1. 07 Sep, 2013 2 commits
    • andersca@apple.com's avatar
      VectorMover should use std::move · 2d655a2f
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120959
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Work around a bug in GCC by changing the type of the callType bitfield
      in CallLinkInfo to be unsigned instead of CallType.
      
      * bytecode/CallLinkInfo.h:
      
      Source/WTF:
      
      This lets the compiler use move constructors when moving data, which can be a performance improvement.
      If the vector element type isn't movable it will be copied instead.
      
      * wtf/Vector.h:
      (WTF::VectorTypeOperations::move):
      (WTF::VectorTypeOperations::moveOverlapping):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155258 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2d655a2f
    • andersca@apple.com's avatar
      Get rid of FastAllocBase.h · 3d185a87
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120952
      
      Reviewed by Antti Koivisto.
      
      Source/JavaScriptCore:
      
      Include FastMalloc.h instead of FastAllocBase.h.
      
      * assembler/LinkBuffer.h:
      * bytecode/CodeBlock.h:
      * bytecode/StructureStubClearingWatchpoint.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGLongLivedState.h:
      * dfg/DFGSlowPathGenerator.h:
      * ftl/FTLAbstractHeap.h:
      * heap/JITStubRoutineSet.h:
      * jit/CompactJITCodeMap.h:
      * profiler/ProfilerDatabase.h:
      * profiler/ProfilerExecutionCounter.h:
      
      Source/WebCore:
      
      Include FastMalloc.h instead of FastAllocBase.h.
      
      * Modules/webdatabase/SQLTransactionClient.h:
      * bindings/js/GCController.h:
      * bridge/Bridge.h:
      * bridge/IdentifierRep.h:
      * dom/DocumentStyleSheetCollection.h:
      * dom/TransformSource.h:
      * html/InputType.h:
      * inspector/InspectorCounters.h:
      * inspector/InstrumentingAgents.h:
      * inspector/WorkerInspectorController.h:
      * loader/cache/CachedResourceClient.h:
      * page/FrameActionScheduler.h:
      * platform/Length.h:
      * platform/MemoryPressureHandler.h:
      * platform/ScrollAnimator.h:
      * platform/SharedTimer.h:
      * platform/audio/gstreamer/FFTFrameGStreamer.cpp:
      * platform/cairo/WidgetBackingStore.h:
      * platform/graphics/Color.h:
      * platform/graphics/FontData.h:
      * platform/graphics/Path.h:
      * platform/graphics/qt/FontCustomPlatformData.h:
      * platform/graphics/transforms/AffineTransform.h:
      * platform/graphics/transforms/TransformationMatrix.h:
      * platform/gtk/GtkDragAndDropHelper.h:
      * platform/gtk/GtkPopupMenu.h:
      * platform/network/NetworkStateNotifier.h:
      * platform/sql/SQLiteTransaction.h:
      * platform/text/enchant/TextCheckerEnchant.h:
      * rendering/RenderArena.h:
      * rendering/TableLayout.h:
      * rendering/style/StyleCustomFilterProgram.h:
      * rendering/style/StyleCustomFilterProgramCache.h:
      * svg/SVGPathConsumer.h:
      * workers/WorkerScriptLoader.h:
      
      Source/WTF:
      
      FastAllocBase.h now only contains the WTF_MAKE_FAST_ALLOCATED macro.
      Move that macro to FastMalloc.h instead and remove FastAllocBase.h.
      
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.vcxproj/WTF.vcxproj.filters:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/DeferrableRefCounted.h:
      * wtf/FastAllocBase.h: Removed.
      * wtf/FastMalloc.h:
      * wtf/HashSet.h:
      * wtf/MediaTime.h:
      * wtf/PrintStream.h:
      * wtf/RefCounted.h:
      * wtf/RefPtr.h:
      * wtf/ThreadingPrimitives.h:
      * wtf/Vector.h:
      * wtf/gobject/GMutexLocker.h:
      * wtf/unicode/Collator.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155251 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3d185a87
  2. 05 Sep, 2013 1 commit
    • msaboff@apple.com's avatar
      Cleanup formatting of byte code debug output · c580864f
      msaboff@apple.com authored
      Source/JavaScriptCore/ChangeLog
      
      Rubber stamped by Filip Pizlo.
      
      Put the formatting of the byte code offset and operation into one common function to
      simplify and unify formatting.  Changed CodeBlock::registerName() to return
      "thist" for argument register 0, "argN" for other argument registers and "locN" for
      local registers.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::registerName):
      (JSC::CodeBlock::printUnaryOp):
      (JSC::CodeBlock::printBinaryOp):
      (JSC::CodeBlock::printConditionalJump):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::printPutByIdOp):
      (JSC::CodeBlock::dumpBytecode):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::printLocationAndOp):
      (JSC::CodeBlock::printLocationOpAndRegisterOperand):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155159 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c580864f
  3. 04 Sep, 2013 1 commit
    • fpizlo@apple.com's avatar
      The DFG should be able to tier-up and OSR enter into the FTL · 532f1e51
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112838
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      This adds the ability for the DFG to tier-up into the FTL. This works in both
      of the expected tier-up modes:
              
      Replacement: frequently called functions eventually have their entrypoint
      replaced with one that goes into FTL-compiled code. Note, this will be a
      slow-down for now since we don't yet have LLVM calling convention integration.
              
      OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
              
      This means that if the DFG detects that a function is an FTL candidate, it
      inserts execution counting code similar to the kind that the baseline JIT
      would use. If you trip on a loop count in a loop header that is an OSR
      candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
      OSR almost always also implies future replacement.
              
      OSR entry into the FTL is really cool. It uses a specialized FTL compile of
      the code, where early in the DFG pipeline we replace the original root block
      with an OSR entrypoint block that jumps to the pre-header of the hot loop.
      The OSR entrypoint loads all live state at the loop pre-header using loads
      from a scratch buffer, which gets populated by the runtime's OSR entry
      preparation code (FTL::prepareOSREntry()). This approach appears to work well
      with all of our subsequent optimizations, including prediction propagation,
      CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
      with concurrent compilation: when we hit the tier-up trigger we spawn a
      compilation plan at the bytecode index from which we triggered; once the
      compilation finishes the next trigger will try to enter, at that bytecode
      index. If it can't - for example because the code has moved on to another
      loop - then we just try again. Loops that get hot enough for OSR entry (about
      25,000 iterations) will probably still be running when a concurrent compile
      finishes, so this doesn't appear to be a big problem.
              
      This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
      get a bigger speed-up by adding some more intelligence and tweaking LLVM to
      compile code faster. Those things will happen eventually but this is a good
      start. Probably this code will see more tuning as we get more coverage in the
      FTL JIT, but I'll worry about that in future patches.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::killBlockAndItsContents):
      (JSC::DFG::Graph::killUnreachableBlocks):
      * dfg/DFGGraph.h:
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      (JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
      (JSC::DFG::JITCode::optimizeNextInvocation):
      (JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
      (JSC::DFG::JITCode::optimizeAfterWarmUp):
      (JSC::DFG::JITCode::optimizeSoon):
      (JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
      (JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
      * dfg/DFGJITCode.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGLoopPreHeaderCreationPhase.cpp:
      (JSC::DFG::createPreHeader):
      (JSC::DFG::LoopPreHeaderCreationPhase::run):
      * dfg/DFGLoopPreHeaderCreationPhase.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasUnlinkedLocal):
      (JSC::DFG::Node::unlinkedLocal):
      * dfg/DFGNodeType.h:
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp: Added.
      (JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
      (JSC::DFG::OSREntrypointCreationPhase::run):
      (JSC::DFG::performOSREntrypointCreation):
      * dfg/DFGOSREntrypointCreationPhase.h: Added.
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGPlan.h:
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
      (JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
      (JSC::DFG::TierUpCheckInjectionPhase::run):
      (JSC::DFG::performTierUpCheckInjection):
      * dfg/DFGTierUpCheckInjectionPhase.h: Added.
      * dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLDeferredCompilationCallback.h: Added.
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLCapabilities.h:
      * ftl/FTLForOSREntryJITCode.cpp: Added.
      (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
      (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
      * ftl/FTLForOSREntryJITCode.h: Added.
      (JSC::FTL::ForOSREntryJITCode::entryBuffer):
      (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::countEntryFailure):
      (JSC::FTL::ForOSREntryJITCode::entryFailureCount):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::addWeakReference):
      * ftl/FTLOSREntry.cpp: Added.
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSREntry.h: Added.
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::crashNonTerminal):
      (JSC::FTL::Output::crash):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * interpreter/Register.h:
      (JSC::Register::unboxedDouble):
      * jit/JIT.cpp:
      (JSC::JIT::emitEnterOptimizationCheck):
      * jit/JITCode.cpp:
      (JSC::JITCode::ftlForOSREntry):
      * jit/JITCode.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      * runtime/Options.h:
      * runtime/VM.cpp:
      (JSC::VM::ensureWorklist):
      * runtime/VM.h:
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
              
      Fix marsaglia to check the result instead of printing, and add a second
      version that relies on OSR entry.
      
      * fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
      * fast/js/regress/marsaglia-osr-entry.html: Added.
      * fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
      (marsaglia):
      * fast/js/regress/script-tests/marsaglia.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      532f1e51
  4. 03 Sep, 2013 2 commits
    • fpizlo@apple.com's avatar
      CodeBlock memory cost reporting should be rationalized · 7c084e07
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120615
      
      Source/JavaScriptCore: 
      
      Reviewed by Darin Adler.
              
      Report the size of the instruction stream, and then remind the GC that we're
      using memory when we trace.
              
      This is a slight slow-down on some JSBench tests because it makes us GC a
      bit more frequently. But I think it's well worth it; if we really want those
      tests to GC less frequently then we can achieve that through other kinds of
      tuning. It's better that the GC knows that CodeBlocks do in fact use memory;
      what it does with that information is a somewhat orthogonal question.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      
      Source/WTF: 
      
      Reviewed by Darin Adler.
      
      * wtf/RefCountedArray.h:
      (WTF::RefCountedArray::refCount):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155021 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7c084e07
    • fpizlo@apple.com's avatar
      CodeBlock::jettison() should be implicit · 195d7b84
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120567
      
      Reviewed by Oliver Hunt.
              
      This is a risky change from a performance standpoint, but I believe it's
      necessary. This makes all CodeBlocks get swept by GC. Nobody but the GC
      can delete CodeBlocks because the GC always holds a reference to them.
      Once a CodeBlock reaches just one reference (i.e. the one from the GC)
      then the GC will free it only if it's not on the stack.
              
      This allows me to get rid of the jettisoning logic. We need this for FTL
      tier-up. Well; we don't need it, but it will help prevent a lot of bugs.
      Previously, if you wanted to to replace one code block with another, you
      had to remember to tell the GC that the previous code block is
      "jettisoned". We would need to do this when tiering up from DFG to FTL
      and when dealing with DFG-to-FTL OSR entry code blocks. There are a lot
      of permutations here - tiering up to the FTL, OSR entering into the FTL,
      deciding that an OSR entry code block is not relevant anymore - just to
      name a few. In each of these cases we'd have to jettison the previous
      code block. It smells like a huge source of future bugs.
              
      So I made jettisoning implicit by making the GC always watch out for a
      CodeBlock being owned solely by the GC.
              
      This change is performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::jettison):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      (JSC::CodeBlockSet::mark):
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * heap/CodeBlockSet.cpp: Added.
      (JSC::CodeBlockSet::CodeBlockSet):
      (JSC::CodeBlockSet::~CodeBlockSet):
      (JSC::CodeBlockSet::add):
      (JSC::CodeBlockSet::clearMarks):
      (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
      (JSC::CodeBlockSet::traceMarked):
      * heap/CodeBlockSet.h: Added.
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::add):
      * heap/ConservativeRoots.h:
      * heap/DFGCodeBlocks.cpp: Removed.
      * heap/DFGCodeBlocks.h: Removed.
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      * interpreter/JSStack.cpp:
      (JSC::JSStack::gatherConservativeRoots):
      * interpreter/JSStack.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154986 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      195d7b84
  5. 31 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      CodeBlock refactoring broke profile dumping · 669223d4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120551
      
      Reviewed by Michael Saboff.
              
      Fix the bug, and did a big clean-up of how Executable returns CodeBlocks. A lot
      of the problems we have with code like CodeBlock::baselineVersion() is that we
      were trying *way too hard* to side-step the fact that Executable can't return a
      CodeBlock*. Previously it could only return CodeBlock&, so if it didn't have a
      CodeBlock yet, you were screwed. And if you didn't know, or weren't sure, if it
      did have a CodeBlock, you were really going to have a bad time. Also it really
      bugs me that the methods were called generatedBytecode(). In all other contexts
      if you ask for a CodeBlock, then method to call is codeBlock(). So I made all
      of those changes.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::baselineVersion):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::CodeBlock::globalObjectFor):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::hash):
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITCode.h:
      (JSC::JITCode::isExecutableScript):
      (JSC::JITCode::isLowerTier):
      * jit/JITStubs.cpp:
      (JSC::lazyLinkFor):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      (JSC::EvalExecutable::codeBlock):
      (JSC::ProgramExecutable::codeBlock):
      (JSC::FunctionExecutable::eitherCodeBlock):
      (JSC::FunctionExecutable::codeBlockForCall):
      (JSC::FunctionExecutable::codeBlockForConstruct):
      (JSC::FunctionExecutable::codeBlockFor):
      * runtime/FunctionExecutableDump.cpp:
      (JSC::FunctionExecutableDump::dump):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154935 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      669223d4
  6. 29 Aug, 2013 6 commits
    • akling@apple.com's avatar
      CodeBlock: LLIntCallLinkInfo vector can be sized-to-fit at creation. · 8b46ebcf
      akling@apple.com authored
      <https://webkit.org/b/120487>
      
      Reviewed by Oliver Hunt.
      
      CodeBlock::m_llintCallLinkInfos never changes size after creation, so make it a Vector
      instead of a SegmentedVector. Use resizeToFit() instead of grow() since we know the
      exact amount of space needed.
      
      * bytecode/CodeBlock.h:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::shrinkToFit):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154863 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8b46ebcf
    • fpizlo@apple.com's avatar
      Teach DFG::Worklist and its clients that it may be reused for different kinds of compilations · 6931c476
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120489
      
      Reviewed by Geoffrey Garen.
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we already have a
      DFG compilation but we've also started one or more FTL compilations, then we
      shouldn't get confused. Previously we would have gotten confused because we would
      see an in-process deferred compile (the FTL compile) and also an optimized
      replacement (the DFG code).
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we previously
      did two things in this order: triggered a tier-up compilation from the DFG into
      the FTL, and then jettisoned the DFG code because it exited a bunch, then we
      shouldn't be confused by the presence of an in-process deferred compile (the FTL
      compile). Previously we would have waited for that compile to finish; but the more
      sensible thing to do is to let it complete and then invalidate it, while at the
      same time enqueueing a DFG compile to create a new, more valid, DFG code block.
              
      If the DFG JIT hits a loop OSR entry trigger (into the FTL) and it has already
      triggered an FTL compile for replacement, then it should fire off a second compile
      instead of thinking that it can wait for that one to finish. Or vice-versa. We
      need to allow for two FTL compiles to be enqueued at the same time (one for
      replacement and one for OSR entry in a loop).
              
      Then there's also the problem that DFG::compile() is almost certainly going to be
      the hook for triggering both DFG compiles and the two kinds of FTL compiles, but
      right now there is no way to tell it which one you want.
              
      This fixes these problems and removes a bunch of potential confusion by making the
      key for a compile in the DFG::Worklist be a CompilationMode (one of DFGMode,
      FTLMode, or FTLForOSREntryMode). That mode is also passed to DFG::compile().
              
      Awkwardly, this still leaves us in a no DFG->FTL tier-up situation - so
      DFG::compile() is always passed DFGMode and then it might do an FTL compile if
      possible. Fixing that is a bigger issue for a later changeset.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::checkIfOptimizationThresholdReached):
      * dfg/DFGCompilationKey.cpp: Added.
      (JSC::DFG::CompilationKey::dump):
      * dfg/DFGCompilationKey.h: Added.
      (JSC::DFG::CompilationKey::CompilationKey):
      (JSC::DFG::CompilationKey::operator!):
      (JSC::DFG::CompilationKey::isHashTableDeletedValue):
      (JSC::DFG::CompilationKey::profiledBlock):
      (JSC::DFG::CompilationKey::mode):
      (JSC::DFG::CompilationKey::operator==):
      (JSC::DFG::CompilationKey::hash):
      (JSC::DFG::CompilationKeyHash::hash):
      (JSC::DFG::CompilationKeyHash::equal):
      * dfg/DFGCompilationMode.cpp: Added.
      (WTF::printInternal):
      * dfg/DFGCompilationMode.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::key):
      * dfg/DFGPlan.h:
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::enqueue):
      (JSC::DFG::Worklist::compilationState):
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * dfg/DFGWorklist.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154854 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6931c476
    • fpizlo@apple.com's avatar
      CodeBlock's magic for scaling tier-up thresholds should be more reusable · e5b68643
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120486
      
      Reviewed by Oliver Hunt.
              
      Removed the counterValueForBlah() methods and exposed the reusable scaling logic
      as a adjustedCounterValue() method.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::adjustedCounterValue):
      (JSC::CodeBlock::optimizeAfterWarmUp):
      (JSC::CodeBlock::optimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeSoon):
      * bytecode/CodeBlock.h:
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::handleExitCounts):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e5b68643
    • fpizlo@apple.com's avatar
      CodeBlock::prepareForExecution() is silly · 1342e7a8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120453
      
      Reviewed by Oliver Hunt.
              
      Instead of saying:
              
          codeBlock->prepareForExecution(stuff, BaselineJIT, more stuff)
              
      we should just say:
              
          JIT::compile(stuff, codeBlock, more stuff);
              
      And similarly for the LLInt and DFG.
              
      This kills a bunch of code, since CodeBlock::prepareForExecution() is just a
      wrapper that uses the JITType argument to call into the appropriate execution
      engine, which is what the user wanted to do in the first place.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntEntrypoint.cpp: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.cpp.
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      (JSC::LLInt::setEntrypoint):
      * llint/LLIntEntrypoint.h: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.h.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154833 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1342e7a8
    • fpizlo@apple.com's avatar
      CodeBlock compilation and installation should be simplified and rationalized · 62b6af85
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120326
      
      Reviewed by Oliver Hunt.
              
      Rolling r154804 back in after fixing no-LLInt build.
              
      Previously Executable owned the code for generating JIT code; you always had
      to go through Executable. But often you also had to go through CodeBlock,
      because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
      So you'd ask CodeBlock to do something, which would dispatch through a
      virtual method that would select the appropriate Executable subtype's method.
      This all meant that the same code would often be duplicated, because most of
      the work needed to compile something was identical regardless of code type.
      But then we tried to fix this, by having templatized helpers in
      ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
      out what happened when you asked for something to be compiled, you'd go on a
      wild ride that started with CodeBlock, touched upon Executable, and then
      ricocheted into either ExecutionHarness or JITDriver (likely both).
              
      Another awkwardness was that for concurrent compiles, the DFG::Worklist had
      super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
      done once the compilation finished.
              
      Also, most of the DFG JIT drivers assumed that they couldn't install the
      JITCode into the CodeBlock directly - instead they would return it via a
      reference, which happened to be a reference to the JITCode pointer in
      Executable. This was super weird.
              
      Finally, there was no notion of compiling code into a special CodeBlock that
      wasn't used for handling calls into an Executable. I'd like this for FTL OSR
      entry.
              
      This patch solves these problems by reducing all of that complexity into just
      three primitives:
              
      - Executable::newCodeBlock(). This gives you a new code block, either for call
        or for construct, and either to serve as the baseline code or the optimized
        code. The new code block is then owned by the caller; Executable doesn't
        register it anywhere. The new code block has no JITCode and isn't callable,
        but it has all of the bytecode.
              
      - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
        produces a JITCode, and then installs the JITCode into the CodeBlock. This
        method takes a JITType, and always compiles with that JIT. If you ask for
        JITCode::InterpreterThunk then you'll get JITCode that just points to the
        LLInt entrypoints. Once this returns, it is possible to call into the
        CodeBlock if you do so manually - but the Executable still won't know about
        it so JS calls to that Executable will still be routed to whatever CodeBlock
        is associated with the Executable.
              
      - Executable::installCode(). This takes a CodeBlock and makes it the code-for-
        entry for that Executable. This involves unlinking the Executable's last
        CodeBlock, if there was one. This also tells the GC about any effect on
        memory usage and does a bunch of weird data structure rewiring, since
        Executable caches some of CodeBlock's fields for the benefit of virtual call
        fast paths.
              
      This functionality is then wrapped around three convenience methods:
              
      - Executable::prepareForExecution(). If there is no code block for that
        Executable, then one is created (newCodeBlock()), compiled
        (CodeBlock::prepareForExecution()) and installed (installCode()).
              
      - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
        can serve as an optimized replacement of the current one.
              
      - CodeBlock::install(). Asks the Executable to install this code block.
              
      This patch allows me to kill *a lot* of code and to remove a lot of
      specializations for functions vs. not-functions, and a lot of places where we
      pass around JITCode references and such. ExecutionHarness and JITDriver are
      both gone. Overall this patch has more red than green.
              
      It also allows me to work on FTL OSR entry and tier-up:
              
      - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
        to do some compilation, but it will require the DFG::Worklist to do
        something different than what JITStubs.cpp would want, once the compilation
        finishes. This patch introduces a callback mechanism for that purpose.
              
      - FTL OSR entry: this will involve creating a special auto-jettisoned
        CodeBlock that is used only for FTL OSR entry. The new set of primitives
        allows for this: Executable can vend you a fresh new CodeBlock, and you can
        ask that CodeBlock to compile itself with any JIT of your choosing. Or you
        can take that CodeBlock and compile it yourself. Previously the act of
        producing a CodeBlock-for-optimization and the act of compiling code for it
        were tightly coupled; now you can separate them and you can create such
        auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::prepareForExecutionImpl):
      (JSC::CodeBlock::prepareForExecution):
      (JSC::CodeBlock::prepareForExecutionAsynchronously):
      (JSC::CodeBlock::install):
      (JSC::CodeBlock::newReplacement):
      (JSC::FunctionCodeBlock::jettisonImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasBaselineJITProfiling):
      * bytecode/DeferredCompilationCallback.cpp: Added.
      (JSC::DeferredCompilationCallback::DeferredCompilationCallback):
      (JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
      * bytecode/DeferredCompilationCallback.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::tryCompile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::notifyReady):
      (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
      (JSC::DFG::Plan::finalizeAndNotifyCallback):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      (JSC::Heap::isDeferred):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Removed.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Added.
      (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::create):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
      * jit/JITToDFGDeferredCompilationCallback.h: Added.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      (JSC::ScriptExecutable::newCodeBlockFor):
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ScriptExecutable::prepareForExecution):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * runtime/ExecutionHarness.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154824 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62b6af85
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r154804. · ea1f9022
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/154804
      https://bugs.webkit.org/show_bug.cgi?id=120477
      
      Broke Windows build (assumes LLInt features not enabled on
      this build) (Requested by bfulgham on #webkit).
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::reoptimize):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::ProgramCodeBlock::compileOptimized):
      (JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::EvalCodeBlock::compileOptimized):
      (JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::FunctionCodeBlock::compileOptimized):
      (JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::jitType):
      (JSC::CodeBlock::jitCompile):
      * bytecode/DeferredCompilationCallback.cpp: Removed.
      * bytecode/DeferredCompilationCallback.h: Removed.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::finalize):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Added.
      (JSC::jitCompileIfAppropriateImpl):
      (JSC::jitCompileFunctionIfAppropriateImpl):
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Removed.
      * jit/JITToDFGDeferredCompilationCallback.h: Removed.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::jitCompile):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ExecutableBase::catchRoutineFor):
      (JSC::EvalExecutable::compile):
      (JSC::ProgramExecutable::compile):
      (JSC::FunctionExecutable::compileForCall):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC::prepareForExecutionImpl):
      (JSC::prepareFunctionForExecutionImpl):
      (JSC::installOptimizedCode):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      (JSC::replaceWithDeferredOptimizedCode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154814 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea1f9022
  7. 28 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      CodeBlock compilation and installation should be simplified and rationalized · 4ea262e2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120326
      
      Reviewed by Oliver Hunt.
              
      Previously Executable owned the code for generating JIT code; you always had
      to go through Executable. But often you also had to go through CodeBlock,
      because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
      So you'd ask CodeBlock to do something, which would dispatch through a
      virtual method that would select the appropriate Executable subtype's method.
      This all meant that the same code would often be duplicated, because most of
      the work needed to compile something was identical regardless of code type.
      But then we tried to fix this, by having templatized helpers in
      ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
      out what happened when you asked for something to be compiled, you'd go on a
      wild ride that started with CodeBlock, touched upon Executable, and then
      ricocheted into either ExecutionHarness or JITDriver (likely both).
              
      Another awkwardness was that for concurrent compiles, the DFG::Worklist had
      super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
      done once the compilation finished.
              
      Also, most of the DFG JIT drivers assumed that they couldn't install the
      JITCode into the CodeBlock directly - instead they would return it via a
      reference, which happened to be a reference to the JITCode pointer in
      Executable. This was super weird.
              
      Finally, there was no notion of compiling code into a special CodeBlock that
      wasn't used for handling calls into an Executable. I'd like this for FTL OSR
      entry.
              
      This patch solves these problems by reducing all of that complexity into just
      three primitives:
              
      - Executable::newCodeBlock(). This gives you a new code block, either for call
        or for construct, and either to serve as the baseline code or the optimized
        code. The new code block is then owned by the caller; Executable doesn't
        register it anywhere. The new code block has no JITCode and isn't callable,
        but it has all of the bytecode.
              
      - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
        produces a JITCode, and then installs the JITCode into the CodeBlock. This
        method takes a JITType, and always compiles with that JIT. If you ask for
        JITCode::InterpreterThunk then you'll get JITCode that just points to the
        LLInt entrypoints. Once this returns, it is possible to call into the
        CodeBlock if you do so manually - but the Executable still won't know about
        it so JS calls to that Executable will still be routed to whatever CodeBlock
        is associated with the Executable.
              
      - Executable::installCode(). This takes a CodeBlock and makes it the code-for-
        entry for that Executable. This involves unlinking the Executable's last
        CodeBlock, if there was one. This also tells the GC about any effect on
        memory usage and does a bunch of weird data structure rewiring, since
        Executable caches some of CodeBlock's fields for the benefit of virtual call
        fast paths.
              
      This functionality is then wrapped around three convenience methods:
              
      - Executable::prepareForExecution(). If there is no code block for that
        Executable, then one is created (newCodeBlock()), compiled
        (CodeBlock::prepareForExecution()) and installed (installCode()).
              
      - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
        can serve as an optimized replacement of the current one.
              
      - CodeBlock::install(). Asks the Executable to install this code block.
              
      This patch allows me to kill *a lot* of code and to remove a lot of
      specializations for functions vs. not-functions, and a lot of places where we
      pass around JITCode references and such. ExecutionHarness and JITDriver are
      both gone. Overall this patch has more red than green.
              
      It also allows me to work on FTL OSR entry and tier-up:
              
      - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
        to do some compilation, but it will require the DFG::Worklist to do
        something different than what JITStubs.cpp would want, once the compilation
        finishes. This patch introduces a callback mechanism for that purpose.
              
      - FTL OSR entry: this will involve creating a special auto-jettisoned
        CodeBlock that is used only for FTL OSR entry. The new set of primitives
        allows for this: Executable can vend you a fresh new CodeBlock, and you can
        ask that CodeBlock to compile itself with any JIT of your choosing. Or you
        can take that CodeBlock and compile it yourself. Previously the act of
        producing a CodeBlock-for-optimization and the act of compiling code for it
        were tightly coupled; now you can separate them and you can create such
        auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::prepareForExecution):
      (JSC::CodeBlock::install):
      (JSC::CodeBlock::newReplacement):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasBaselineJITProfiling):
      * bytecode/DeferredCompilationCallback.cpp: Added.
      (JSC::DeferredCompilationCallback::DeferredCompilationCallback):
      (JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
      * bytecode/DeferredCompilationCallback.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::tryCompile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
      (JSC::DFG::Plan::finalizeAndNotifyCallback):
      * dfg/DFGPlan.h:
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      (JSC::Heap::isDeferred):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Removed.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Added.
      (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::create):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
      * jit/JITToDFGDeferredCompilationCallback.h: Added.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      (JSC::ScriptExecutable::newCodeBlockFor):
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Executable.h:
      (JSC::ScriptExecutable::prepareForExecution):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * runtime/ExecutionHarness.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154804 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4ea262e2
  8. 23 Aug, 2013 1 commit
    • oliver@apple.com's avatar
      Support in memory compression of rarely used data · abcf78c4
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120143
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore:
      
      Include zlib in LD_FLAGS and make UnlinkedCodeBlock make use of CompressibleVector.  This saves ~200k on google maps.
      
      * Configurations/JavaScriptCore.xcconfig:
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
      (JSC::UnlinkedCodeBlock::addExpressionInfo):
      * bytecode/UnlinkedCodeBlock.h:
      
      Source/WTF:
      
      Adds a set of utility functions to wrap the use of zlib over a generic
      type or a Vector<> as well as adding CompressibleVector that wraps
      either a Vector<> or compressed data.
      
      * GNUmakefile.list.am:
      * WTF.pro:
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/CMakeLists.txt:
      * wtf/CheckedArithmetic.h:
      * wtf/Compression.cpp: Added.
      (WTF::zAlloc):
      (WTF::zFree):
      (WTF::GenericCompressedData::create):
      (WTF::GenericCompressedData::decompress):
      * wtf/Compression.h: Added.
      (WTF::GenericCompressedData::compressedSize):
      (WTF::GenericCompressedData::originalSize):
      (WTF::GenericCompressedData::GenericCompressedData):
      (WTF::CompressedVector::create):
      (WTF::CompressedVector::decompress):
      (WTF::CompressedVector::size):
      (WTF::CompressibleVector::CompressibleVector):
      (WTF::CompressibleVector::shrinkToFit):
      (WTF::CompressibleVector::size):
      (WTF::CompressibleVector::operator[]):
      (WTF::CompressibleVector::at):
      (WTF::CompressibleVector::begin):
      (WTF::CompressibleVector::end):
      (WTF::CompressibleVector::data):
      (WTF::CompressibleVector::decompressIfNecessary):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154498 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      abcf78c4
  9. 21 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG should inline new typedArray() · 372fa82b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120022
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Adds inlining of typed array allocations in the DFG. Any operation of the
      form:
              
          new foo(blah)
              
      or:
              
          foo(blah)
              
      where 'foo' is a typed array constructor and 'blah' is exactly one argument,
      is turned into the NewTypedArray intrinsic. Later, of child1 (i.e. 'blah')
      is predicted integer, we generate inline code for an allocation. Otherwise
      it turns into a call to an operation that behaves like the constructor would
      if it was passed one argument (i.e. it may wrap a buffer or it may create a
      copy or another array, or it may allocate an array of that length).
      
      * bytecode/SpeculatedType.cpp:
      (JSC::speculationFromTypedArrayType):
      (JSC::speculationFromClassInfo):
      * bytecode/SpeculatedType.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGBackwardsPropagationPhase.cpp:
      (JSC::DFG::BackwardsPropagationPhase::propagate):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasTypedArrayType):
      (JSC::DFG::Node::typedArrayType):
      * dfg/DFGNodeType.h:
      * dfg/DFGOperations.cpp:
      (JSC::DFG::newTypedArrayWithSize):
      (JSC::DFG::newTypedArrayWithOneArgument):
      * dfg/DFGOperations.h:
      (JSC::DFG::operationNewTypedArrayWithSizeForType):
      (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_object):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_new_object):
      * runtime/JSArray.h:
      (JSC::JSArray::allocationSize):
      * runtime/JSArrayBufferView.h:
      (JSC::JSArrayBufferView::allocationSize):
      * runtime/JSGenericTypedArrayViewConstructorInlines.h:
      (JSC::constructGenericTypedArrayView):
      * runtime/JSObject.h:
      (JSC::JSFinalObject::allocationSize):
      * runtime/TypedArrayType.cpp:
      (JSC::constructorClassInfoForType):
      * runtime/TypedArrayType.h:
      (JSC::indexToTypedArrayType):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/js/regress/Float64Array-alloc-long-lived-expected.txt: Added.
      * fast/js/regress/Float64Array-alloc-long-lived.html: Added.
      * fast/js/regress/Int16Array-alloc-long-lived-expected.txt: Added.
      * fast/js/regress/Int16Array-alloc-long-lived.html: Added.
      * fast/js/regress/Int8Array-alloc-long-lived-expected.txt: Added.
      * fast/js/regress/Int8Array-alloc-long-lived.html: Added.
      * fast/js/regress/script-tests/Float64Array-alloc-long-lived.js: Added.
      * fast/js/regress/script-tests/Int16Array-alloc-long-lived.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js:
      * fast/js/regress/script-tests/Int8Array-alloc-long-lived.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154403 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      372fa82b
  10. 19 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG should inline typedArray.byteOffset · 537a477d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119962
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This adds a new node, GetTypedArrayByteOffset, which inlines
      typedArray.byteOffset.
              
      Also, I improved a bunch of the clobbering logic related to typed arrays
      and clobbering in general. For example, PutByOffset/PutStructure are not
      clobber-world so they can be handled by most default cases in CSE. Also,
      It's better to use the 'Class_field' notation for typed arrays now that
      they no longer involve magical descriptor thingies.
      
      * bytecode/SpeculatedType.h:
      * dfg/DFGAbstractHeap.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGArrayMode.h:
      (JSC::DFG::neverNeedsStorage):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::checkArrayElimination):
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::getTypedArrayByteOffsetLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteLength):
      (JSC::DFG::FixupPhase::convertToGetArrayLength):
      (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset):
      * dfg/DFGNodeType.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGTypeCheckHoistingPhase.cpp:
      (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
      * runtime/ArrayBuffer.h:
      (JSC::ArrayBuffer::offsetOfData):
      * runtime/Butterfly.h:
      (JSC::Butterfly::offsetOfArrayBuffer):
      * runtime/IndexingHeader.h:
      (JSC::IndexingHeader::offsetOfArrayBuffer):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/js/dfg-byteOffset-neuter.html: Added.
      * fast/js/dfg-byteOffset-neuter-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int32Array-byteOffset-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int32Array-byteOffset.html: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int32Array-byteOffset.js: Added.
      * fast/js/script-tests/dfg-byteOffset-neuter.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154305 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      537a477d
  11. 17 Aug, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      <https://webkit.org/b/119919> Concurrent JIT crashes in various fast/js/dfg-*... · fd433bf9
      mhahnenberg@apple.com authored
      <https://webkit.org/b/119919> Concurrent JIT crashes in various fast/js/dfg-* tests while the main thread is setting innerHTML
      
      Reviewed by Filip Pizlo.
      
      Added a new mode for DesiredWriteBarrier that allows it to track a position in a
      Vector of WriteBarriers rather than the specific address. The fact that we were
      arbitrarily storing into a Vector's backing store for constants at the end of
      compilation after the Vector could have resized was causing crashes.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::constants):
      (JSC::CodeBlock::addConstantLazily):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::addConstant):
      * dfg/DFGDesiredWriteBarriers.cpp:
      (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
      (JSC::DFG::DesiredWriteBarrier::trigger):
      (JSC::DFG::initializeLazyWriteBarrierForConstant):
      * dfg/DFGDesiredWriteBarriers.h:
      (JSC::DFG::DesiredWriteBarriers::add):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::truncateConstantToInt32):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::constantRegisterForConstant):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154245 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fd433bf9
  12. 16 Aug, 2013 2 commits
    • fpizlo@apple.com's avatar
      DFG should optimize typedArray.byteLength · c09dc63d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119909
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This adds typedArray.byteLength inlining to the DFG, and does so without changing
      the IR: byteLength is turned into GetArrayLength followed by BitLShift. This is
      legal since the byteLength of a typed array cannot exceed
      numeric_limits<int32_t>::max().
      
      * bytecode/SpeculatedType.cpp:
      (JSC::typedArrayTypeFromSpeculation):
      * bytecode/SpeculatedType.h:
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::toArrayType):
      * dfg/DFGArrayMode.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):
      (JSC::DFG::FixupPhase::attemptToMakeGetByteLength):
      (JSC::DFG::FixupPhase::convertToGetArrayLength):
      (JSC::DFG::FixupPhase::prependGetArrayLength):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::constantRegisterForConstant):
      (JSC::DFG::Graph::convertToConstant):
      * runtime/TypedArrayType.h:
      (JSC::logElementSize):
      (JSC::elementSize):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
              
      Convert two of the tyepd array tests to use byteLength instead of length.
      These tests show speed-ups around 2.5x-5x.
      
      * fast/js/regress/Int16Array-bubble-sort-with-byteLength-expected.txt: Added.
      * fast/js/regress/Int16Array-bubble-sort-with-byteLength.html: Added.
      * fast/js/regress/Int8Array-load-with-byteLength-expected.txt: Added.
      * fast/js/regress/Int8Array-load-with-byteLength.html: Added.
      * fast/js/regress/script-tests/Int16Array-bubble-sort-with-byteLength.js: Added.
      (bubbleSort):
      (myRandom):
      (validateSort):
      * fast/js/regress/script-tests/Int8Array-load-with-byteLength.js: Added.
      (adler32):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154218 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c09dc63d
    • fpizlo@apple.com's avatar
      Object properties added using dot syntax (o.f = ...) from code that isn't in... · 3d42314b
      fpizlo@apple.com authored
      Object properties added using dot syntax (o.f = ...) from code that isn't in eval should be less likely to cause an object to become a dictionary
      https://bugs.webkit.org/show_bug.cgi?id=119897
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      6-10x speed-up on microbenchmarks that create large static objects. 40-65% speed-up
      on Octane/gbemu. 3% overall speed-up on Octane. No slow-downs anywhere; our ability
      to turn objects into dictionaries when you're storing using bracket syntax or using
      eval is still in place.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::putByIdContext):
      * dfg/DFGOperations.cpp:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/JSObject.h:
      (JSC::JSObject::putDirectInternal):
      * runtime/PutPropertySlot.h:
      (JSC::PutPropertySlot::PutPropertySlot):
      (JSC::PutPropertySlot::context):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/js/regress/lots-of-fields-expected.txt: Added.
      * fast/js/regress/lots-of-fields.html: Added.
      * fast/js/regress/script-tests/lots-of-fields.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154199 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3d42314b
  13. 15 Aug, 2013 3 commits
    • mhahnenberg@apple.com's avatar
      <https://webkit.org/b/119833> Concurrent compilation thread should not trigger WriteBarriers · 941ab380
      mhahnenberg@apple.com authored
      Reviewed by Oliver Hunt.
      
      The concurrent compilation thread should interact minimally with the Heap, including not
      triggering WriteBarriers. This is a prerequisite for generational GC.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::addOrFindConstant):
      (JSC::CodeBlock::findConstant):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::addConstantLazily):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getJSConstantForValue):
      (JSC::DFG::ByteCodeParser::constantUndefined):
      (JSC::DFG::ByteCodeParser::constantNull):
      (JSC::DFG::ByteCodeParser::one):
      (JSC::DFG::ByteCodeParser::constantNaN):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCommonData.cpp:
      (JSC::DFG::CommonData::notifyCompilingStructureTransition):
      * dfg/DFGCommonData.h:
      * dfg/DFGDesiredTransitions.cpp: Added.
      (JSC::DFG::DesiredTransition::DesiredTransition):
      (JSC::DFG::DesiredTransition::reallyAdd):
      (JSC::DFG::DesiredTransitions::DesiredTransitions):
      (JSC::DFG::DesiredTransitions::~DesiredTransitions):
      (JSC::DFG::DesiredTransitions::addLazily):
      (JSC::DFG::DesiredTransitions::reallyAdd):
      * dfg/DFGDesiredTransitions.h: Added.
      * dfg/DFGDesiredWeakReferences.cpp: Added.
      (JSC::DFG::DesiredWeakReferences::DesiredWeakReferences):
      (JSC::DFG::DesiredWeakReferences::~DesiredWeakReferences):
      (JSC::DFG::DesiredWeakReferences::addLazily):
      (JSC::DFG::DesiredWeakReferences::reallyAdd):
      * dfg/DFGDesiredWeakReferences.h: Added.
      * dfg/DFGDesiredWriteBarriers.cpp: Added.
      (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
      (JSC::DFG::DesiredWriteBarrier::trigger):
      (JSC::DFG::DesiredWriteBarriers::DesiredWriteBarriers):
      (JSC::DFG::DesiredWriteBarriers::~DesiredWriteBarriers):
      (JSC::DFG::DesiredWriteBarriers::addImpl):
      (JSC::DFG::DesiredWriteBarriers::trigger):
      * dfg/DFGDesiredWriteBarriers.h: Added.
      (JSC::DFG::DesiredWriteBarriers::add):
      (JSC::DFG::initializeLazyWriteBarrier):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::truncateConstantToInt32):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::convertToConstant):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addWeakReference):
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::reallyAdd):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrier::WriteBarrier):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154162 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      941ab380
    • fpizlo@apple.com's avatar
      Typed arrays should be rewritten · 0e0d9312
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119064
      
      .: 
      
      Reviewed by Oliver Hunt.
      
      Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
      
      * Source/autotools/symbols.filter:
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Typed arrays were previously deficient in several major ways:
              
      - They were defined separately in WebCore and in the jsc shell. The two
        implementations were different, and the jsc shell one was basically wrong.
        The WebCore one was quite awful, also.
              
      - Typed arrays were not visible to the JIT except through some weird hooks.
        For example, the JIT could not ask "what is the Structure that this typed
        array would have if I just allocated it from this global object". Also,
        it was difficult to wire any of the typed array intrinsics, because most
        of the functionality wasn't visible anywhere in JSC.
              
      - Typed array allocation was brain-dead. Allocating a typed array involved
        two JS objects, two GC weak handles, and three malloc allocations.
              
      - Neutering. It involved keeping tabs on all native views but not the view
        wrappers, even though the native views can autoneuter just by asking the
        buffer if it was neutered anytime you touch them; while the JS view
        wrappers are the ones that you really want to reach out to.
              
      - Common case-ing. Most typed arrays have one buffer and one view, and
        usually nobody touches the buffer. Yet we created all of that stuff
        anyway, using data structures optimized for the case where you had a lot
        of views.
              
      - Semantic goofs. Typed arrays should, in the future, behave like ES
        features rather than DOM features, for example when it comes to exceptions.
        Firefox already does this and I agree with them.
              
      This patch cleanses our codebase of these sins:
              
      - Typed arrays are almost entirely defined in JSC. Only the lifecycle
        management of native references to buffers is left to WebCore.
              
      - Allocating a typed array requires either two GC allocations (a cell and a
        copied storage vector) or one GC allocation, a malloc allocation, and a
        weak handle (a cell and a malloc'd storage vector, plus a finalizer for the
        latter). The latter is only used for oversize arrays. Remember that before
        it was 7 allocations no matter what.
              
      - Typed arrays require just 4 words of overhead: Structure*, Butterfly*,
        mode/length, void* vector. Before it was a lot more than that - remember,
        there were five additional objects that did absolutely nothing for anybody.
              
      - Native views aren't tracked by the buffer, or by the wrappers. They are
        transient. In the future we'll probably switch to not even having them be
        malloc'd.
              
      - Native array buffers have an efficient way of tracking all of their JS view
        wrappers, both for neutering, and for lifecycle management. The GC
        special-cases native array buffers. This saves a bunch of grief; for example
        it means that a JS view wrapper can refer to its buffer via the butterfly,
        which would be dead by the time we went to finalize.
              
      - Typed array semantics now match Firefox, which also happens to be where the
        standards are going. The discussion on webkit-dev seemed to confirm that
        Chrome is also heading in this direction. This includes making
        Uint8ClampedArray not a subtype of Uint8Array, and getting rid of
        ArrayBufferView as a JS-visible construct.
              
      This is up to a 10x speed-up on programs that allocate a lot of typed arrays.
      It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for
      further typed array optimizations in the JSC JITs, including inlining typed
      array allocation, inlining more of the accessors, reducing the cost of type
      checks, etc.
              
      An additional property of this patch is that typed arrays are mostly
      implemented using templates. This deduplicates a bunch of code, but does mean
      that we need some hacks for exporting s_info's of template classes. See
      JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly
      low-impact compared to code duplication.
              
      Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h: Removed.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ByValInfo.h:
      (JSC::hasOptimizableIndexingForClassInfo):
      (JSC::jitArrayModeForClassInfo):
      (JSC::typedArrayTypeForJITArrayMode):
      * bytecode/SpeculatedType.cpp:
      (JSC::speculationFromClassInfo):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::toTypedArrayType):
      * dfg/DFGArrayMode.h:
      (JSC::DFG::ArrayMode::typedArrayType):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/CopyToken.h:
      * heap/DeferGC.h:
      (JSC::DeferGCForAWhile::DeferGCForAWhile):
      (JSC::DeferGCForAWhile::~DeferGCForAWhile):
      * heap/GCIncomingRefCounted.h: Added.
      (JSC::GCIncomingRefCounted::GCIncomingRefCounted):
      (JSC::GCIncomingRefCounted::~GCIncomingRefCounted):
      (JSC::GCIncomingRefCounted::numberOfIncomingReferences):
      (JSC::GCIncomingRefCounted::incomingReferenceAt):
      (JSC::GCIncomingRefCounted::singletonFlag):
      (JSC::GCIncomingRefCounted::hasVectorOfCells):
      (JSC::GCIncomingRefCounted::hasAnyIncoming):
      (JSC::GCIncomingRefCounted::hasSingleton):
      (JSC::GCIncomingRefCounted::singleton):
      (JSC::GCIncomingRefCounted::vectorOfCells):
      * heap/GCIncomingRefCountedInlines.h: Added.
      (JSC::::addIncomingReference):
      (JSC::::filterIncomingReferences):
      * heap/GCIncomingRefCountedSet.h: Added.
      (JSC::GCIncomingRefCountedSet::size):
      * heap/GCIncomingRefCountedSetInlines.h: Added.
      (JSC::::GCIncomingRefCountedSet):
      (JSC::::~GCIncomingRefCountedSet):
      (JSC::::addReference):
      (JSC::::sweep):
      (JSC::::removeAll):
      (JSC::::removeDead):
      * heap/Heap.cpp:
      (JSC::Heap::addReference):
      (JSC::Heap::extraSize):
      (JSC::Heap::size):
      (JSC::Heap::capacity):
      (JSC::Heap::collect):
      (JSC::Heap::decrementDeferralDepth):
      (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
      * heap/Heap.h:
      * interpreter/CallFrame.h:
      (JSC::ExecState::dataViewTable):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      (JSC::JIT::emitIntTypedArrayGetByVal):
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      (JSC::JIT::emitIntTypedArrayPutByVal):
      (JSC::JIT::emitFloatTypedArrayPutByVal):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * runtime/ArrayBuffer.cpp:
      (JSC::ArrayBuffer::transfer):
      * runtime/ArrayBuffer.h:
      (JSC::ArrayBuffer::createAdopted):
      (JSC::ArrayBuffer::ArrayBuffer):
      (JSC::ArrayBuffer::gcSizeEstimateInBytes):
      (JSC::ArrayBuffer::pin):
      (JSC::ArrayBuffer::unpin):
      (JSC::ArrayBufferContents::tryAllocate):
      * runtime/ArrayBufferView.cpp:
      (JSC::ArrayBufferView::ArrayBufferView):
      (JSC::ArrayBufferView::~ArrayBufferView):
      (JSC::ArrayBufferView::setNeuterable):
      * runtime/ArrayBufferView.h:
      (JSC::ArrayBufferView::isNeutered):
      (JSC::ArrayBufferView::buffer):
      (JSC::ArrayBufferView::baseAddress):
      (JSC::ArrayBufferView::byteOffset):
      (JSC::ArrayBufferView::verifySubRange):
      (JSC::ArrayBufferView::clampOffsetAndNumElements):
      (JSC::ArrayBufferView::calculateOffsetAndLength):
      * runtime/ClassInfo.h:
      * runtime/CommonIdentifiers.h:
      * runtime/DataView.cpp: Added.
      (JSC::DataView::DataView):
      (JSC::DataView::create):
      (JSC::DataView::wrap):
      * runtime/DataView.h: Added.
      (JSC::DataView::byteLength):
      (JSC::DataView::getType):
      (JSC::DataView::get):
      (JSC::DataView::set):
      * runtime/Float32Array.h:
      * runtime/Float64Array.h:
      * runtime/GenericTypedArrayView.h: Added.
      (JSC::GenericTypedArrayView::data):
      (JSC::GenericTypedArrayView::set):
      (JSC::GenericTypedArrayView::setRange):
      (JSC::GenericTypedArrayView::zeroRange):
      (JSC::GenericTypedArrayView::zeroFill):
      (JSC::GenericTypedArrayView::length):
      (JSC::GenericTypedArrayView::byteLength):
      (JSC::GenericTypedArrayView::item):
      (JSC::GenericTypedArrayView::checkInboundData):
      (JSC::GenericTypedArrayView::getType):
      * runtime/GenericTypedArrayViewInlines.h: Added.
      (JSC::::GenericTypedArrayView):
      (JSC::::create):
      (JSC::::createUninitialized):
      (JSC::::subarray):
      (JSC::::wrap):
      * runtime/IndexingHeader.h:
      (JSC::IndexingHeader::arrayBuffer):
      (JSC::IndexingHeader::setArrayBuffer):
      * runtime/Int16Array.h:
      * runtime/Int32Array.h:
      * runtime/Int8Array.h:
      * runtime/JSArrayBuffer.cpp: Added.
      (JSC::JSArrayBuffer::JSArrayBuffer):
      (JSC::JSArrayBuffer::finishCreation):
      (JSC::JSArrayBuffer::create):
      (JSC::JSArrayBuffer::createStructure):
      (JSC::JSArrayBuffer::getOwnPropertySlot):
      (JSC::JSArrayBuffer::getOwnPropertyDescriptor):
      (JSC::JSArrayBuffer::put):
      (JSC::JSArrayBuffer::defineOwnProperty):
      (JSC::JSArrayBuffer::deleteProperty):
      (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):
      * runtime/JSArrayBuffer.h: Added.
      (JSC::JSArrayBuffer::impl):
      (JSC::toArrayBuffer):
      * runtime/JSArrayBufferConstructor.cpp: Added.
      (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor):
      (JSC::JSArrayBufferConstructor::finishCreation):
      (JSC::JSArrayBufferConstructor::create):
      (JSC::JSArrayBufferConstructor::createStructure):
      (JSC::constructArrayBuffer):
      (JSC::JSArrayBufferConstructor::getConstructData):
      (JSC::JSArrayBufferConstructor::getCallData):
      * runtime/JSArrayBufferConstructor.h: Added.
      * runtime/JSArrayBufferPrototype.cpp: Added.
      (JSC::arrayBufferProtoFuncSlice):
      (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype):
      (JSC::JSArrayBufferPrototype::finishCreation):
      (JSC::JSArrayBufferPrototype::create):
      (JSC::JSArrayBufferPrototype::createStructure):
      * runtime/JSArrayBufferPrototype.h: Added.
      * runtime/JSArrayBufferView.cpp: Added.
      (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
      (JSC::JSArrayBufferView::JSArrayBufferView):
      (JSC::JSArrayBufferView::finishCreation):
      (JSC::JSArrayBufferView::getOwnPropertySlot):
      (JSC::JSArrayBufferView::getOwnPropertyDescriptor):
      (JSC::JSArrayBufferView::put):
      (JSC::JSArrayBufferView::defineOwnProperty):
      (JSC::JSArrayBufferView::deleteProperty):
      (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
      (JSC::JSArrayBufferView::finalize):
      * runtime/JSArrayBufferView.h: Added.
      (JSC::JSArrayBufferView::sizeOf):
      (JSC::JSArrayBufferView::ConstructionContext::operator!):
      (JSC::JSArrayBufferView::ConstructionContext::structure):
      (JSC::JSArrayBufferView::ConstructionContext::vector):
      (JSC::JSArrayBufferView::ConstructionContext::length):
      (JSC::JSArrayBufferView::ConstructionContext::mode):
      (JSC::JSArrayBufferView::ConstructionContext::butterfly):
      (JSC::JSArrayBufferView::mode):
      (JSC::JSArrayBufferView::vector):
      (JSC::JSArrayBufferView::length):
      (JSC::JSArrayBufferView::offsetOfVector):
      (JSC::JSArrayBufferView::offsetOfLength):
      (JSC::JSArrayBufferView::offsetOfMode):
      * runtime/JSArrayBufferViewInlines.h: Added.
      (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary):
      (JSC::JSArrayBufferView::buffer):
      (JSC::JSArrayBufferView::impl):
      (JSC::JSArrayBufferView::neuter):
      (JSC::JSArrayBufferView::byteOffset):
      * runtime/JSCell.cpp:
      (JSC::JSCell::slowDownAndWasteMemory):
      (JSC::JSCell::getTypedArrayImpl):
      * runtime/JSCell.h:
      * runtime/JSDataView.cpp: Added.
      (JSC::JSDataView::JSDataView):
      (JSC::JSDataView::create):
      (JSC::JSDataView::createUninitialized):
      (JSC::JSDataView::set):
      (JSC::JSDataView::typedImpl):
      (JSC::JSDataView::getOwnPropertySlot):
      (JSC::JSDataView::getOwnPropertyDescriptor):
      (JSC::JSDataView::slowDownAndWasteMemory):
      (JSC::JSDataView::getTypedArrayImpl):
      (JSC::JSDataView::createStructure):
      * runtime/JSDataView.h: Added.
      * runtime/JSDataViewPrototype.cpp: Added.
      (JSC::JSDataViewPrototype::JSDataViewPrototype):
      (JSC::JSDataViewPrototype::create):
      (JSC::JSDataViewPrototype::createStructure):
      (JSC::JSDataViewPrototype::getOwnPropertySlot):
      (JSC::JSDataViewPrototype::getOwnPropertyDescriptor):
      (JSC::getData):
      (JSC::setData):
      (JSC::dataViewProtoFuncGetInt8):
      (JSC::dataViewProtoFuncGetInt16):
      (JSC::dataViewProtoFuncGetInt32):
      (JSC::dataViewProtoFuncGetUint8):
      (JSC::dataViewProtoFuncGetUint16):
      (JSC::dataViewProtoFuncGetUint32):
      (JSC::dataViewProtoFuncGetFloat32):
      (JSC::dataViewProtoFuncGetFloat64):
      (JSC::dataViewProtoFuncSetInt8):
      (JSC::dataViewProtoFuncSetInt16):
      (JSC::dataViewProtoFuncSetInt32):
      (JSC::dataViewProtoFuncSetUint8):
      (JSC::dataViewProtoFuncSetUint16):
      (JSC::dataViewProtoFuncSetUint32):
      (JSC::dataViewProtoFuncSetFloat32):
      (JSC::dataViewProtoFuncSetFloat64):
      * runtime/JSDataViewPrototype.h: Added.
      * runtime/JSFloat32Array.h: Added.
      * runtime/JSFloat64Array.h: Added.
      * runtime/JSGenericTypedArrayView.h: Added.
      (JSC::JSGenericTypedArrayView::byteLength):
      (JSC::JSGenericTypedArrayView::byteSize):
      (JSC::JSGenericTypedArrayView::typedVector):
      (JSC::JSGenericTypedArrayView::canGetIndexQuickly):
      (JSC::JSGenericTypedArrayView::canSetIndexQuickly):
      (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue):
      (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble):
      (JSC::JSGenericTypedArrayView::getIndexQuickly):
      (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue):
      (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
      (JSC::JSGenericTypedArrayView::setIndexQuickly):
      (JSC::JSGenericTypedArrayView::canAccessRangeQuickly):
      (JSC::JSGenericTypedArrayView::typedImpl):
      (JSC::JSGenericTypedArrayView::createStructure):
      (JSC::JSGenericTypedArrayView::info):
      (JSC::toNativeTypedView):
      * runtime/JSGenericTypedArrayViewConstructor.h: Added.
      * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added.
      (JSC::::JSGenericTypedArrayViewConstructor):
      (JSC::::finishCreation):
      (JSC::::create):
      (JSC::::createStructure):
      (JSC::constructGenericTypedArrayView):
      (JSC::::getConstructData):
      (JSC::::getCallData):
      * runtime/JSGenericTypedArrayViewInlines.h: Added.
      (JSC::::JSGenericTypedArrayView):
      (JSC::::create):
      (JSC::::createUninitialized):
      (JSC::::validateRange):
      (JSC::::setWithSpecificType):
      (JSC::::set):
      (JSC::::getOwnPropertySlot):
      (JSC::::getOwnPropertyDescriptor):
      (JSC::::put):
      (JSC::::defineOwnProperty):
      (JSC::::deleteProperty):
      (JSC::::getOwnPropertySlotByIndex):
      (JSC::::putByIndex):
      (JSC::::deletePropertyByIndex):
      (JSC::::getOwnNonIndexPropertyNames):
      (JSC::::getOwnPropertyNames):
      (JSC::::visitChildren):
      (JSC::::copyBackingStore):
      (JSC::::slowDownAndWasteMemory):
      (JSC::::getTypedArrayImpl):
      * runtime/JSGenericTypedArrayViewPrototype.h: Added.
      * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added.
      (JSC::genericTypedArrayViewProtoFuncSet):
      (JSC::genericTypedArrayViewProtoFuncSubarray):
      (JSC::::JSGenericTypedArrayViewPrototype):
      (JSC::::finishCreation):
      (JSC::::create):
      (JSC::::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::arrayBufferPrototype):
      (JSC::JSGlobalObject::arrayBufferStructure):
      (JSC::JSGlobalObject::typedArrayStructure):
      * runtime/JSInt16Array.h: Added.
      * runtime/JSInt32Array.h: Added.
      * runtime/JSInt8Array.h: Added.
      * runtime/JSTypedArrayConstructors.cpp: Added.
      * runtime/JSTypedArrayConstructors.h: Added.
      * runtime/JSTypedArrayPrototypes.cpp: Added.
      * runtime/JSTypedArrayPrototypes.h: Added.
      * runtime/JSTypedArrays.cpp: Added.
      * runtime/JSTypedArrays.h: Added.
      * runtime/JSUint16Array.h: Added.
      * runtime/JSUint32Array.h: Added.
      * runtime/JSUint8Array.h: Added.
      * runtime/JSUint8ClampedArray.h: Added.
      * runtime/Operations.h:
      * runtime/Options.h:
      * runtime/SimpleTypedArrayController.cpp: Added.
      (JSC::SimpleTypedArrayController::SimpleTypedArrayController):
      (JSC::SimpleTypedArrayController::~SimpleTypedArrayController):
      (JSC::SimpleTypedArrayController::toJS):
      * runtime/SimpleTypedArrayController.h: Added.
      * runtime/Structure.h:
      (JSC::Structure::couldHaveIndexingHeader):
      * runtime/StructureInlines.h:
      (JSC::Structure::hasIndexingHeader):
      * runtime/TypedArrayAdaptors.h: Added.
      (JSC::IntegralTypedArrayAdaptor::toNative):
      (JSC::IntegralTypedArrayAdaptor::toJSValue):
      (JSC::IntegralTypedArrayAdaptor::toDouble):
      (JSC::FloatTypedArrayAdaptor::toNative):
      (JSC::FloatTypedArrayAdaptor::toJSValue):
      (JSC::FloatTypedArrayAdaptor::toDouble):
      (JSC::Uint8ClampedAdaptor::toNative):
      (JSC::Uint8ClampedAdaptor::toJSValue):
      (JSC::Uint8ClampedAdaptor::toDouble):
      (JSC::Uint8ClampedAdaptor::clamp):
      * runtime/TypedArrayController.cpp: Added.
      (JSC::TypedArrayController::TypedArrayController):
      (JSC::TypedArrayController::~TypedArrayController):
      * runtime/TypedArrayController.h: Added.
      * runtime/TypedArrayDescriptor.h: Removed.
      * runtime/TypedArrayInlines.h: Added.
      * runtime/TypedArrayType.cpp: Added.
      (JSC::classInfoForType):
      (WTF::printInternal):
      * runtime/TypedArrayType.h: Added.
      (JSC::toIndex):
      (JSC::isTypedView):
      (JSC::elementSize):
      (JSC::isInt):
      (JSC::isFloat):
      (JSC::isSigned):
      (JSC::isClamped):
      * runtime/TypedArrays.h: Added.
      * runtime/Uint16Array.h:
      * runtime/Uint32Array.h:
      * runtime/Uint8Array.h:
      * runtime/Uint8ClampedArray.h:
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::VM::~VM):
      * runtime/VM.h:
      
      Source/WebCore: 
      
      Reviewed by Oliver Hunt.
      
      Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a
      client of them. There is only one layering violation: WebCore installs a
      WebCoreTypedArrayController on VM, which makes the
      ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default,
      JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer
      alive but if ArrayBuffer is kept alive from native code then the
      JSArrayByffer may die. WebCoreTypedArrayController will keep the
      JSArrayBuffer alive if the ArrayBuffer is in the opaque root set.
              
      To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is
      changed to make most references to wrappers refer to JSObject* rather than
      JSDOMWrapper*.
              
      Array buffer views are now transient; the JS array buffer view wrappers
      don't own them or keep them alive. This required a bunch of changes to make
      bindings code use RefPtr<ArrayBufferView> to hold onto their views.
              
      Also there is a bunch of new code to make JSC-provided array buffers and
      views obey the toJS/to<ClassName> idiom for wrapping and unwrapping.
              
      Finally, the DataView API is now completely different: the JSDataView
      provides the same user-visible JS API but using its own internal magic; the
      C++ code that uses DataView now uses a rather different API that is not
      aware of usual DOM semantics, since it's in JSC and not WebCore. It's
      equally useful for all of WebCore's purposes, but some code had to change
      to adapt the new conventions.
              
      Some tests have been changed or rebased due to changes in behavior, that
      bring us into conformance with where the standards are going and allow us to
      match Firefox behavior.
      
      Automake work and some additional GTK changes courtesy of
      Zan Dobersek <zdobersek@igalia.com>.
              
      Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * ForwardingHeaders/runtime/DataView.h: Added.
      * ForwardingHeaders/runtime/JSArrayBuffer.h: Added.
      * ForwardingHeaders/runtime/JSArrayBufferView.h: Added.
      * ForwardingHeaders/runtime/JSDataView.h: Added.
      * ForwardingHeaders/runtime/JSTypedArrays.h: Added.
      * ForwardingHeaders/runtime/TypedArrayController.h: Added.
      * ForwardingHeaders/runtime/TypedArrayInlines.h: Added.
      * ForwardingHeaders/runtime/TypedArrays.h: Added.
      * GNUmakefile.list.am:
      * Modules/webaudio/RealtimeAnalyser.h:
      * Target.pri:
      * UseJSC.cmake:
      * WebCore.exp.in:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.xcodeproj/project.pbxproj:
      * bindings/js/DOMWrapperWorld.h:
      * bindings/js/JSArrayBufferCustom.cpp: Removed.
      * bindings/js/JSArrayBufferViewHelper.h: Removed.
      * bindings/js/JSAudioContextCustom.cpp:
      * bindings/js/JSBindingsAllInOne.cpp:
      * bindings/js/JSBlobCustom.cpp:
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSCSSValueCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSCryptoCustom.cpp:
      (WebCore::JSCrypto::getRandomValues):
      * bindings/js/JSDOMBinding.h:
      (WebCore::wrapperOwner):
      (WebCore::wrapperContext):
      (WebCore::getInlineCachedWrapper):
      (WebCore::setInlineCachedWrapper):
      (WebCore::clearInlineCachedWrapper):
      (WebCore::getCachedWrapper):
      (WebCore::cacheWrapper):
      (WebCore::uncacheWrapper):
      (WebCore::wrap):
      (WebCore::toJS):
      (WebCore::toArrayBufferView):
      (WebCore::toInt8Array):
      (WebCore::toInt16Array):
      (WebCore::toInt32Array):
      (WebCore::toUint8Array):
      (WebCore::toUint8ClampedArray):
      (WebCore::toUint16Array):
      (WebCore::toUint32Array):
      (WebCore::toFloat32Array):
      (WebCore::toFloat64Array):
      (WebCore::toDataView):
      * bindings/js/JSDataViewCustom.cpp: Removed.
      * bindings/js/JSDictionary.cpp:
      * bindings/js/JSDictionary.h:
      * bindings/js/JSDocumentCustom.cpp:
      (WebCore::JSDocument::location):
      (WebCore::toJS):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSFileReaderCustom.cpp:
      * bindings/js/JSHTMLCollectionCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSHTMLTemplateElementCustom.cpp:
      (WebCore::JSHTMLTemplateElement::content):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      * bindings/js/JSMessageEventCustom.cpp:
      * bindings/js/JSMessagePortCustom.cpp:
      * bindings/js/JSSVGPathSegCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSTrackCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::SerializedScriptValue::transferArrayBuffers):
      * bindings/js/WebCoreJSClientData.h:
      (WebCore::initNormalWorldClientData):
      * bindings/js/WebCoreTypedArrayController.cpp: Added.
      (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController):
      (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController):
      (WebCore::WebCoreTypedArrayController::toJS):
      (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
      (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
      * bindings/js/WebCoreTypedArrayController.h: Added.
      (WebCore::WebCoreTypedArrayController::wrapperOwner):
      * bindings/scripts/CodeGenerator.pm:
      (ForAllParents):
      (ParseInterface):
      (SkipIncludeHeader):
      (IsTypedArrayType):
      (IsWrapperType):
      * bindings/scripts/CodeGeneratorJS.pm:
      (AddIncludesForType):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateParametersCheck):
      (GetNativeType):
      (JSValueToNative):
      (NativeToJSValue):
      (GenerateConstructorDefinition):
      (GenerateConstructorHelperMethods):
      * fileapi/WebKitBlobBuilder.cpp:
      (WebCore::BlobBuilder::append):
      * fileapi/WebKitBlobBuilder.h:
      * html/canvas/ArrayBuffer.idl: Removed.
      * html/canvas/ArrayBufferView.idl: Removed.
      * html/canvas/DataView.cpp: Removed.
      * html/canvas/DataView.h: Removed.
      * html/canvas/DataView.idl: Removed.
      * html/canvas/Float32Array.idl: Removed.
      * html/canvas/Float64Array.idl: Removed.
      * html/canvas/Int16Array.idl: Removed.
      * html/canvas/Int32Array.idl: Removed.
      * html/canvas/Int8Array.idl: Removed.
      * html/canvas/Uint16Array.idl: Removed.
      * html/canvas/Uint32Array.idl: Removed.
      * html/canvas/Uint8Array.idl: Removed.
      * html/canvas/Uint8ClampedArray.idl: Removed.
      * html/canvas/WebGLRenderingContext.cpp:
      (WebCore::WebGLRenderingContext::readPixels):
      (WebCore::WebGLRenderingContext::validateTexFuncData):
      * page/Crypto.cpp:
      * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
      (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource):
      (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData):
      * platform/graphics/filters/FECustomFilter.h:
      * platform/graphics/filters/FEGaussianBlur.cpp:
      * platform/graphics/filters/FilterEffect.cpp:
      * testing/MockCDM.cpp:
      
      Source/WebKit2: 
      
      Reviewed by Oliver Hunt.
              
      You don't need to include JSUint8Array anymore if you just want to
      unwrap one; JSDOMBinding gives you all of the things you need.
      
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
              
      - Added the notion of a reference counted object that can be marked Deferred,
        which is like a special-purpose upref.
              
      - Added a common byte flipper.
      
      Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
      
      * GNUmakefile.list.am:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/DeferrableRefCounted.h: Added.
      (WTF::DeferrableRefCountedBase::ref):
      (WTF::DeferrableRefCountedBase::hasOneRef):
      (WTF::DeferrableRefCountedBase::refCount):
      (WTF::DeferrableRefCountedBase::isDeferred):
      (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase):
      (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase):
      (WTF::DeferrableRefCountedBase::derefBase):
      (WTF::DeferrableRefCountedBase::setIsDeferredBase):
      (WTF::DeferrableRefCounted::deref):
      (WTF::DeferrableRefCounted::setIsDeferred):
      (WTF::DeferrableRefCounted::DeferrableRefCounted):
      (WTF::DeferrableRefCounted::~DeferrableRefCounted):
      * wtf/FlipBytes.h: Added.
      (WTF::needToFlipBytesIfLittleEndian):
      (WTF::flipBytes):
      (WTF::flipBytesIfLittleEndian):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/canvas/webgl/array-set-invalid-arguments-expected.txt:
      * fast/canvas/webgl/array-set-out-of-bounds-expected.txt:
      * fast/canvas/webgl/array-unit-tests-expected.txt:
      * fast/canvas/webgl/array-unit-tests.html:
      * fast/canvas/webgl/data-view-crash-expected.txt:
      * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js:
      (checkView):
      * fast/dom/call-a-constructor-as-a-function-expected.txt:
      * fast/dom/call-a-constructor-as-a-function.html:
      * fast/js/constructor-length.html:
      * fast/js/global-constructors-attributes-dedicated-worker-expected.txt:
      * fast/js/global-constructors-attributes-expected.txt:
      * fast/js/global-constructors-attributes-shared-worker-expected.txt:
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added.
      * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added.
      * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added.
      * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added.
      * fast/js/regress/Int32Array-alloc-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added.
      * fast/js/regress/Int32Array-alloc-huge.html: Added.
      * fast/js/regress/Int32Array-alloc-large-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added.
      * fast/js/regress/Int32Array-alloc-large.html: Added.
      * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added.
      * fast/js/regress/Int32Array-alloc-long-lived.html: Added.
      * fast/js/regress/Int32Array-alloc.html: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added.
      * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added.
      * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added.
      * fast/js/regress/script-tests/Int32Array-alloc.js: Added.
      * platform/mac/fast/js/constructor-length-expected.txt:
      * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html:
      * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e0d9312
    • oliver@apple.com's avatar
      <https://webkit.org/b/119830> Assigning to a readonly global results in DFG byte code parse failure · 0053edb3
      oliver@apple.com authored
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      Make sure dfgCapabilities doesn't report a Dynamic put as
      being compilable when we don't actually support it.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      
      LayoutTests:
      
      Add a test
      
      * fast/js/dfg-put-to-readonly-property-expected.txt: Added.
      * fast/js/dfg-put-to-readonly-property.html: Added.
      * fast/js/script-tests/dfg-put-to-readonly-property.js: Added.
      (foo):
      (bar):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154120 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0053edb3
  14. 13 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      Foo::s_info should be Foo::info(), so that you can change how the s_info is actually linked · 10ae2d0d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119770
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      * API/JSCallbackFunction.h:
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::visitChildren):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::asCallbackObject):
      (JSC::::finishCreation):
      * API/JSObjectRef.cpp:
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp:
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp:
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * JSCTypedArrayStubs.h:
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::CallLinkStatus):
      (JSC::CallLinkStatus::function):
      (JSC::CallLinkStatus::internalFunction):
      * bytecode/CodeBlock.h:
      (JSC::baselineCodeBlockForInlineCallFrame):
      * bytecode/SpeculatedType.cpp:
      (JSC::speculationFromClassInfo):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedFunctionExecutable::visitChildren):
      (JSC::UnlinkedCodeBlock::visitChildren):
      (JSC::UnlinkedProgramCodeBlock::visitChildren):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * debugger/Debugger.cpp:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::createStructure):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::functionName):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::isInternalFunctionConstant):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileNewStringObject):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::virtualForThunkGenerator):
      * interpreter/Interpreter.cpp:
      (JSC::loadVarargs):
      * jsc.cpp:
      (GlobalObject::createStructure):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::createCallIdentifier):
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      * runtime/Arguments.h:
      (JSC::Arguments::createStructure):
      (JSC::asArguments):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::arrayConstructorIsArray):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncConcat):
      (JSC::attemptFastSort):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (JSC::BooleanObject::createStructure):
      (JSC::asBooleanObject):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      (JSC::booleanProtoFuncValueOf):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::finishCreation):
      * runtime/DateInstance.h:
      (JSC::DateInstance::createStructure):
      (JSC::asDateInstance):
      * runtime/DatePrototype.cpp:
      (JSC::formateDateInstance):
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncToISOString):
      (JSC::dateProtoFuncToLocaleString):
      (JSC::dateProtoFuncToLocaleDateString):
      (JSC::dateProtoFuncToLocaleTimeString):
      (JSC::dateProtoFuncGetTime):
      (JSC::dateProtoFuncGetFullYear):
      (JSC::dateProtoFuncGetUTCFullYear):
      (JSC::dateProtoFuncGetMonth):
      (JSC::dateProtoFuncGetUTCMonth):
      (JSC::dateProtoFuncGetDate):
      (JSC::dateProtoFuncGetUTCDate):
      (JSC::dateProtoFuncGetDay):
      (JSC::dateProtoFuncGetUTCDay):
      (JSC::dateProtoFuncGetHours):
      (JSC::dateProtoFuncGetUTCHours):
      (JSC::dateProtoFuncGetMinutes):
      (JSC::dateProtoFuncGetUTCMinutes):
      (JSC::dateProtoFuncGetSeconds):
      (JSC::dateProtoFuncGetUTCSeconds):
      (JSC::dateProtoFuncGetMilliSeconds):
      (JSC::dateProtoFuncGetUTCMilliseconds):
      (JSC::dateProtoFuncGetTimezoneOffset):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncGetYear):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::isTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      (JSC::ExecutableBase::hashFor):
      * runtime/Executable.h:
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::createStructure):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::createStructure):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncToString):
      (JSC::functionProtoFuncApply):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::createStructure):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (JSC::asInternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSC::JSActivation::createStructure):
      (JSC::asActivation):
      * runtime/JSArray.h:
      (JSC::JSArray::createStructure):
      (JSC::asArray):
      (JSC::isJSArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::finishCreation):
      (JSC::JSBoundFunction::visitChildren):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::dumpInContext):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::isFunction):
      * runtime/JSCell.h:
      (JSC::jsCast):
      (JSC::jsDynamicCast):
      * runtime/JSCellInlines.h:
      (JSC::allocateCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::visitChildren):
      (JSC::skipOverBoundFunctions):
      (JSC::JSFunction::callerGetter):
      * runtime/JSFunction.h:
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      (JSC::slowValidateCell):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::createStructure):
      * runtime/JSNameScope.cpp:
      (JSC::JSNameScope::visitChildren):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::finishCreation):
      (JSC::unwrapBoxedPrimitive):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::getCallableObjectSlow):
      (JSC::JSObject::visitChildren):
      (JSC::JSObject::copyBackingStore):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSFinalObject::createStructure):
      (JSC::isJSFinalObject):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::visitChildren):
      * runtime/JSProxy.h:
      (JSC::JSProxy::createStructure):
      * runtime/JSScope.cpp:
      (JSC::JSScope::visitChildren):
      * runtime/JSSegmentedVariableObject.cpp:
      (JSC::JSSegmentedVariableObject::visitChildren):
      * runtime/JSString.h:
      (JSC::JSString::createStructure):
      (JSC::isJSString):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::visitChildren):
      * runtime/JSVariableObject.h:
      * runtime/JSWithScope.cpp:
      (JSC::JSWithScope::visitChildren):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::createStructure):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/JSWrapperObject.h:
      (JSC::JSWrapperObject::createStructure):
      * runtime/MathObject.cpp:
      (JSC::MathObject::finishCreation):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::finishCreation):
      (JSC::privateNameProtoFuncToString):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::finishCreation):
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::finishCreation):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::createStructure):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::visitChildren):
      * runtime/RegExp.h:
      (JSC::RegExp::createStructure):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::finishCreation):
      (JSC::RegExpConstructor::visitChildren):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (JSC::asRegExpConstructor):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::visitChildren):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::visitChildren):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::createStructure):
      (JSC::asRegExpObject):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncTest):
      (JSC::regExpProtoFuncExec):
      (JSC::regExpProtoFuncCompile):
      (JSC::regExpProtoFuncToString):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::createStructure):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::finishCreation):
      * runtime/StringObject.h:
      (JSC::StringObject::createStructure):
      (JSC::asStringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::finishCreation):
      (JSC::stringProtoFuncReplace):
      (JSC::stringProtoFuncToString):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::get):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::typeInfo):
      (JSC::Structure::previousID):
      (JSC::Structure::outOfLineSize):
      (JSC::Structure::totalStorageCapacity):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      (JSC::StructureChain::createStructure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::visitChildren):
      * runtime/StructureRareData.h:
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::createStructure):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::StackPreservingRecompiler::operator()):
      (JSC::VM::releaseExecutableMemory):
      * runtime/WriteBarrier.h:
      (JSC::validateCell):
      * testRegExp.cpp:
      (GlobalObject::createStructure):
      
      Source/WebCore: 
      
      No new tests because no new behavior.
      
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::createIDBKeyFromValue):
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioTrackCustom.cpp:
      (WebCore::JSAudioTrack::visitChildren):
      * bindings/js/JSAudioTrackListCustom.cpp:
      (WebCore::JSAudioTrackList::visitChildren):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertyNames):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::toHTMLCanvasStyle):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::valueToDate):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::getDOMStructure):
      (WebCore::toRefPtrNativeArray):
      (WebCore::getStaticValueSlotEntryWithoutCaching):
      * bindings/js/JSDOMFormDataCustom.cpp:
      (WebCore::toHTMLFormElement):
      (WebCore::JSDOMFormData::append):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::finishCreation):
      (WebCore::JSDOMGlobalObject::scriptExecutionContext):
      (WebCore::JSDOMGlobalObject::visitChildren):
      * bindings/js/JSDOMGlobalObject.h:
      (WebCore::JSDOMGlobalObject::info):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::toJSDOMWindow):
      * bindings/js/JSDOMWindowBase.h:
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::toDOMWindow):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::finishCreation):
      * bindings/js/JSDOMWindowShell.h:
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSEventTargetCustom.cpp:
      (WebCore::toEventTarget):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::getOwnPropertySlotDelegate):
      (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::JSInjectedScriptHost::isHTMLAllCollection):
      (WebCore::JSInjectedScriptHost::type):
      (WebCore::JSInjectedScriptHost::functionDetails):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::getOwnPropertySlotDelegate):
      (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
      (WebCore::JSLocation::putDelegate):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::pushEventHandlerScope):
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      (WebCore::toNodeFilter):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore::pluginElementCustomGetOwnPropertySlot):
      (WebCore::pluginElementCustomGetOwnPropertyDescriptor):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTextTrackCueCustom.cpp:
      (WebCore::JSTextTrackCue::visitChildren):
      * bindings/js/JSTextTrackCustom.cpp:
      (WebCore::JSTextTrack::visitChildren):
      * bindings/js/JSTextTrackListCustom.cpp:
      (WebCore::JSTextTrackList::visitChildren):
      * bindings/js/JSTrackCustom.cpp:
      (WebCore::toTrack):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSVideoTrackCustom.cpp:
      (WebCore::JSVideoTrack::visitChildren):
      * bindings/js/JSVideoTrackListCustom.cpp:
      (WebCore::JSVideoTrackList::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      (WebCore::JSWebGLRenderingContext::getAttachedShaders):
      (WebCore::JSWebGLRenderingContext::getProgramParameter):
      (WebCore::JSWebGLRenderingContext::getShaderParameter):
      (WebCore::JSWebGLRenderingContext::getUniform):
      (WebCore::dataFunctionf):
      (WebCore::dataFunctioni):
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSWorkerGlobalScopeBase.cpp:
      (WebCore::JSWorkerGlobalScopeBase::finishCreation):
      (WebCore::toJSDedicatedWorkerGlobalScope):
      (WebCore::toJSSharedWorkerGlobalScope):
      * bindings/js/JSWorkerGlobalScopeBase.h:
      (WebCore::JSWorkerGlobalScopeBase::createStructure):
      * bindings/js/JSWorkerGlobalScopeCustom.cpp:
      (WebCore::JSWorkerGlobalScope::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptState.cpp:
      (WebCore::domWindowFromScriptState):
      (WebCore::scriptExecutionContextFromScriptState):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::isArray):
      (WebCore::CloneSerializer::dumpArrayBufferView):
      (WebCore::CloneSerializer::dumpIfTerminal):
      (WebCore::CloneSerializer::serialize):
      (WebCore::CloneDeserializer::CloneDeserializer):
      (WebCore::CloneDeserializer::readArrayBufferView):
      * bindings/objc/DOM.mm:
      (+[DOMNode _nodeFromJSWrapper:]):
      * bindings/objc/DOMUtility.mm:
      (JSC::createDOMWrapper):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertySlotBody):
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateParametersCheckExpression):
      (GenerateImplementation):
      (GenerateParametersCheck):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::getOwnPropertySlot):
      (WebCore::JSFloat64Array::getOwnPropertyDescriptor):
      (WebCore::JSFloat64Array::getOwnPropertySlotByIndex):
      (WebCore::JSFloat64Array::put):
      (WebCore::JSFloat64Array::putByIndex):
      (WebCore::JSFloat64Array::getOwnPropertyNames):
      (WebCore::jsFloat64ArrayPrototypeFunctionFoo):
      (WebCore::jsFloat64ArrayPrototypeFunctionSet):
      (WebCore::JSFloat64Array::getByIndex):
      (WebCore::toFloat64Array):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::createStructure):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::getOwnPropertySlot):
      (WebCore::JSTestActiveDOMObject::getOwnPropertyDescriptor):
      (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):
      (WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage):
      (WebCore::toTestActiveDOMObject):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertySlot):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertyDescriptor):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertySlotByIndex):
      (WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction):
      (WebCore::toTestCustomNamedGetter):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::getOwnPropertySlot):
      (WebCore::JSTestEventConstructor::getOwnPropertyDescriptor):
      (WebCore::toTestEventConstructor):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::createStructure):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::getOwnPropertySlot):
      (WebCore::JSTestEventTarget::getOwnPropertyDescriptor):
      (WebCore::JSTestEventTarget::getOwnPropertySlotByIndex):
      (WebCore::JSTestEventTarget::getOwnPropertyNames):
      (WebCore::jsTestEventTargetPrototypeFunctionItem):
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
      (WebCore::JSTestEventTarget::visitChildren):
      (WebCore::JSTestEventTarget::indexGetter):
      (WebCore::toTestEventTarget):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::createStructure):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::getOwnPropertySlot):
      (WebCore::JSTestException::getOwnPropertyDescriptor):
      (WebCore::toTestException):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::createStructure):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::getOwnPropertySlot):
      (WebCore::JSTestInterface::getOwnPropertyDescriptor):
      (WebCore::JSTestInterface::put):
      (WebCore::JSTestInterface::putByIndex):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod1):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod3):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod3):
      (WebCore::toTestInterface):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::createStructure):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertySlot):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertyDescriptor):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      (WebCore::toTestMediaQueryListListener):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::getOwnPropertySlot):
      (WebCore::JSTestNamedConstructor::getOwnPropertyDescriptor):
      (WebCore::toTestNamedConstructor):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::getOwnPropertySlot):
      (WebCore::JSTestNode::getOwnPropertyDescriptor):
      (WebCore::JSTestNode::visitChildren):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::createStructure):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::getOwnPropertySlot):
      (WebCore::JSTestObj::getOwnPropertyDescriptor):
      (WebCore::JSTestObj::put):
      (WebCore::jsTestObjPrototypeFunctionVoidMethod):
      (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionByteMethod):
      (WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionOctetMethod):
      (WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionLongMethod):
      (WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionObjMethod):
      (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg):
      (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
      (WebCore::jsTestObjPrototypeFunctionMethodWithEnumArg):
      (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
      (WebCore::jsTestObjPrototypeFunctionSerializedValue):
      (WebCore::jsTestObjPrototypeFunctionOptionsObject):
      (WebCore::jsTestObjPrototypeFunctionMethodWithException):
      (WebCore::jsTestObjPrototypeFunctionCustomMethod):
      (WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoid):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
      (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalString):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsUndefined):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNullString):
      (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackAndOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod2):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod3):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod):
      (WebCore::jsTestObjPrototypeFunctionClassMethodWithClamp):
      (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
      (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
      (WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
      (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
      (WebCore::jsTestObjPrototypeFunctionConvert1):
      (WebCore::jsTestObjPrototypeFunctionConvert2):
      (WebCore::jsTestObjPrototypeFunctionConvert4):
      (WebCore::jsTestObjPrototypeFunctionConvert5):
      (WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
      (WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
      (WebCore::jsTestObjPrototypeFunctionOrange):
      (WebCore::jsTestObjPrototypeFunctionStrictFunction):
      (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
      (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
      (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
      (WebCore::JSTestObj::visitChildren):
      (WebCore::toTestObj):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::createStructure):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::constructJSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::getOwnPropertySlot):
      (WebCore::JSTestOverloadedConstructors::getOwnPropertyDescriptor):
      (WebCore::toTestOverloadedConstructors):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertySlot):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertyDescriptor):
      (WebCore::JSTestSerializedScriptValueInterface::put):
      (WebCore::JSTestSerializedScriptValueInterface::visitChildren):
      (WebCore::toTestSerializedScriptValueInterface):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::getOwnPropertySlot):
      (WebCore::JSTestTypedefs::getOwnPropertyDescriptor):
      (WebCore::JSTestTypedefs::put):
      (WebCore::jsTestTypedefsPrototypeFunctionFunc):
      (WebCore::jsTestTypedefsPrototypeFunctionSetShadow):
      (WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
      (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
      (WebCore::jsTestTypedefsPrototypeFunctionFuncWithClamp):
      (WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
      (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
      (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
      (WebCore::jsTestTypedefsPrototypeFunctionMethodWithException):
      (WebCore::toTestTypedefs):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::createStructure):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.cpp:
      (JSC::Bindings::CRuntimeObject::finishCreation):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      (JSC::Bindings::CInstance::invokeMethod):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::finishCreation):
      (ObjcInstance::invokeMethod):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      (JSC::Bindings::callObjCFallbackObject):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::getInstance):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::assignToHTMLImageElement):
      (JSC::Bindings::QtPixmapRuntime::toQt):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::isJSUint8Array):
      (JSC::Bindings::isJSArray):
      (JSC::Bindings::isJSDate):
      (JSC::Bindings::isQtObject):
      (JSC::Bindings::unwrapBoxedPrimitive):
      (JSC::Bindings::convertQVariantToValue):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      (JSC::callRuntimeMethod):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::createStructure):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::finishCreation):
      (JSC::Bindings::callRuntimeObject):
      (JSC::Bindings::callRuntimeConstructor):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::getObjectID):
      (WebKit::NetscapePluginInstanceProxy::retainLocalObject):
      (WebKit::NetscapePluginInstanceProxy::releaseLocalObject):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::invokeMethod):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::createStructure):
      * WebView/WebView.mm:
      (aeDescFromJSValue):
      
      Source/WebKit/qt: 
      
      * Api/qwebelement.cpp:
      (convertJSValueToWebElementVariant):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (convertJSValueToNodeVariant):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10ae2d0d
  15. 12 Aug, 2013 3 commits
    • oliver@apple.com's avatar
      Remove CodeBlock's notion of adding identifiers entirely · b4345037
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119708
      
      Reviewed by Geoffrey Garen.
      
      Remove addAdditionalIdentifier entirely, including the bogus assertion.
      Move the addition of identifiers to DFGPlan::reallyAdd
      
      * bytecode/CodeBlock.h:
      * dfg/DFGDesiredIdentifiers.cpp:
      (JSC::DFG::DesiredIdentifiers::reallyAdd):
      * dfg/DFGDesiredIdentifiers.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::reallyAdd):
      (JSC::DFG::Plan::finalize):
      * dfg/DFGPlan.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153967 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b4345037
    • oliver@apple.com's avatar
      Move additionalIdentifiers into DFGCommonData as only the optimising JITs use them · 7a432c90
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119705
      
      Reviewed by Geoffrey Garen.
      
      Relatively trivial refactoring
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::numberOfAdditionalIdentifiers):
      (JSC::CodeBlock::addAdditionalIdentifier):
      (JSC::CodeBlock::identifier):
      (JSC::CodeBlock::numberOfIdentifiers):
      * dfg/DFGCommonData.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153963 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7a432c90
    • oliver@apple.com's avatar
      Stop making unnecessary copy of CodeBlock Identifier Vector · 9b652768
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119702
      
      Reviewed by Michael Saboff.
      
      Make CodeBlock simply use a separate Vector for additional Identifiers
      and use the UnlinkedCodeBlock for the initial set of identifiers.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::dumpStructure):
      (JSC::dumpChain):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::printPutByIdOp):
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::numberOfIdentifiers):
      (JSC::CodeBlock::numberOfAdditionalIdentifiers):
      (JSC::CodeBlock::addAdditionalIdentifier):
      (JSC::CodeBlock::identifier):
      * dfg/DFGDesiredIdentifiers.cpp:
      (JSC::DFG::DesiredIdentifiers::reallyAdd):
      * jit/JIT.h:
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emitSlow_op_get_arguments_length):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::compileGetByIdSlowCase):
      (JSC::JIT::emitSlow_op_put_by_id):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::compileGetByIdSlowCase):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153962 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9b652768
  16. 06 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG FixupPhase should insert Int32ToDouble nodes for number uses in NewArray,... · ed63054a
      fpizlo@apple.com authored
      DFG FixupPhase should insert Int32ToDouble nodes for number uses in NewArray, and SpeculativeJIT 64-bit should not try to coerce integer constants to double constants
      https://bugs.webkit.org/show_bug.cgi?id=119528
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Either of the two fixes would solve the crash I saw. Basically, for best performance, we want the DFG register allocator to track double uses and non-double
      uses of a node separately, and we accomplish this by inserting Int32ToDouble nodes in the FixupPhase. But even if FixupPhase fails to do this, we still want
      the DFG register allocator to do the right thing: if it encounters a double use of an integer, it should perform a conversion and preserve the original
      format of the value (namely, that it was an integer). For constants, the best format to preserve is None, so that future integer uses rematerialize the int
      from scratch. This only affects the 64-bit backend; the 32-bit backend was already doing the right thing.
      
      This also fixes some more debug dumping code, and adds some stronger assertions for integer arrays.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::finalizeUnconditionally):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      * runtime/JSObject.h:
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      
      LayoutTests: 
      
      * fast/js/dfg-new-array-double-const-then-int-const.html: Added.
      * fast/js/dfg-new-array-double-const-then-int-const-expected.txt: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-new-array-double-const-then-int-const.js: Added.
      (bar):
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153778 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ed63054a
  17. 02 Aug, 2013 1 commit
  18. 30 Jul, 2013 1 commit
    • carlosgc@webkit.org's avatar
      Unreviewed. Fix make distcheck. · 13f6daf2
      carlosgc@webkit.org authored
      Source/JavaScriptCore:
      
      * GNUmakefile.list.am: Add missing files to compilation.
      * bytecode/CodeBlock.cpp: Add a ENABLE(FTL_JIT) #if block to
      include FTL header files not included in the compilation.
      * dfg/DFGDriver.cpp: Ditto.
      * dfg/DFGPlan.cpp: Ditto.
      
      Source/ThirdParty/ANGLE:
      
      * GNUmakefile.am: Add missing header files to compilation.
      
      Source/WebCore:
      
      * GNUmakefile.list.am: Add missing header file to compilation.
      
      Source/WebKit2:
      
      * GNUmakefile.list.am: Add missing header file to compilation.
      
      Source/WTF:
      
      * GNUmakefile.list.am: Add missing files to compilation.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153460 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      13f6daf2
  19. 26 Jul, 2013 1 commit
    • fpizlo@apple.com's avatar
      REGRESSION: Crash when opening a message on Gmail · b61a0434
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119105
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt and Mark Hahnenberg.
              
      - GetById patching in the DFG needs to be more disciplined about how it derives the
        slow path.
              
      - Fix some dumping code thread safety issues.
      
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::dump):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::getPolymorphicStructureList):
      (JSC::DFG::tryBuildGetByIDList):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt and Mark Hahnenberg.
      
      * fast/js/dfg-get-by-id-unset-then-proto-less-warmup.html: Added.
      * fast/js/dfg-get-by-id-unset-then-proto-more-warmup.html: Added.
      * fast/js/dfg-get-by-id-unset-then-proto.html: Added.
      * fast/js/jsc-test-list
      * fast/js/script-tests/dfg-get-by-id-unset-then-proto-less-warmup.js: Added.
      (foo):
      (Blah):
      * fast/js/script-tests/dfg-get-by-id-unset-then-proto-more-warmup.js: Added.
      (foo):
      (Blah):
      * fast/js/script-tests/dfg-get-by-id-unset-then-proto.js: Added.
      (foo):
      (Blah):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153381 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b61a0434
  20. 25 Jul, 2013 4 commits
  21. 24 Jul, 2013 5 commits
    • oliver@apple.com's avatar
      fourthTier: DFG IR dumps should be easier to read · 237b1464
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119050
      
      Source/JavaScriptCore:
      
      Reviewed by Mark Hahnenberg.
      
      Added a DumpContext that includes support for printing an endnote
      that describes all structures in full, while the main flow of the
      dump just uses made-up names for the structures. This is helpful
      since Structure::dump() may print a lot. The stuff it prints is
      useful, but if it's all inline with the surrounding thing you're
      dumping (often, a node in the DFG), then you get a ridiculously
      long print-out. All classes that dump structures (including
      Structure itself) now have dumpInContext() methods that use
      inContext() for dumping anything that might transitively print a
      structure. If Structure::dumpInContext() is called with a NULL
      context, it just uses dump() like before. Hence you don't have to
      know anything about DumpContext unless you want to.
      
      inContext(*structure, context) dumps something like %B4:Array,
      and the endnote will have something like:
      
          %B4:Array    = 0x10e91a180:[Array, {Edge:100, Normal:101, Line:102, NumPx:103, LastPx:104}, ArrayWithContiguous, Proto:0x10e99ffe0]
      
      where B4 is the inferred name that StringHashDumpContext came up
      with.
      
      Also shortened a bunch of other dumps, removing information that
      isn't so important.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ArrayProfile.cpp:
      (JSC::dumpArrayModes):
      * bytecode/CodeBlockHash.cpp:
      (JSC):
      (JSC::CodeBlockHash::CodeBlockHash):
      (JSC::CodeBlockHash::dump):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::dumpInContext):
      (JSC):
      (JSC::InlineCallFrame::dumpInContext):
      (JSC::InlineCallFrame::dump):
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (InlineCallFrame):
      * bytecode/Operands.h:
      (JSC::OperandValueTraits::isEmptyForDump):
      (Operands):
      (JSC::Operands::dump):
      (JSC):
      * bytecode/OperandsInlines.h: Added.
      (JSC):
      (JSC::::dumpInContext):
      * bytecode/StructureSet.h:
      (JSC::StructureSet::dumpInContext):
      (JSC::StructureSet::dump):
      (StructureSet):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::dump):
      (DFG):
      (JSC::DFG::AbstractValue::dumpInContext):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::operator!):
      (AbstractValue):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      * dfg/DFGCommon.cpp:
      * dfg/DFGCommon.h:
      (JSC::DFG::NodePointerTraits::isEmptyForDump):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::createDumpList):
      * dfg/DFGDisassembler.h:
      (Disassembler):
      * dfg/DFGFlushFormat.h:
      (WTF::inContext):
      (WTF):
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGLazyJSValue.cpp:
      (JSC::DFG::LazyJSValue::dumpInContext):
      (JSC::DFG::LazyJSValue::dump):
      (DFG):
      * dfg/DFGLazyJSValue.h:
      (LazyJSValue):
      * dfg/DFGNode.h:
      (JSC::DFG::nodeMapDump):
      (WTF::inContext):
      (WTF):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGStructureAbstractValue.h:
      (JSC::DFG::StructureAbstractValue::dumpInContext):
      (JSC::DFG::StructureAbstractValue::dump):
      (StructureAbstractValue):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      (JSC::FTL::ExitValue::dump):
      (FTL):
      * ftl/FTLExitValue.h:
      (ExitValue):
      * ftl/FTLLowerDFGToLLVM.cpp:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dumpInContext):
      (FTL):
      * ftl/FTLValueSource.h:
      (ValueSource):
      * runtime/DumpContext.cpp: Added.
      (JSC):
      (JSC::DumpContext::DumpContext):
      (JSC::DumpContext::~DumpContext):
      (JSC::DumpContext::isEmpty):
      (JSC::DumpContext::dump):
      * runtime/DumpContext.h: Added.
      (JSC):
      (DumpContext):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::dump):
      (JSC):
      (JSC::JSValue::dumpInContext):
      * runtime/JSCJSValue.h:
      (JSC):
      (JSValue):
      * runtime/Structure.cpp:
      (JSC::Structure::dumpInContext):
      (JSC):
      (JSC::Structure::dumpBrief):
      (JSC::Structure::dumpContextHeader):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      
      Source/WTF:
      
      Reviewed by Mark Hahnenberg.
      
      Added support for dumping values within a context. By default, if you say
      print(inContext(value, context)) it calls value.dumpInContext(out, context)
      instead of value.dump(out).
      
      Hoisted the support for six-character hashes out of JSC::CodeBlockHash into
      WTF, in the form of SixCharacterHash.h.
      
      Added a helper for creating dump contexts where the inContext() dump will
      just use a short string hash to "name" the object being dumped, and then
      will print out the full dumps in an endnote to your dump.
      
      Added support for using CString as a hashtable key.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/PrintStream.h:
      (WTF):
      (ValueInContext):
      (WTF::ValueInContext::ValueInContext):
      (WTF::ValueInContext::dump):
      (WTF::inContext):
      * wtf/SixCharacterHash.cpp: Added.
      (WTF):
      (WTF::sixCharacterHashStringToInteger):
      (WTF::integerToSixCharacterHashString):
      * wtf/SixCharacterHash.h: Added.
      (WTF):
      * wtf/StringHashDumpContext.h: Added.
      (WTF):
      (StringHashDumpContext):
      (WTF::StringHashDumpContext::StringHashDumpContext):
      (WTF::StringHashDumpContext::getID):
      (WTF::StringHashDumpContext::dumpBrief):
      (WTF::StringHashDumpContext::brief):
      (WTF::StringHashDumpContext::isEmpty):
      (WTF::StringHashDumpContext::dump):
      * wtf/text/CString.cpp:
      (WTF::CString::hash):
      (WTF):
      (WTF::operator<):
      (WTF::CStringHash::equal):
      * wtf/text/CString.h:
      (WTF::CString::CString):
      (CString):
      (WTF::CString::isHashTableDeletedValue):
      (WTF):
      (WTF::CStringHash::hash):
      (CStringHash):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153296 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      237b1464
    • oliver@apple.com's avatar
      fourthTier: each DFG node that relies on other nodes to do their type checks... · 83d2d02a
      oliver@apple.com authored
      fourthTier: each DFG node that relies on other nodes to do their type checks should be able to tell you if those type checks happened
      https://bugs.webkit.org/show_bug.cgi?id=118866
      
      Reviewed by Sam Weinig.
      
      Adds a safeToExecute() method that takes a node and an abstract state and tells you
      if the node will run without crashing under that state.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      * dfg/DFGCFAPhase.cpp:
      (CFAPhase):
      (JSC::DFG::CFAPhase::CFAPhase):
      (JSC::DFG::CFAPhase::run):
      (JSC::DFG::CFAPhase::performBlockCFA):
      (JSC::DFG::CFAPhase::performForwardCFA):
      * dfg/DFGSafeToExecute.h: Added.
      (DFG):
      (SafeToExecuteEdge):
      (JSC::DFG::SafeToExecuteEdge::SafeToExecuteEdge):
      (JSC::DFG::SafeToExecuteEdge::operator()):
      (JSC::DFG::SafeToExecuteEdge::result):
      (JSC::DFG::safeToExecute):
      * dfg/DFGStructureAbstractValue.h:
      (JSC::DFG::StructureAbstractValue::isValidOffset):
      (StructureAbstractValue):
      * runtime/Options.h:
      (JSC):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153290 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      83d2d02a
    • oliver@apple.com's avatar
      fourthTier: Structure should be able to tell you if it's valid to load at a... · 0402d951
      oliver@apple.com authored
      fourthTier: Structure should be able to tell you if it's valid to load at a given offset from any object with that structure
      https://bugs.webkit.org/show_bug.cgi?id=118878
      
      Reviewed by Oliver Hunt.
      
      - Change Structure::isValidOffset() to actually answer the question "If I attempted
        to load from an object of this structure, at this offset, would I commit suicide
        or would I get back some kind of value?"
      
      - Change StorageAccessData::offset to use a PropertyOffset. It should have been that
        way from the start.
      
      - Fix PutStructure so that it sets haveStructures in all of the cases that it should.
      
      - Make GetByOffset also reference the base object in addition to the butterfly.
      
      The future use of this power will be to answer questions like "If I hoisted this
      GetByOffset or PutByOffset to this point, would it cause crashes, or would it be
      fine?"
      
      I don't currently plan to use this power to perform validation, since the CSE has
      the power to eliminate CheckStructure's that the CFA wouldn't be smart enough to
      remove - both in the case of StructureSets where size >= 2 and in the case of
      CheckStructures that match across PutStructures. At first I tried to write a
      validator that was aware of this, but the validation code got way too complicated
      and I started having nightmares of spurious assertion bugs being filed against me.
      
      This also changes some of the code for how we hash FunctionExecutable's for debug
      dumps, since that code still had some thread-safety issues. Basically, the
      concurrent JIT needs to use the CodeBlock's precomputed hash and never call anything
      that could transitively try to compute the hash from the source code. The source
      code is a string that may be lazily computed, and that involves all manner of thread
      unsafe things.
      
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::hash):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handlePutByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.h:
      (StorageAccessData):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToGetByOffset):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
      (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
      * runtime/FunctionExecutableDump.cpp:
      (JSC::FunctionExecutableDump::dump):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::isValidOffset):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153284 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0402d951
    • oliver@apple.com's avatar
      fourthTier: DFG shouldn't create CheckStructures for array accesses except if... · 58cdc336
      oliver@apple.com authored
      fourthTier: DFG shouldn't create CheckStructures for array accesses except if the ArrayMode implies an original array access
      https://bugs.webkit.org/show_bug.cgi?id=118867
      
      Reviewed by Mark Hahnenberg.
      
      This allows us to kill off a bunch of code in the parser, in fixup, and to simplify
      ArrayProfile.
      
      It also makes it easier to ask any array-using node how to create its type check.
      
      Doing this required fixing a bug in LowLevelInterpreter64, where it was storing into
      an array profile, thinking that it was storing into a value profile. Reshuffling the
      fields in ArrayProfile revealed this.
      
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::computeUpdatedPrediction):
      (JSC::ArrayProfile::briefDescriptionWithoutUpdating):
      * bytecode/ArrayProfile.h:
      (JSC::ArrayProfile::ArrayProfile):
      (ArrayProfile):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::updateAllArrayPredictions):
      (JSC::CodeBlock::updateAllPredictions):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::updateAllArrayPredictions):
      * dfg/DFGArrayMode.h:
      (ArrayMode):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getArrayModeConsideringSlowPath):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      * llint/LowLevelInterpreter64.asm:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153281 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      58cdc336
    • oliver@apple.com's avatar
      fourthTier: DFG should have an SSA form for use by FTL · 827d2cf7
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=118338
      
      Source/JavaScriptCore:
      
      Reviewed by Mark Hahnenberg.
      
      Adds an SSA form to the DFG. We can convert ThreadedCPS form into SSA form
      after breaking critical edges. The conversion algorithm follows Aycock and
      Horspool, and the SSA form itself follows something I've done before, where
      instead of having Phi functions specify input nodes corresponding to block
      predecessors, we instead have Upsilon functions in the predecessors that
      specify which value in that block goes into which subsequent Phi. Upsilons
      don't have to dominate Phis (usually they don't) and they correspond to a
      non-SSA "mov" into the Phi's "variable". This gives all of the good
      properties of SSA, while ensuring that a bunch of CFG transformations don't
      have to be SSA-aware.
      
      So far the only DFG phases that are SSA-aware are DCE and CFA. CFG
      simplification is probably SSA-aware by default, though I haven't tried it.
      Constant folding probably needs a few tweaks, but is likely ready. Ditto
      for CSE, though it's not clear that we'd want to use block-local CSE when
      we could be doing GVN.
      
      Currently only the FTL can generate code from the SSA form, and there is no
      way to convert from SSA to ThreadedCPS or LoadStore. There probably will
      never be such a capability.
      
      In order to handle OSR exit state in the SSA, we place MovHints at Phi
      points. Other than that, you can reconstruct state-at-exit by forward
      propagating MovHints. Note that MovHint is the new SetLocal in SSA.
      SetLocal and GetLocal only survive into SSA if they are on captured
      variables, or in the case of flushes. A "live SetLocal" will be
      NodeMustGenerate and will always correspond to a flush. Computing the
      state-at-exit requires running SSA liveness analysis, OSR availability
      analysis, and flush liveness analysis. The FTL runs all of these prior to
      generating code. While OSR exit continues to be tricky, much of the logic
      is now factored into separate phases and the backend has to do less work
      to reason about what happened outside of the basic block that is being
      lowered.
      
      Conversion from DFG SSA to LLVM SSA is done by ensuring that we generate
      code in depth-first order, thus guaranteeing that a node will always be
      lowered (and hence have a LValue) before any of the blocks dominated by
      that node's block have code generated. For Upsilon/Phi, we just use
      alloca's. We could do something more clever there, but it's probably not
      worth it, at least not now.
      
      Finally, while the SSA form is currently only being converted to LLVM IR,
      there is nothing that prevents us from considering other backends in the
      future - with the caveat that this form is designed to be first lowered to
      a lower-level SSA before actual machine code generation commences. So we
      ought to either use LLVM (the intended path) or we will have to write our
      own SSA low-level backend.
      
      This runs all of the code that the FTL was known to run previously. No
      change in performance for now. But it does open some exciting
      possibilities!
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Operands.h:
      (JSC::OperandValueTraits::dump):
      (JSC::Operands::fill):
      (Operands):
      (JSC::Operands::clear):
      (JSC::Operands::operator==):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::beginBasicBlock):
      (JSC::DFG::setLiveValues):
      (DFG):
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::endBasicBlock):
      (JSC::DFG::AbstractState::executeEffects):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::merge):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::justOneChild):
      (AdjacencyList):
      * dfg/DFGBasicBlock.cpp: Added.
      (DFG):
      (JSC::DFG::BasicBlock::BasicBlock):
      (JSC::DFG::BasicBlock::~BasicBlock):
      (JSC::DFG::BasicBlock::ensureLocals):
      (JSC::DFG::BasicBlock::isInPhis):
      (JSC::DFG::BasicBlock::isInBlock):
      (JSC::DFG::BasicBlock::removePredecessor):
      (JSC::DFG::BasicBlock::replacePredecessor):
      (JSC::DFG::BasicBlock::dump):
      (JSC::DFG::BasicBlock::SSAData::SSAData):
      (JSC::DFG::BasicBlock::SSAData::~SSAData):
      * dfg/DFGBasicBlock.h:
      (BasicBlock):
      (JSC::DFG::BasicBlock::operator[]):
      (JSC::DFG::BasicBlock::successor):
      (JSC::DFG::BasicBlock::successorForCondition):
      (SSAData):
      * dfg/DFGBasicBlockInlines.h:
      (DFG):
      * dfg/DFGBlockInsertionSet.cpp: Added.
      (DFG):
      (JSC::DFG::BlockInsertionSet::BlockInsertionSet):
      (JSC::DFG::BlockInsertionSet::~BlockInsertionSet):
      (JSC::DFG::BlockInsertionSet::insert):
      (JSC::DFG::BlockInsertionSet::insertBefore):
      (JSC::DFG::BlockInsertionSet::execute):
      * dfg/DFGBlockInsertionSet.h: Added.
      (DFG):
      (BlockInsertionSet):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::run):
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
      * dfg/DFGCommon.cpp:
      (WTF::printInternal):
      * dfg/DFGCommon.h:
      (JSC::DFG::doesKill):
      (DFG):
      (JSC::DFG::killStatusForDoesKill):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
      * dfg/DFGCriticalEdgeBreakingPhase.cpp: Added.
      (DFG):
      (CriticalEdgeBreakingPhase):
      (JSC::DFG::CriticalEdgeBreakingPhase::CriticalEdgeBreakingPhase):
      (JSC::DFG::CriticalEdgeBreakingPhase::run):
      (JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
      (JSC::DFG::performCriticalEdgeBreaking):
      * dfg/DFGCriticalEdgeBreakingPhase.h: Added.
      (DFG):
      * dfg/DFGDCEPhase.cpp:
      (JSC::DFG::DCEPhase::run):
      (JSC::DFG::DCEPhase::findTypeCheckRoot):
      (JSC::DFG::DCEPhase::countNode):
      (DCEPhase):
      (JSC::DFG::DCEPhase::countEdge):
      (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.cpp:
      (JSC::DFG::Edge::dump):
      * dfg/DFGEdge.h:
      (JSC::DFG::Edge::Edge):
      (JSC::DFG::Edge::setNode):
      (JSC::DFG::Edge::useKindUnchecked):
      (JSC::DFG::Edge::setUseKind):
      (JSC::DFG::Edge::setProofStatus):
      (JSC::DFG::Edge::willNotHaveCheck):
      (JSC::DFG::Edge::willHaveCheck):
      (Edge):
      (JSC::DFG::Edge::killStatusUnchecked):
      (JSC::DFG::Edge::killStatus):
      (JSC::DFG::Edge::setKillStatus):
      (JSC::DFG::Edge::doesKill):
      (JSC::DFG::Edge::doesNotKill):
      (JSC::DFG::Edge::shift):
      (JSC::DFG::Edge::makeWord):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGFlushFormat.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h: Added.
      (DFG):
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      (WTF):
      * dfg/DFGFlushLivenessAnalysisPhase.cpp: Added.
      (DFG):
      (FlushLivenessAnalysisPhase):
      (JSC::DFG::FlushLivenessAnalysisPhase::FlushLivenessAnalysisPhase):
      (JSC::DFG::FlushLivenessAnalysisPhase::run):
      (JSC::DFG::FlushLivenessAnalysisPhase::process):
      (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
      (JSC::DFG::FlushLivenessAnalysisPhase::flushFormat):
      (JSC::DFG::performFlushLivenessAnalysis):
      * dfg/DFGFlushLivenessAnalysisPhase.h: Added.
      (DFG):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      (DFG):
      (JSC::DFG::Graph::addForDepthFirstSort):
      (JSC::DFG::Graph::getBlocksInDepthFirstOrder):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::convertToConstant):
      (JSC::DFG::Graph::valueProfileFor):
      (Graph):
      * dfg/DFGInsertionSet.h:
      (DFG):
      (JSC::DFG::InsertionSet::execute):
      * dfg/DFGLivenessAnalysisPhase.cpp: Added.
      (DFG):
      (LivenessAnalysisPhase):
      (JSC::DFG::LivenessAnalysisPhase::LivenessAnalysisPhase):
      (JSC::DFG::LivenessAnalysisPhase::run):
      (JSC::DFG::LivenessAnalysisPhase::process):
      (JSC::DFG::LivenessAnalysisPhase::addChildUse):
      (JSC::DFG::performLivenessAnalysis):
      * dfg/DFGLivenessAnalysisPhase.h: Added.
      (DFG):
      * dfg/DFGNode.cpp:
      (JSC::DFG::Node::hasVariableAccessData):
      (DFG):
      * dfg/DFGNode.h:
      (DFG):
      (Node):
      (JSC::DFG::Node::hasLocal):
      (JSC::DFG::Node::variableAccessData):
      (JSC::DFG::Node::hasPhi):
      (JSC::DFG::Node::phi):
      (JSC::DFG::Node::takenBlock):
      (JSC::DFG::Node::notTakenBlock):
      (JSC::DFG::Node::successor):
      (JSC::DFG::Node::successorForCondition):
      (JSC::DFG::nodeComparator):
      (JSC::DFG::nodeListDump):
      (JSC::DFG::nodeMapDump):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::dumpNodeFlags):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRAvailabilityAnalysisPhase.cpp: Added.
      (DFG):
      (OSRAvailabilityAnalysisPhase):
      (JSC::DFG::OSRAvailabilityAnalysisPhase::OSRAvailabilityAnalysisPhase):
      (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
      (JSC::DFG::performOSRAvailabilityAnalysis):
      * dfg/DFGOSRAvailabilityAnalysisPhase.h: Added.
      (DFG):
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSSAConversionPhase.cpp: Added.
      (DFG):
      (SSAConversionPhase):
      (JSC::DFG::SSAConversionPhase::SSAConversionPhase):
      (JSC::DFG::SSAConversionPhase::run):
      (JSC::DFG::SSAConversionPhase::forwardPhiChildren):
      (JSC::DFG::SSAConversionPhase::forwardPhi):
      (JSC::DFG::SSAConversionPhase::forwardPhiEdge):
      (JSC::DFG::SSAConversionPhase::deduplicateChildren):
      (JSC::DFG::SSAConversionPhase::addFlushedLocalOp):
      (JSC::DFG::SSAConversionPhase::addFlushedLocalEdge):
      (JSC::DFG::performSSAConversion):
      * dfg/DFGSSAConversionPhase.h: Added.
      (DFG):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      (Validate):
      (JSC::DFG::Validate::validateCPS):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::flushFormat):
      (VariableAccessData):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::lower):
      (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
      (LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::compilePhi):
      (JSC::FTL::LowerDFGToLLVM::compileJSConstant):
      (JSC::FTL::LowerDFGToLLVM::compileWeakJSConstant):
      (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileAdd):
      (JSC::FTL::LowerDFGToLLVM::compileArithSub):
      (JSC::FTL::LowerDFGToLLVM::compileArithMul):
      (JSC::FTL::LowerDFGToLLVM::compileArithDiv):
      (JSC::FTL::LowerDFGToLLVM::compileArithMod):
      (JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax):
      (JSC::FTL::LowerDFGToLLVM::compileArithAbs):
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      (JSC::FTL::LowerDFGToLLVM::compileBitAnd):
      (JSC::FTL::LowerDFGToLLVM::compileBitOr):
      (JSC::FTL::LowerDFGToLLVM::compileBitXor):
      (JSC::FTL::LowerDFGToLLVM::compileBitRShift):
      (JSC::FTL::LowerDFGToLLVM::compileBitLShift):
      (JSC::FTL::LowerDFGToLLVM::compileBitURShift):
      (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
      (JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
      (JSC::FTL::LowerDFGToLLVM::compileGetButterfly):
      (JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
      (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
      (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
      (JSC::FTL::LowerDFGToLLVM::compileGetGlobalVar):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
      (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
      (JSC::FTL::LowerDFGToLLVM::speculateBackward):
      (JSC::FTL::LowerDFGToLLVM::lowInt32):
      (JSC::FTL::LowerDFGToLLVM::lowCell):
      (JSC::FTL::LowerDFGToLLVM::lowBoolean):
      (JSC::FTL::LowerDFGToLLVM::lowDouble):
      (JSC::FTL::LowerDFGToLLVM::lowJSValue):
      (JSC::FTL::LowerDFGToLLVM::lowStorage):
      (JSC::FTL::LowerDFGToLLVM::speculate):
      (JSC::FTL::LowerDFGToLLVM::speculateBoolean):
      (JSC::FTL::LowerDFGToLLVM::isLive):
      (JSC::FTL::LowerDFGToLLVM::use):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
      (JSC::FTL::LowerDFGToLLVM::setInt32):
      (JSC::FTL::LowerDFGToLLVM::setJSValue):
      (JSC::FTL::LowerDFGToLLVM::setBoolean):
      (JSC::FTL::LowerDFGToLLVM::setStorage):
      (JSC::FTL::LowerDFGToLLVM::setDouble):
      (JSC::FTL::LowerDFGToLLVM::isValid):
      * ftl/FTLLoweredNodeValue.h: Added.
      (FTL):
      (LoweredNodeValue):
      (JSC::FTL::LoweredNodeValue::LoweredNodeValue):
      (JSC::FTL::LoweredNodeValue::isSet):
      (JSC::FTL::LoweredNodeValue::operator!):
      (JSC::FTL::LoweredNodeValue::value):
      (JSC::FTL::LoweredNodeValue::block):
      * ftl/FTLValueFromBlock.h:
      (JSC::FTL::ValueFromBlock::ValueFromBlock):
      (ValueFromBlock):
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      
      Source/WTF:
      
      Reviewed by Mark Hahnenberg.
      
      - Extend variadicity of PrintStream and dataLog.
      
      - Give HashSet the ability to add a span of things.
      
      - Give HashSet the ability to == another HashSet.
      
      - Note FIXME's in HashTable concerning copying performance, that affects
        the way that the DFG now uses HashSets and HashMaps.
      
      - Factor out the bulk-insertion logic of JSC::DFG::InsertionSet into
        WTF::Insertion, so that it can be used in more places.
      
      - Create a dumper for lists and maps.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/DataLog.h:
      (WTF):
      (WTF::dataLog):
      * wtf/HashSet.h:
      (HashSet):
      (WTF):
      (WTF::::add):
      (WTF::=):
      * wtf/HashTable.h:
      (WTF::::HashTable):
      (WTF::=):
      * wtf/Insertion.h: Added.
      (WTF):
      (Insertion):
      (WTF::Insertion::Insertion):
      (WTF::Insertion::index):
      (WTF::Insertion::element):
      (WTF::Insertion::operator<):
      (WTF::executeInsertions):
      * wtf/ListDump.h: Added.
      (WTF):
      (ListDump):
      (WTF::ListDump::ListDump):
      (WTF::ListDump::dump):
      (MapDump):
      (WTF::MapDump::MapDump):
      (WTF::MapDump::dump):
      (WTF::listDump):
      (WTF::sortedListDump):
      (WTF::lessThan):
      (WTF::mapDump):
      (WTF::sortedMapDump):
      * wtf/PrintStream.h:
      (PrintStream):
      (WTF::PrintStream::print):
      
      Conflicts:
      	Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153274 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      827d2cf7