should be implicit · 195d7b84
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120567
      
      Reviewed by Oliver Hunt.
              
      This is a risky change from a performance standpoint, but I believe it's
      necessary. This makes all CodeBlocks get swept by GC. Nobody but the GC
      can delete CodeBlocks because the GC always holds a reference to them.
      Once a CodeBlock reaches just one reference (i.e. the one from the GC)
      then the GC will free it only if it's not on the stack.
              
      This allows me to get rid of the jettisoning logic. We need this for FTL
      tier-up. Well; we don't need it, but it will help prevent a lot of bugs.
      Previously, if you wanted to to replace one code block with another, you
      had to remember to tell the GC that the previous code block is
      "jettisoned". We would need to do this when tiering up from DFG to FTL
      and when dealing with DFG-to-FTL OSR entry code blocks. There are a lot
      of permutations here - tiering up to the FTL, OSR entering into the FTL,
      deciding that an OSR entry code block is not relevant anymore - just to
      name a few. In each of these cases we'd have to jettison the previous
      code block. It smells like a huge source of future bugs.
              
      So I made jettisoning implicit by making the GC always watch out for a
      CodeBlock being owned solely by the GC.
              
      This change is performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::jettison):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      (JSC::CodeBlockSet::mark):
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * heap/CodeBlockSet.cpp: Added.
      (JSC::CodeBlockSet::CodeBlockSet):
      (JSC::CodeBlockSet::~CodeBlockSet):
      (JSC::CodeBlockSet::add):
      (JSC::CodeBlockSet::clearMarks):
      (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
      (JSC::CodeBlockSet::traceMarked):
      * heap/CodeBlockSet.h: Added.
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::add):
      * heap/ConservativeRoots.h:
      * heap/DFGCodeBlocks.cpp: Removed.
      * heap/DFGCodeBlocks.h: Removed.
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      * interpreter/JSStack.cpp:
      (JSC::JSStack::gatherConservativeRoots):
      * interpreter/JSStack.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154986 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      195d7b84
  6. 02 Sep, 2013 1 commit
    • darin@apple.com's avatar
      [Mac] No need for HardAutorelease, which is same as CFBridgingRelease · 7ee2f27f
      darin@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120569
      
      Reviewed by Andy Estes.
      
      Source/JavaScriptCore:
      
      * API/JSValue.mm:
      (valueToString): Use CFBridgingRelease.
      
      Source/WebCore:
      
      * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
      (AXTextMarkerRange):
      (AXTextMarkerRangeStart):
      (AXTextMarkerRangeEnd):
      (textMarkerForVisiblePosition):
      Use CFBridgingRelease.
      
      * platform/mac/KURLMac.mm:
      (WebCore::KURL::operator NSURL *): Use CFBridgingRelease.
      (WebCore::KURL::createCFURL): Get rid of needless local variable.
      
      * platform/mac/WebCoreNSURLExtras.mm:
      (WebCore::mapHostNameWithRange):
      (WebCore::URLWithData):
      (WebCore::userVisibleString):
      * platform/text/mac/StringImplMac.mm:
      (WTF::StringImpl::operator NSString *):
      Use CFBridgingRelease.
      
      Source/WebKit/mac:
      
      * Misc/WebNSFileManagerExtras.mm:
      (-[NSFileManager _webkit_startupVolumeName]): Removed some unneeded locals.
      Got rid of the pointless ref/leakRef/HardAutorelease dance, and replaced it
      with a [[x copy] autorelease].
      
      * Misc/WebNSURLExtras.mm:
      (-[NSURL _web_URLWithLowercasedScheme]): Use CFBridgingRelease, and got rid
      of unneeded type casts.
      
      * Plugins/WebBasePluginPackage.mm:
      (+[WebBasePluginPackage preferredLocalizationName]): Use CFBridgingRelease.
      * WebView/WebPDFRepresentation.mm:
      (-[WebPDFRepresentation convertPostScriptDataSourceToPDF:]): Ditto.
      
      * WebView/WebView.mm:
      (+[WebView _setCacheModel:]): Use CFBridgingRelease and got rid of unneeded
      type cast.
      
      Source/WebKit2:
      
      * Platform/mac/StringUtilities.mm:
      (WebKit::nsStringFromWebCoreString): Use CFBridgingRelease. Also
      changed condition to be a little cleaner and use a constant string for empty
      strings as well as null strings.
      
      * UIProcess/API/mac/WKBrowsingContextController.mm:
      (autoreleased): Switched from autorelease to CFBridgingRelease for strings,
      which eliminates a type cast and makes this work under GC, although I don't
      think we should compile WebKit2 for GC.
      
      * WebProcess/WebPage/mac/WKAccessibilityWebPageObject.mm:
      (-[WKAccessibilityWebPageObject accessibilityAttributeValue:forParameter:]):
      Use CFBridgingRelease.
      
      Source/WTF:
      
      * wtf/ObjcRuntimeExtras.h: Added a FIXME about miscapitalization of ObjC.
      Deleted HardAutorelease.
      (wtfObjcMsgSend): Dropped the use of abbreviations in local class and argument names.
      (wtfCallIMP): Ditto.
      
      Tools:
      
      * DumpRenderTree/mac/DumpRenderTree.mm:
      (dump): Use CFBridgingRelease.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154963 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7ee2f27f
  7. 31 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      CodeBlock refactoring broke profile dumping · 669223d4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120551
      
      Reviewed by Michael Saboff.
              
      Fix the bug, and did a big clean-up of how Executable returns CodeBlocks. A lot
      of the problems we have with code like CodeBlock::baselineVersion() is that we
      were trying *way too hard* to side-step the fact that Executable can't return a
      CodeBlock*. Previously it could only return CodeBlock&, so if it didn't have a
      CodeBlock yet, you were screwed. And if you didn't know, or weren't sure, if it
      did have a CodeBlock, you were really going to have a bad time. Also it really
      bugs me that the methods were called generatedBytecode(). In all other contexts
      if you ask for a CodeBlock, then method to call is codeBlock(). So I made all
      of those changes.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::baselineVersion):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::CodeBlock::globalObjectFor):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::hash):
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITCode.h:
      (JSC::JITCode::isExecutableScript):
      (JSC::JITCode::isLowerTier):
      * jit/JITStubs.cpp:
      (JSC::lazyLinkFor):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      (JSC::EvalExecutable::codeBlock):
      (JSC::ProgramExecutable::codeBlock):
      (JSC::FunctionExecutable::eitherCodeBlock):
      (JSC::FunctionExecutable::codeBlockForCall):
      (JSC::FunctionExecutable::codeBlockForConstruct):
      (JSC::FunctionExecutable::codeBlockFor):
      * runtime/FunctionExecutableDump.cpp:
      (JSC::FunctionExecutableDump::dump):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154935 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      669223d4
  8. 30 Aug, 2013 4 commits
    • oliver@apple.com's avatar
      Implement ES6 Set class · b8d80ed3
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120549
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      We simply reuse the MapData type from JSMap making the
      it much simpler.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::setStructure):
      * runtime/JSSet.cpp: Added.
      (JSC::JSSet::visitChildren):
      (JSC::JSSet::finishCreation):
      * runtime/JSSet.h: Added.
      (JSC::JSSet::createStructure):
      (JSC::JSSet::create):
      (JSC::JSSet::mapData):
      (JSC::JSSet::JSSet):
      * runtime/SetConstructor.cpp: Added.
      (JSC::SetConstructor::finishCreation):
      (JSC::callSet):
      (JSC::constructSet):
      (JSC::SetConstructor::getConstructData):
      (JSC::SetConstructor::getCallData):
      * runtime/SetConstructor.h: Added.
      (JSC::SetConstructor::create):
      (JSC::SetConstructor::createStructure):
      (JSC::SetConstructor::SetConstructor):
      * runtime/SetPrototype.cpp: Added.
      (JSC::SetPrototype::finishCreation):
      (JSC::getMapData):
      (JSC::setProtoFuncAdd):
      (JSC::setProtoFuncClear):
      (JSC::setProtoFuncDelete):
      (JSC::setProtoFuncForEach):
      (JSC::setProtoFuncHas):
      (JSC::setProtoFuncSize):
      * runtime/SetPrototype.h: Added.
      (JSC::SetPrototype::create):
      (JSC::SetPrototype::createStructure):
      (JSC::SetPrototype::SetPrototype):
      
      LayoutTests:
      
      Add tests
      
      * fast/js/basic-set-expected.txt: Added.
      * fast/js/basic-set.html: Added.
      * fast/js/script-tests/basic-set.js: Added.
      (set new):
      (otherString.string_appeared_here.set add):
      (try.set forEach):
      (set forEach):
      (set gc):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154916 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b8d80ed3
    • oliver@apple.com's avatar
      Make JSValue bool conversion less dangerous · 02fe0141
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120505
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore:
      
      Replaces JSValue::operator bool() with a operator UnspecifiedBoolType* as
      we do elsewhere.  Then fix the places where terrible type coercion was
      happening.  All of the changes made had no fundamental behavioural impact
      as they were coercion results that were ignored (returning undefined
      after an exception).
      
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::hadException):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::operator UnspecifiedBoolType*):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
      * runtime/PropertyDescriptor.cpp:
      (JSC::PropertyDescriptor::equalTo)
      
      Source/WTF:
      
      Make LIKELY and UNLIKELY macros coerce to bool before
      passing to expect.
      
      * wtf/Compiler.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02fe0141
    • commit-queue@webkit.org's avatar
      Cleaning errorDescriptionForValue after r154839 · 72c343e0
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=120531
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-30
      Reviewed by Darin Adler.
      
      Changed the assert to ASSERT_NOT_REACHED, now that r154839 has landed. errorDescriptionForValue
      can assert again that the parameterized JSValue is !isEmpty().
      
      * runtime/ExceptionHelpers.cpp:
      (JSC::errorDescriptionForValue):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154892 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      72c343e0
    • antti@apple.com's avatar
      Remove code behind ENABLE(DIALOG_ELEMENT) · 12e3b732
      antti@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120467
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit/blackberry: 
      
      * WebCoreSupport/AboutDataEnableFeatures.in:
      
      Source/WebKit/mac: 
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2: 
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WTF: 
      
      * wtf/FeatureDefines.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154870 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      12e3b732
  9. 29 Aug, 2013 3 commits