1. 26 Sep, 2012 1 commit
    • barraclough@apple.com's avatar
      Generalize JSGlobalThis as JSProxy · 4aef7247
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97716
      
      Reviewed by Oliver Hunt.
      
      ../JavaScriptCore: 
      
      Generalize JSGlobalThis as JSProxy and move proxying functionality up from the window shell into JSProxy.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::toThisObject):
          - Hoist toThisObject from WebCore.
      (JSC):
      * runtime/JSGlobalObject.h:
          - removed include.
      (JSC::JSGlobalObject::finishCreation):
          - JSGlobalThis -> JSObject
      (JSGlobalObject):
          - Hoist toThisObject from WebCore.
      * runtime/JSGlobalThis.cpp: Removed.
      * runtime/JSGlobalThis.h: Removed.
      * runtime/JSObject.cpp:
          - removed include.
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::isProxy):
          - isGlobalThis -> isProxy
          - GlobalThisType -> ProxyType
      * runtime/JSProxy.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.cpp.
      (JSC):
      (JSC::JSProxy::visitChildren):
      (JSC::JSProxy::setTarget):
      (JSC::JSProxy::className):
      (JSC::JSProxy::getOwnPropertySlot):
      (JSC::JSProxy::getOwnPropertySlotByIndex):
      (JSC::JSProxy::getOwnPropertyDescriptor):
      (JSC::JSProxy::put):
      (JSC::JSProxy::putByIndex):
      (JSC::JSProxy::putDirectVirtual):
      (JSC::JSProxy::defineOwnProperty):
      (JSC::JSProxy::deleteProperty):
      (JSC::JSProxy::deletePropertyByIndex):
      (JSC::JSProxy::getPropertyNames):
      (JSC::JSProxy::getOwnPropertyNames):
          - Class cretaed from JSGlobalThis, JSDOMWindowShell.
      * runtime/JSProxy.h: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.h.
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSProxy):
      (JSC::JSProxy::target):
      (JSC::JSProxy::JSProxy):
          - Class cretaed from JSGlobalThis, JSDOMWindowShell.
      * runtime/JSType.h:
          - GlobalThisType -> ProxyType
      
      ../WebCore: 
      
      This patch moves window shell functionality up to JSC::JSProxy.
      
      * ForwardingHeaders/runtime/JSGlobalThis.h: Removed.
      * ForwardingHeaders/runtime/JSProxy.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalThis.h.
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::finishCreation):
          - JSGlobalThis -> JSObject
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
          - JSGlobalThis -> JSObject
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore):
          - Hoist toThisObject up into JSC.
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
          - Hoist toThisObject up into JSC.
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore):
          - JSGlobalThis -> JSProxy
          - moved JSObject callbacks to JSProxy
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
          - JSGlobalThis -> JSProxy
          - moved JSObject callbacks to JSProxy
      (WebCore::JSDOMWindowShell::window):
          - unwrappedObject() -> target()
      (WebCore::JSDOMWindowShell::setWindow):
          - setUnwrappedObject() -> setTarget()
      (WebCore::JSDOMWindowShell::createStructure):
          - GlobalThisType -> ProxyType
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4aef7247
  2. 12 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should have property butterflies · d8dd0535
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91933
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      This changes the JSC object model. Previously, all objects had fast lookup for
      named properties. Integer indexed properties were only fast if you used a
      JSArray. With this change, all objects have fast indexed properties. This is
      accomplished without any space overhead by using a bidirectional object layout,
      aka butterflies. Each JSObject has a m_butterfly pointer where previously it
      had a m_outOfLineStorage pointer. To the left of the location pointed to by
      m_butterfly, we place all named out-of-line properties. To the right, we place
      all indexed properties along with indexing meta-data. Though, some indexing
      meta-data is placed in the 8-byte word immediately left of the pointed-to
      location; this is in anticipation of the indexing meta-data being small enough
      in the common case that m_butterfly always points to the first indexed
      property.
              
      This is performance neutral, except on tests that use indexed properties on
      plain objects, where the speed-up is in excess of an order of magnitude.
              
      One notable aspect of what this change brings is that it allows indexing
      storage to morph over time. Currently this is only used to allow all non-array
      objects to start out without any indexed storage. But it could be used for
      some kinds of array type inference in the future.
      
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlotByIndex):
      (JSC):
      (JSC::::getOwnNonIndexPropertyNames):
      * API/JSObjectRef.cpp:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitDirectPutById):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (AdjacencyList):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::modeSupportsLength):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::addNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryBuildPutByIdList):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateBasicStorage):
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Arguments.cpp:
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::defineOwnProperty):
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConventions.h: Added.
      (JSC):
      (JSC::isDenseEnoughForVector):
      (JSC::indexingHeaderForArray):
      (JSC::baseIndexingHeaderForArray):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::create):
      (JSC):
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      (JSC::ArrayPrototype::createStructure):
      * runtime/ArrayStorage.h: Added.
      (JSC):
      (ArrayStorage):
      (JSC::ArrayStorage::ArrayStorage):
      (JSC::ArrayStorage::from):
      (JSC::ArrayStorage::butterfly):
      (JSC::ArrayStorage::indexingHeader):
      (JSC::ArrayStorage::length):
      (JSC::ArrayStorage::setLength):
      (JSC::ArrayStorage::vectorLength):
      (JSC::ArrayStorage::setVectorLength):
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (JSC::ArrayStorage::inSparseMode):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::vectorLengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSC::ArrayStorage::indexBiasOffset):
      (JSC::ArrayStorage::sparseMapOffset):
      (JSC::ArrayStorage::sizeFor):
      * runtime/Butterfly.h: Added.
      (JSC):
      (Butterfly):
      (JSC::Butterfly::Butterfly):
      (JSC::Butterfly::totalSize):
      (JSC::Butterfly::fromBase):
      (JSC::Butterfly::offsetOfIndexingHeader):
      (JSC::Butterfly::offsetOfPublicLength):
      (JSC::Butterfly::offsetOfVectorLength):
      (JSC::Butterfly::indexingHeader):
      (JSC::Butterfly::propertyStorage):
      (JSC::Butterfly::indexingPayload):
      (JSC::Butterfly::arrayStorage):
      (JSC::Butterfly::offsetOfPropertyStorage):
      (JSC::Butterfly::indexOfPropertyStorage):
      (JSC::Butterfly::base):
      * runtime/ButterflyInlineMethods.h: Added.
      (JSC):
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::createUninitializedDuringCollection):
      (JSC::Butterfly::base):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/ClassInfo.h:
      (MethodTable):
      (JSC):
      * runtime/IndexingHeader.h: Added.
      (JSC):
      (IndexingHeader):
      (JSC::IndexingHeader::offsetOfIndexingHeader):
      (JSC::IndexingHeader::offsetOfPublicLength):
      (JSC::IndexingHeader::offsetOfVectorLength):
      (JSC::IndexingHeader::IndexingHeader):
      (JSC::IndexingHeader::vectorLength):
      (JSC::IndexingHeader::setVectorLength):
      (JSC::IndexingHeader::publicLength):
      (JSC::IndexingHeader::setPublicLength):
      (JSC::IndexingHeader::from):
      (JSC::IndexingHeader::fromEndOf):
      (JSC::IndexingHeader::propertyStorage):
      (JSC::IndexingHeader::arrayStorage):
      (JSC::IndexingHeader::butterfly):
      * runtime/IndexingHeaderInlineMethods.h: Added.
      (JSC):
      (JSC::IndexingHeader::preCapacity):
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.h: Added.
      (JSC):
      (JSC::hasIndexingHeader):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::getOwnNonIndexPropertyNames):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::getOwnNonIndexPropertyNames):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      (JSC::JSArray::JSArray):
      (JSC::JSArray::length):
      (JSC::JSArray::createStructure):
      (JSC::JSArray::isLengthWritable):
      (JSC::createArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnNonIndexPropertyNames):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC):
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::fillGetterPropertySlot):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::deallocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      (JSC::JSObject::getOwnPropertySlotSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSObject):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::butterfly):
      (JSC::JSObject::outOfLineStorage):
      (JSC::JSObject::offsetForLocation):
      (JSC::JSObject::indexingShouldBeSparse):
      (JSC::JSObject::butterflyOffset):
      (JSC::JSObject::butterflyAddress):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrZero):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::setButterflyWithoutChangingStructure):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::offsetInButterfly):
      (JSC::offsetRelativeToPatchedStorage):
      (JSC::indexRelativeToBase):
      (JSC::offsetRelativeToBase):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/JSTypeInfo.h:
      (JSC):
      (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero):
      (JSC::TypeInfo::overridesGetPropertyNames):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyOffset.h:
      (JSC::offsetInOutOfLineStorage):
      * runtime/PropertyStorage.h: Added.
      (JSC):
      * runtime/PutDirectIndexMode.h: Added.
      (JSC):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnNonIndexPropertyNames):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/Reject.h: Added.
      (JSC):
      (JSC::reject):
      * runtime/SparseArrayValueMap.cpp: Added.
      (JSC):
      * runtime/SparseArrayValueMap.h: Added.
      (JSC):
      (SparseArrayEntry):
      (JSC::SparseArrayEntry::SparseArrayEntry):
      (SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
      * runtime/SparseArrayValueMapInlineMethods.h: Added.
      (JSC):
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::~SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::destroy):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::get):
      (JSC::SparseArrayEntry::getNonSparseMode):
      (JSC::SparseArrayValueMap::visitChildren):
      * runtime/StorageBarrier.h: Removed.
      * runtime/StringObject.cpp:
      (JSC::StringObject::putByIndex):
      (JSC):
      (JSC::StringObject::deletePropertyByIndex):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::nonPropertyTransition):
      (JSC):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::indexingType):
      (JSC::Structure::indexingTypeIncludingHistory):
      (JSC::Structure::indexingTypeOffset):
      (JSC::Structure::create):
      * runtime/StructureTransitionTable.h:
      (JSC):
      (JSC::toAttributes):
      (JSC::newIndexingType):
      (JSC::StructureTransitionTable::Hash::hash):
      * tests/mozilla/js1_6/Array/regress-304828.js:
      
      Source/WebCore: 
      
      Teach the DOM that to intercept get/put on indexed properties, you now have
      to override getOwnPropertySlotByIndex and putByIndex.
      
      No new tests because no new behavior. One test was rebased because indexed
      property iteration order now matches other engines (indexed properties always
      come first).
      
      * bindings/js/ArrayValue.cpp:
      (WebCore::ArrayValue::get):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindow::putByIndex):
      (WebCore::JSDOMWindow::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindowShell::putByIndex):
      (WebCore::JSDOMWindowShell::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSWebSocketCustom.cpp:
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::serialize):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      
      LayoutTests: 
      
      Modify the JSON test to indicate that iterating over properties now returns
      indexed properties first. This is a behavior change that makes us more
      compliant with other implementations.
              
      Also check in new expected file for the edge cases of indexed property access
      with prototype accessors. This changeset introduces a known regression in that
      department, which is tracked here: https://bugs.webkit.org/show_bug.cgi?id=96596
      
      * fast/js/resources/JSON-stringify.js:
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d8dd0535
  3. 11 Sep, 2012 2 commits
    • rakuco@webkit.org's avatar
      [EFL] Rewrite the EFL-related Find modules · 72080605
      rakuco@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95237
      
      Reviewed by Kenneth Rohde Christiansen.
      
      .:
      
      FindEFL.cmake had several problems which caused unnecessary trouble
      when building the EFL port under some setups:
      
      o It looked for some modules (such as ecore) more than once for no
      reason, which led to people adding libraries and include paths in
      different ways across the build system.
      
      o It depended on pkg-config being present for the searches to
      succeed.
      
      o It obtained the library definitions from pkg-config, so
      ${FOO_LIBRARIES} would be set to something like "foo;bar" which
      expanded to "-lfoo -lbar" to the linker. If a wrong -L<path> was
      passed before that, the wrong library installation would end up
      being picked up.
      
      o Due to the problem above, we also needed to set the LINK_FLAGS
      property for each target with the value of ${FOO_LDFLAGS}, which was
      also obtained from pkg-config and sort of compensated the fact that
      the libraries did not use absolute paths and added the required -L
      paths. This also included dependencies for these libraries, so we
      ended up including libraries indirectly, which is bad.
      
      We have now replaced that file with a set of Find-modules which are
      much more granular, each of them responsible for looking for a
      single library and its components and setting library and include
      locations the right way (with FIND_PATH() and FIND_LIBRARY()), so
      that all the problems above are fixed.
      
      * Source/cmake/EFLHelpers.cmake: Added.
      * Source/cmake/FindEDBus.cmake: Added.
      * Source/cmake/FindEFL.cmake: Removed.
      * Source/cmake/FindEcore.cmake: Added.
      * Source/cmake/FindEdje.cmake: Added.
      * Source/cmake/FindEeze.cmake: Added.
      * Source/cmake/FindEfreet.cmake: Added.
      * Source/cmake/FindEina.cmake: Added.
      * Source/cmake/FindEvas.cmake: Added.
      * Source/cmake/OptionsEfl.cmake:
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt: Stop setting the LINK_FLAGS property.
      * PlatformEfl.cmake: Ditto.
      * shell/PlatformEfl.cmake: Ditto.
      
      Source/WebCore:
      
      * CMakeLists.txt: Stop setting the LINK_FLAGS property now that no
      port sets WebCore_LINK_FLAGS.
      * PlatformEfl.cmake: Add libraries and include directories for
      each Enlightenment Foundation Library used by the port.
      
      Source/WebKit:
      
      * PlatformEfl.cmake: Stop setting the LINK_FLAGS property and add
      libraries and include directories for each Enlightenment
      Foundation Library used by the port.
      
      Source/WebKit2:
      
      * CMakeLists.txt: Stop setting the LINK_FLAGS property.
      * PlatformEfl.cmake: Add libraries and include directories for
      each Enlightenment Foundation Library used by the port.
      
      Source/WTF:
      
      * CMakeLists.txt: Stop setting the LINK_FLAGS property.
      * PlatformEfl.cmake: Add libraries and include directories for
      each Enlightenment Foundation Library used by the port.
      
      Tools:
      
      * DumpRenderTree/efl/CMakeLists.txt: Stop setting the LINK_FLAGS
      property and include all the Enlightenment Foundation Libraries
      required by the target.
      * EWebLauncher/CMakeLists.txt: Ditto.
      * MiniBrowser/efl/CMakeLists.txt: Ditto.
      * TestWebKitAPI/PlatformEfl.cmake: Add missing include directories
      now that they are not added implicitly.
      * WebKitTestRunner/CMakeLists.txt: Stop setting the LINK_FLAGS
      property.
      * WebKitTestRunner/PlatformEfl.cmake: Stop setting the LINK_FLAGS
      property and include all the Enlightenment Foundation Libraries
      required by the target.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128191 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      72080605
    • rakuco@webkit.org's avatar
      [EFL] Unreviewed build fix after r128065. · 10e70b09
      rakuco@webkit.org authored
      * CMakeLists.txt: Link against WTF for FastMalloc symbols, which
      are needed when building with SYSTEM_MALLOC off.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128172 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10e70b09
  4. 10 Sep, 2012 2 commits
    • mhahnenberg@apple.com's avatar
      Combine MarkStack and SlotVisitor into single class · a57e6716
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96043
      
      Reviewed by Geoff Garen.
      
      Move all of MarkStack into SlotVisitor. The remaining stuff in MarkStack.cpp actually has to do 
      with MarkStack management/allocation. Cleaned up a few of the header files while I was at it.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      * dfg/DFGCommon.h:
      * heap/GCThreadSharedData.cpp:
      * heap/GCThreadSharedData.h:
      (GCThreadSharedData):
      * heap/HeapRootVisitor.h:
      * heap/MarkStack.cpp:
      (JSC):
      * heap/MarkStack.h:
      (JSC):
      (MarkStackSegment):
      (JSC::MarkStackSegment::data):
      (JSC::MarkStackSegment::capacityFromSize):
      (JSC::MarkStackSegment::sizeFromCapacity):
      (MarkStackSegmentAllocator):
      (MarkStackArray):
      * heap/MarkStackInlineMethods.h:
      (JSC::MarkStackArray::postIncTop):
      (JSC):
      (JSC::MarkStackArray::preDecTop):
      (JSC::MarkStackArray::setTopForFullSegment):
      (JSC::MarkStackArray::setTopForEmptySegment):
      (JSC::MarkStackArray::top):
      (JSC::MarkStackArray::validatePrevious):
      (JSC::MarkStackArray::append):
      (JSC::MarkStackArray::canRemoveLast):
      (JSC::MarkStackArray::removeLast):
      (JSC::MarkStackArray::isEmpty):
      (JSC::MarkStackArray::size):
      * heap/SlotVisitor.cpp: Added.
      (JSC):
      (JSC::SlotVisitor::SlotVisitor):
      (JSC::SlotVisitor::~SlotVisitor):
      (JSC::SlotVisitor::setup):
      (JSC::SlotVisitor::reset):
      (JSC::SlotVisitor::append):
      (JSC::visitChildren):
      (JSC::SlotVisitor::donateKnownParallel):
      (JSC::SlotVisitor::drain):
      (JSC::SlotVisitor::drainFromShared):
      (JSC::SlotVisitor::mergeOpaqueRoots):
      (JSC::SlotVisitor::startCopying):
      (JSC::SlotVisitor::allocateNewSpaceSlow):
      (JSC::SlotVisitor::allocateNewSpaceOrPin):
      (JSC::JSString::tryHashConstLock):
      (JSC::JSString::releaseHashConstLock):
      (JSC::JSString::shouldTryHashConst):
      (JSC::SlotVisitor::internalAppend):
      (JSC::SlotVisitor::copyAndAppend):
      (JSC::SlotVisitor::doneCopying):
      (JSC::SlotVisitor::harvestWeakReferences):
      (JSC::SlotVisitor::finalizeUnconditionalFinalizers):
      (JSC::SlotVisitor::validate):
      * heap/SlotVisitor.h:
      (JSC):
      (SlotVisitor):
      (JSC::SlotVisitor::sharedData):
      (JSC::SlotVisitor::isEmpty):
      (JSC::SlotVisitor::visitCount):
      (JSC::SlotVisitor::resetChildCount):
      (JSC::SlotVisitor::childCount):
      (JSC::SlotVisitor::incrementChildCount):
      (ParallelModeEnabler):
      (JSC::ParallelModeEnabler::ParallelModeEnabler):
      (JSC::ParallelModeEnabler::~ParallelModeEnabler):
      * heap/SlotVisitorInlineMethods.h:
      (JSC::SlotVisitor::append):
      (JSC):
      (JSC::SlotVisitor::appendUnbarrieredPointer):
      (JSC::SlotVisitor::appendUnbarrieredValue):
      (JSC::SlotVisitor::internalAppend):
      (JSC::SlotVisitor::addWeakReferenceHarvester):
      (JSC::SlotVisitor::addUnconditionalFinalizer):
      (JSC::SlotVisitor::addOpaqueRoot):
      (JSC::SlotVisitor::containsOpaqueRoot):
      (JSC::SlotVisitor::opaqueRootCount):
      (JSC::SlotVisitor::mergeOpaqueRootsIfNecessary):
      (JSC::SlotVisitor::mergeOpaqueRootsIfProfitable):
      (JSC::SlotVisitor::donate):
      (JSC::SlotVisitor::donateAndDrain):
      * jit/JITWriteBarrier.h:
      (JSC::SlotVisitor::append):
      * jit/JumpReplacementWatchpoint.cpp:
      * runtime/JSCell.h:
      * runtime/Structure.h:
      (JSC::SlotVisitor::internalAppend):
      * runtime/WriteBarrier.h:
      (JSC):
      (JSC::SlotVisitor::append):
      (JSC::SlotVisitor::appendValues):
      * yarr/YarrJIT.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128084 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a57e6716
    • commit-queue@webkit.org's avatar
      [CMake][EFL] Enable the LLInt · 934f4081
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=92682
      
      Patch by Thiago Marcos P. Santos <thiago.santos@intel.com> on 2012-09-10
      Reviewed by Csaba Osztrogonác.
      
      .:
      
      Added LLInt to CMake buildsystem and enabled it by default on EFL.
      Note that Ruby is not enforced: a secondary check is done when LLInt
      is enabled on the JSC's CMakeLists.txt.
      
      * CMakeLists.txt:
      * Source/cmake/OptionsEfl.cmake:
      * Source/cmake/WebKitFeatures.cmake:
      * Source/cmakeconfig.h.cmake:
      
      Source/JavaScriptCore:
      
      Generate the headers needed by LLint when LLint is enabled.
      
      * CMakeLists.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128065 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      934f4081
  5. 30 Aug, 2012 2 commits
    • ggaren@apple.com's avatar
      Use one object instead of two for closures, eliminating ScopeChainNode · b11e7874
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95501
      
      Reviewed by Filip Pizlo.
      
      ../JavaScriptCore: 
      
      This patch removes ScopeChainNode, and moves all the data and related
      functions that used to be in ScopeChainNode into JSScope.
      
      Most of this patch is mechanical changes to use a JSScope* where we used
      to use a ScopeChainNode*. I've only specifically commented about items
      that were non-mechanical.
      
      * runtime/Completion.cpp:
      (JSC::evaluate):
      * runtime/Completion.h: Don't require an explicit scope chain argument
      when evaluating code. Clients never wanted anything other than the
      global scope, and other arbitrary scopes probably wouldn't work
      correctly, anyway.
      
      * runtime/JSScope.cpp:
      * runtime/JSScope.h:
      (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
      ScopeChainNode, so it can link itself into the scope chain correctly.
      
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
      for specifically supplying your own scope chain. The DOM needs this
      interface for setting up the scope chain for certain event handlers.
      Other clients always just push the JSWithScope to the head of the current
      scope chain.
      
      ../WebCore: 
      
      Mechanical changes to update for JSC interface changes.
      
      ../WebKit/mac: 
      
      Mechanical change to update for JSC interface change.
      
      ../WebKit/qt: 
      
      Mechanical change to update for JSC interface change.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      ../WebKit2: 
      
      Mechanical changes to update for JSC interface change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b11e7874
    • benjamin@webkit.org's avatar
      Replace JSC::UString by WTF::String · cff06e46
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95271
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-08-30
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Having JSC::UString and WTF::String increase the complexity of working on WebKit, and
      add useless conversions in the bindings. It also cause some code bloat.
      
      The performance advantages of UString have been ported over in previous patches. This patch
      is the last step: getting rid of UString.
      
      In addition to the simplified code, this also reduce the binary size by 15kb on x86_64.
      
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::ustring):
      * runtime/Identifier.h:
      (JSC::Identifier::ustring):
      To avoid changing everything at once, the function named ustring() were kept as is. They
      will be renamed in a follow up patch.
      
      * runtime/JSString.h:
      (JSC::JSString::string):
      (JSC::JSValue::toWTFString):
      (JSC::inlineJSValueNotStringtoString):
      (JSC::JSValue::toWTFStringInline):
      Since JSValue::toString() already exist (and return the JSString), the direct accessor is renamed
      to ::toWTFString(). We may change ::string() to ::jsString() and ::toWTFString() to ::toString()
      in the future.
      
      * runtime/StringPrototype.cpp:
      (JSC::substituteBackreferencesSlow): Replace the use of UString::getCharacters<>() by String::getCharactersWithUpconvert<>().
      
      Source/WebCore: 
      
      Update the code to use String instead of UString.
      
      On x86_64, this reduces the binary size by 22kb.
      
      Since it is no longer possible to differenciate JSC::jsString() and WebCore::jsString() by the input
      types, WebCore::jsString() is renated to WebCore::jsStringWithCache().
      
      Since the cache is using a PtrHash, JSC::jsString() is used in place of the old WebCore::jsString() when
      the string is generated locally. This is because the cache can never match in those cases.
      
      Source/WebKit/blackberry: 
      
      Replace UString by String.
      
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      
      Source/WebKit/efl: 
      
      Replace UString by String.
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::sendWebIntentResponse):
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      
      Source/WebKit/gtk: 
      
      Replace UString by String.
      
      * gdom/ConvertToGCharPrivate.h:
      (copyAsGchar):
      
      Source/WebKit/mac: 
      
      Get rid of UString, replace it by String, and simplify the code when possible.
      
      On x86_64, this reduces the binary size by 7kb.
      
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame functionName]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.h:
      (WTF):
      (JSC):
      (WebScriptDebugger):
      * WebView/WebScriptDebugger.mm:
      (toNSURL):
      (WebScriptDebugger::sourceParsed):
      * WebView/WebView.mm:
      (aeDescFromJSValue):
      
      Source/WebKit/qt: 
      
      Replace UString by String.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      Source/WebKit/win: 
      
      Replace UString by String.
      
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      
      Source/WebKit/wx: 
      
      Update the #includes to use the correct types.
      
      * WebFrame.cpp:
      * WebView.cpp:
      
      Source/WebKit2: 
      
      Update to code to switch from UString to String.
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      
      Source/WTF: 
      
      * wtf/Platform.h: Useless edit to force a full build. This is needed for some bots for some reason.
      * wtf/text/WTFString.h: Export a symbol that was exported on UString and needed in WebCore.
      
      Add String::getCharactersWithUpconvert<>(), which is similar to String::getCharacters<>() but with the same
      behaviors as UString::getCharacters<>().
      
      String::getCharactersWithUpconvert<>() is useful when manipulating multiple strings, it allow writting code
      using 16bits characters if any of the input String is not 8bit.
      
      Tools: 
      
      Get rid of UString.
      
      * DumpRenderTree/efl/WorkQueueItemEfl.cpp:
      * gdb/webkit.py:
      (WTFStringPrinter.to_string):
      (JSCIdentifierPrinter.to_string):
      (JSCJSStringPrinter.to_string):
      (add_pretty_printers):
      
      Websites/webkit.org: 
      
      Update the coding style to avoid mentioning a class that no longer exist.
      
      * coding/coding-style.html:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127191 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cff06e46
  6. 29 Aug, 2012 1 commit
    • ggaren@apple.com's avatar
      Introduced JSWithScope, making all scope objects subclasses of JSScope · bc3ae3f9
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95295
      
      Reviewed by Filip Pizlo.
      
      This is a step toward removing ScopeChainNode. With a uniform representation
      for objects in the scope chain, we can move data from ScopeChainNode
      into JSScope.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri: Build!
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL): Use an explicit JSWithScope object
      for 'with' statements. Since 'with' can put any object in the scope
      chain, we'll need an adapter object to hold the data ScopeChainNode
      currently holds.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData): Support for JSWithScope.
      
      * runtime/JSScope.cpp:
      (JSC::JSScope::objectAtScope):
      * runtime/JSScope.h: Check for and unwrap JSWithScope.
      
      * runtime/JSType.h: Support for JSWithScope.
      
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation):
      * runtime/StrictEvalActivation.h:
      (StrictEvalActivation): Inherit from JSScope, to make the scope chain uniform.
      
      * runtime/JSWithScope.cpp: Added.
      (JSC::JSWithScope::visitChildren):
      * runtime/JSWithScope.h: Added.
      (JSWithScope):
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::object):
      (JSC::JSWithScope::createStructure):
      (JSC::JSWithScope::JSWithScope): New adapter object. Since this object
      is never exposed to scripts, it doesn't need any meaningful implementation
      of property access or other callbacks.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127010 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bc3ae3f9
  7. 28 Aug, 2012 1 commit
    • ggaren@apple.com's avatar
      Refactored and consolidated variable resolution functions · ce2b6674
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95166
      
      Reviewed by Filip Pizlo.
      
      This patch does a few things:
      
      (1) Introduces a new class, JSScope, which is the base class for all
      objects that represent a scope in the scope chain.
      
      (2) Refactors and consolidates duplicate implementations of variable
      resolution into the JSScope class.
      
      (3) Renames JSStaticScopeObject to JSNameScope because, as distinct from
      something like a 'let' scope, JSStaticScopeObject only has storage for a
      single name.
      
      These changes makes logical sense to me as-is. I will also use them in an
      upcoming optimization.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri: Build!
      
      * bytecode/CodeBlock.cpp:
      (JSC): Build fix for LLInt-only builds.
      
      * bytecode/GlobalResolveInfo.h:
      (GlobalResolveInfo): Use PropertyOffset to be consistent with other parts
      of the engine.
      
      * bytecompiler/NodesCodegen.cpp:
      * dfg/DFGOperations.cpp: Use the shared code in JSScope instead of rolling
      our own.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::createExceptionScope):
      (JSC::Interpreter::privateExecute):
      * interpreter/Interpreter.h: Use the shared code in JSScope instead of rolling
      our own.
      
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION): Use the shared code in JSScope instead of rolling
      our own.
      
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (LLInt): Use the shared code in JSScope instead of rolling our own. Note
      that one of these slow paths calls the wrong helper function. I left it
      that way to avoid a behavior change in a refactoring patch.
      
      * parser/Nodes.cpp: Updated for rename.
      
      * runtime/CommonSlowPaths.h:
      (CommonSlowPaths): Removed resolve slow paths because were duplicative.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData): Updated for renames.
      
      * runtime/JSNameScope.cpp: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.cpp.
      (JSC):
      (JSC::JSNameScope::visitChildren):
      (JSC::JSNameScope::toThisObject):
      (JSC::JSNameScope::put):
      (JSC::JSNameScope::getOwnPropertySlot):
      * runtime/JSNameScope.h: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.h.
      (JSC):
      (JSC::JSNameScope::create):
      (JSC::JSNameScope::createStructure):
      (JSNameScope):
      (JSC::JSNameScope::JSNameScope):
      (JSC::JSNameScope::isDynamicScope): Used do-webcore-rename script here.
      It is fabulous!
      
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::isNameScopeObject): More rename.
      
      * runtime/JSScope.cpp: Added.
      (JSC):
      (JSC::JSScope::isDynamicScope):
      (JSC::JSScope::resolve):
      (JSC::JSScope::resolveSkip):
      (JSC::JSScope::resolveGlobal):
      (JSC::JSScope::resolveGlobalDynamic):
      (JSC::JSScope::resolveBase):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      * runtime/JSScope.h: Added.
      (JSC):
      (JSScope):
      (JSC::JSScope::JSScope): All the code here is a port from the
      Interpreter.cpp implementations of this functionality.
      
      * runtime/JSStaticScopeObject.cpp: Removed.
      * runtime/JSStaticScopeObject.h: Removed.
      
      * runtime/JSSymbolTableObject.cpp:
      (JSC):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/JSType.h: Updated for rename.
      
      * runtime/Operations.h:
      (JSC::resolveBase): Removed because it was duplicative.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126893 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ce2b6674
  8. 25 Aug, 2012 1 commit
  9. 22 Aug, 2012 2 commits
    • fpizlo@apple.com's avatar
      Array accesses should remember what kind of array they are predicted to access · 7aed8d82
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=94448
      
      Reviewed by Gavin Barraclough.
      
      Introduced the notion of DFG::Array::Mode, stored in node.arrayMode(), which allows nodes
      to remember how they decided to access arrays. This permits the bytecode parser to "lock in"
      the mode of access if it has profiling at its disposal, and it also allows the prediction
      propagator to do a fixup of the array mode later in the optimization fixpoint.
              
      This patch adds a healthy amount of new capability (specifically the ability of the parser
      to lock in an array mode regardless of type predictions) and it also blows away a lot of
      messy code.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGArrayMode.cpp: Added.
      (DFG):
      (JSC::DFG::fromObserved):
      (JSC::DFG::refineArrayMode):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h: Added.
      (DFG):
      (JSC::DFG::canCSEStorage):
      (JSC::DFG::modeForPut):
      (JSC::DFG::modesCompatibleForStorageLoad):
      (JSC::DFG::modeSupportsLength):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getArrayModeWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getArrayMode):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::checkStructureLoadElimination):
      (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasArrayMode):
      (Node):
      (JSC::DFG::Node::arrayMode):
      (JSC::DFG::Node::setArrayMode):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
      (DFG):
      (JSC::DFG::SpeculativeJIT::speculateArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126387 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7aed8d82
    • mhahnenberg@apple.com's avatar
      Separate MarkStackThreadSharedData from MarkStack · 20f21f37
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=94294
      
      Reviewed by Filip Pizlo.
      
      MarkStackThreadSharedData is soon going to have data to allow for a parallel copying
      mode too, so to separate our concerns we should split it out into its own set of files
      and rename it to GCThreadSharedData. For now this is purely a cosmetic refactoring.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * heap/GCThreadSharedData.cpp: Added.
      (JSC):
      (JSC::GCThreadSharedData::resetChildren):
      (JSC::GCThreadSharedData::childVisitCount):
      (JSC::GCThreadSharedData::markingThreadMain):
      (JSC::GCThreadSharedData::markingThreadStartFunc):
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::~GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      * heap/GCThreadSharedData.h: Added.
      (JSC):
      (GCThreadSharedData):
      * heap/Heap.h:
      (Heap):
      * heap/ListableHandler.h:
      (ListableHandler):
      * heap/MarkStack.cpp:
      (JSC::MarkStack::MarkStack):
      (JSC::MarkStack::~MarkStack):
      * heap/MarkStack.h:
      (JSC):
      (MarkStack):
      (JSC::MarkStack::sharedData):
      * heap/MarkStackInlineMethods.h: Added.
      (JSC):
      (JSC::MarkStack::append):
      (JSC::MarkStack::appendUnbarrieredPointer):
      (JSC::MarkStack::appendUnbarrieredValue):
      (JSC::MarkStack::internalAppend):
      (JSC::MarkStack::addWeakReferenceHarvester):
      (JSC::MarkStack::addUnconditionalFinalizer):
      (JSC::MarkStack::addOpaqueRoot):
      (JSC::MarkStack::containsOpaqueRoot):
      (JSC::MarkStack::opaqueRootCount):
      * heap/SlotVisitor.h:
      (JSC):
      (SlotVisitor):
      (JSC::SlotVisitor::SlotVisitor):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126354 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      20f21f37
  10. 21 Aug, 2012 1 commit
    • commit-queue@webkit.org's avatar
      Introducing the VMInspector for VM debugging use. · a22c4cd4
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=94613.
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-08-21
      Reviewed by Filip Pizlo.
      
      Adding some utility functions for debugging the VM. This code is
      presently #ifdef'd out by default.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * interpreter/CallFrame.h:
      (ExecState):
      * interpreter/VMInspector.cpp: Added.
      (JSC):
      (JSC::VMInspector::getTypeName):
      (JSC::VMInspector::dumpFrame0):
      (JSC::VMInspector::dumpFrame):
      (JSC::VMInspector::countFrames):
      * interpreter/VMInspector.h: Added.
      (JSC):
      (VMInspector):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126228 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a22c4cd4
  11. 14 Aug, 2012 1 commit
    • fpizlo@apple.com's avatar
      Array checks should use the structure, not the class info · f24804c6
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=93150
      
      Reviewed by Mark Hahnenberg.
      
      This changes all array checks used in array accesses (get, put, get length,
      push, pop) to use the structure, not the class info. Additionally, these
      checks in the LLInt and baseline JIT record the structure in an ArrayProfile,
      so that the DFG can know exactly what structure to check for.
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.cpp: Added.
      (JSC):
      (JSC::ArrayProfile::computeUpdatedPrediction):
      * bytecode/ArrayProfile.h: Added.
      (JSC):
      (JSC::arrayModeFromStructure):
      (ArrayProfile):
      (JSC::ArrayProfile::ArrayProfile):
      (JSC::ArrayProfile::bytecodeOffset):
      (JSC::ArrayProfile::addressOfLastSeenStructure):
      (JSC::ArrayProfile::observeStructure):
      (JSC::ArrayProfile::expectedStructure):
      (JSC::ArrayProfile::structureIsPolymorphic):
      (JSC::ArrayProfile::hasDefiniteStructure):
      (JSC::ArrayProfile::observedArrayModes):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::getArrayProfile):
      (JSC):
      (JSC::CodeBlock::getOrAddArrayProfile):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::executionEntryCount):
      (JSC::CodeBlock::numberOfArrayProfiles):
      (JSC::CodeBlock::arrayProfiles):
      (JSC::CodeBlock::addArrayProfile):
      (CodeBlock):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::emitGetByVal):
      (JSC::BytecodeGenerator::emitPutByVal):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::StructureAbstractValue::hasSingleton):
      (StructureAbstractValue):
      (JSC::DFG::StructureAbstractValue::singleton):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::speculateArray):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::classInfoOffset):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125637 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f24804c6
  12. 01 Aug, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should hoist structure checks · caa68812
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=92696
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
      
      This hoists structure checks in the same way that we would hoist array checks, but with added
      complexity to cope with the fact that the structure of an object may change. This is handled
      by performing a side effects analysis over the region in which the respective variable is
      live. If a structure clobbering side effect may happen then we either hoist the structure
      checks and fall back on structure transition watchpoints (if the watchpoint set is still
      valid), or we avoid hoisting altogether.
              
      Doing this required teaching the CFA that we may have an expectation that an object has a
      particular structure even after structure clobbering happens, in the sense that structure
      proofs that were cobbered can be revived using watchpoints. CFA must know about this so that
      OSR entry may know about it, since we cannot allow entry to happen if the variable has a
      clobbered structure proof, will have a watchpoint to revive the proof, and the variable in
      the baseline JIT has a completely unrelated structure.
              
      This is mostly performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::isSet):
      (JSC::ValueRecovery::operator!):
      (ValueRecovery):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberWorld):
      (DFG):
      (JSC::DFG::AbstractState::clobberCapturedVars):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::clear):
      (JSC::DFG::AbstractValue::isClear):
      (JSC::DFG::AbstractValue::makeTop):
      (JSC::DFG::AbstractValue::isTop):
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::operator==):
      (JSC::DFG::AbstractValue::merge):
      (JSC::DFG::AbstractValue::filter):
      (JSC::DFG::AbstractValue::validate):
      (JSC::DFG::AbstractValue::validateForEntry):
      (AbstractValue):
      (JSC::DFG::AbstractValue::checkConsistency):
      (JSC::DFG::AbstractValue::dump):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::fixVariableAccessSpeculations):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::checkStructureLoadElimination):
      (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::vote):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
      (Node):
      (JSC::DFG::Node::hasStructureSet):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (PredictionPropagationPhase):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::speculationCheckWithConditionalDirection):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (JSC::DFG::SpeculateCellOperand::gpr):
      (SpeculateCellOperand):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp: Added.
      (DFG):
      (StructureCheckHoistingPhase):
      (JSC::DFG::StructureCheckHoistingPhase::StructureCheckHoistingPhase):
      (JSC::DFG::StructureCheckHoistingPhase::run):
      (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
      (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
      (JSC::DFG::StructureCheckHoistingPhase::clobber):
      (CheckData):
      (JSC::DFG::StructureCheckHoistingPhase::CheckData::CheckData):
      (JSC::DFG::performStructureCheckHoisting):
      * dfg/DFGStructureCheckHoistingPhase.h: Added.
      (DFG):
      * dfg/DFGVariableAccessData.h:
      (VariableAccessData):
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (JSC::DFG::VariableAccessData::mergeStructureCheckHoistingFailed):
      (JSC::DFG::VariableAccessData::structureCheckHoistingFailed):
      (JSC::DFG::VariableAccessData::clearVotes):
      (JSC::DFG::VariableAccessData::vote):
      (JSC::DFG::VariableAccessData::voteRatio):
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      * runtime/Options.h:
      (JSC):
      
      LayoutTests: 
      
      Rubber stamped by Gavin Barraclough.
      
      Added a new test that covers the following scenarios:
              
      - OSR entry if a variable with a hoisted check has an unexpected structure, structures get clobbered, and
        we're protecting ourselves with structure transition watchpoints.
              
      - OSR exit on hoisted structure checks, if the object doesn't have the expected structure, and where the
        source of the assignment is side-effecting.
              
      I combined these into a single test because there is no way to test the latter without testing the former.
      
      * fast/js/dfg-osr-entry-hoisted-clobbered-structure-check-expected.txt: Added.
      * fast/js/dfg-osr-entry-hoisted-clobbered-structure-check.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-osr-entry-hoisted-clobbered-structure-check.js: Added.
      (foo):
      (bar):
      (baz):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124404 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      caa68812
  13. 13 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG property access stubs should use structure transition watchpoints · cf716121
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91135
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      This adds a Watchpoint subclass that will clear a structure stub (i.e.
      a property access stub) when fired. The DFG stub generation code now
      uses this optimization.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::resetStub):
      (JSC::CodeBlock::resetStubInternal):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      * bytecode/StructureStubClearingWatchpoint.cpp: Added.
      (JSC):
      (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
      (JSC::StructureStubClearingWatchpoint::push):
      (JSC::StructureStubClearingWatchpoint::fireInternal):
      (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
      (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
      (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
      * bytecode/StructureStubClearingWatchpoint.h: Added.
      (JSC):
      (StructureStubClearingWatchpoint):
      (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
      (WatchpointsOnStructureStubInfo):
      (JSC::WatchpointsOnStructureStubInfo::WatchpointsOnStructureStubInfo):
      (JSC::WatchpointsOnStructureStubInfo::codeBlock):
      (JSC::WatchpointsOnStructureStubInfo::stubInfo):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::reset):
      (JSC::StructureStubInfo::addWatchpoint):
      (StructureStubInfo):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::addStructureTransitionCheck):
      (DFG):
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::emitPutTransitionStub):
      * jit/JumpReplacementWatchpoint.h:
      
      LayoutTests: 
      
      * fast/js/dfg-proto-stub-watchpoint-fire-expected.txt: Added.
      * fast/js/dfg-proto-stub-watchpoint-fire.html: Added.
      * fast/js/script-tests/dfg-proto-stub-watchpoint-fire.js: Added.
      (A):
      (B):
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@122544 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cf716121
  14. 11 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      Watchpoints and jump replacement should be decoupled · 3d949155
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91016
      
      Reviewed by Oliver Hunt.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (Label):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendWatchpoint):
      (JSC::CodeBlock::watchpoint):
      (DFGData):
      * bytecode/Watchpoint.cpp:
      (JSC):
      * bytecode/Watchpoint.h:
      (JSC::Watchpoint::Watchpoint):
      (Watchpoint):
      (JSC::Watchpoint::fire):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      * jit/JumpReplacementWatchpoint.cpp: Added.
      (JSC):
      (JSC::JumpReplacementWatchpoint::correctLabels):
      (JSC::JumpReplacementWatchpoint::fireInternal):
      * jit/JumpReplacementWatchpoint.h: Added.
      (JSC):
      (JumpReplacementWatchpoint):
      (JSC::JumpReplacementWatchpoint::JumpReplacementWatchpoint):
      (JSC::JumpReplacementWatchpoint::setDestination):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@122385 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3d949155
  15. 09 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      It should be possible to jettison JIT stub routines even if they are currently running · 746b8c5b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90731
      
      Reviewed by Gavin Barraclough.
              
      This gives the GC awareness of all JIT-generated stubs for inline caches. That
      means that if you want to delete a JIT-generated stub, you don't have to worry
      about whether or not it is currently running: if there is a chance that it might
      be, the GC will kindly defer deletion until non-running-ness is proved.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/Instruction.h:
      (JSC):
      (PolymorphicStubInfo):
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.cpp:
      (JSC::PutByIdAccess::fromStructureStubInfo):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      (JSC::PutByIdAccess::stubRoutine):
      (PutByIdAccess):
      (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::reset):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      * heap/ConservativeRoots.cpp:
      (JSC):
      (DummyMarkHook):
      (JSC::DummyMarkHook::mark):
      (JSC::ConservativeRoots::add):
      (CompositeMarkHook):
      (JSC::CompositeMarkHook::CompositeMarkHook):
      (JSC::CompositeMarkHook::mark):
      * heap/ConservativeRoots.h:
      (JSC):
      (ConservativeRoots):
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      (JSC):
      (Heap):
      * heap/JITStubRoutineSet.cpp: Added.
      (JSC):
      (JSC::JITStubRoutineSet::JITStubRoutineSet):
      (JSC::JITStubRoutineSet::~JITStubRoutineSet):
      (JSC::JITStubRoutineSet::add):
      (JSC::JITStubRoutineSet::clearMarks):
      (JSC::JITStubRoutineSet::markSlow):
      (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
      (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
      * heap/JITStubRoutineSet.h: Added.
      (JSC):
      (JITStubRoutineSet):
      (JSC::JITStubRoutineSet::mark):
      * heap/MachineStackMarker.h:
      (JSC):
      * interpreter/RegisterFile.cpp:
      (JSC::RegisterFile::gatherConservativeRoots):
      * interpreter/RegisterFile.h:
      (JSC):
      * jit/ExecutableAllocator.cpp:
      (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC):
      (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
      * jit/GCAwareJITStubRoutine.cpp: Added.
      (JSC):
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::~GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
      (JSC::GCAwareJITStubRoutine::deleteFromGC):
      (JSC::GCAwareJITStubRoutine::markRequiredObjectsInternal):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::~MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::markRequiredObjectsInternal):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h: Added.
      (JSC):
      (GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::markRequiredObjects):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubRoutine.cpp: Added.
      (JSC):
      (JSC::JITStubRoutine::~JITStubRoutine):
      (JSC::JITStubRoutine::observeZeroRefCount):
      * jit/JITStubRoutine.h: Added.
      (JSC):
      (JITStubRoutine):
      (JSC::JITStubRoutine::JITStubRoutine):
      (JSC::JITStubRoutine::createSelfManagedRoutine):
      (JSC::JITStubRoutine::code):
      (JSC::JITStubRoutine::asCodePtr):
      (JSC::JITStubRoutine::ref):
      (JSC::JITStubRoutine::deref):
      (JSC::JITStubRoutine::startAddress):
      (JSC::JITStubRoutine::endAddress):
      (JSC::JITStubRoutine::addressStep):
      (JSC::JITStubRoutine::canPerformRangeFilter):
      (JSC::JITStubRoutine::filteringStartAddress):
      (JSC::JITStubRoutine::filteringExtentSize):
      (JSC::JITStubRoutine::passesFilter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@122166 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      746b8c5b
  16. 02 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit value recoveries should be computed lazily · 8618e4ba
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=82155
      
      Reviewed by Gavin Barraclough.
              
      This change aims to reduce one aspect of DFG compile times: the fact
      that we currently compute the value recoveries for each local and
      argument on every speculation check. We compile many speculation checks,
      so this can add up quick. The strategy that this change takes is to
      have the DFG save just enough information about how the compiler is
      choosing to represent state, that the DFG::OSRExitCompiler can reify
      the value recoveries lazily.
              
      This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
              
      I also took the opportunity to fix the sampling regions profiler (it
      was missing an export macro) and to put in more sampling regions in
      the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
      false).
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::shrinkDFGDataToFit):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::minifiedDFG):
      (JSC::CodeBlock::variableEventStream):
      (DFGData):
      * bytecode/Operands.h:
      (JSC::Operands::hasOperand):
      (Operands):
      (JSC::Operands::size):
      (JSC::Operands::at):
      (JSC::Operands::operator[]):
      (JSC::Operands::isArgument):
      (JSC::Operands::isVariable):
      (JSC::Operands::argumentForIndex):
      (JSC::Operands::variableForIndex):
      (JSC::Operands::operandForIndex):
      (JSC):
      (JSC::dumpOperands):
      * bytecode/SamplingTool.h:
      (SamplingRegion):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::performCFA):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::performCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::performFixup):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::GenerationInfo):
      (JSC::DFG::GenerationInfo::initConstant):
      (JSC::DFG::GenerationInfo::initInteger):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initCell):
      (JSC::DFG::GenerationInfo::initBoolean):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::initStorage):
      (GenerationInfo):
      (JSC::DFG::GenerationInfo::noticeOSRBirth):
      (JSC::DFG::GenerationInfo::use):
      (JSC::DFG::GenerationInfo::spill):
      (JSC::DFG::GenerationInfo::setSpilled):
      (JSC::DFG::GenerationInfo::fillJSValue):
      (JSC::DFG::GenerationInfo::fillCell):
      (JSC::DFG::GenerationInfo::fillInteger):
      (JSC::DFG::GenerationInfo::fillBoolean):
      (JSC::DFG::GenerationInfo::fillDouble):
      (JSC::DFG::GenerationInfo::fillStorage):
      (JSC::DFG::GenerationInfo::appendFill):
      (JSC::DFG::GenerationInfo::appendSpill):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGMinifiedGraph.h: Added.
      (DFG):
      (MinifiedGraph):
      (JSC::DFG::MinifiedGraph::MinifiedGraph):
      (JSC::DFG::MinifiedGraph::at):
      (JSC::DFG::MinifiedGraph::append):
      (JSC::DFG::MinifiedGraph::prepareAndShrink):
      (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
      (JSC::DFG::MinifiedGraph::originalGraphSize):
      * dfg/DFGMinifiedNode.cpp: Added.
      (DFG):
      (JSC::DFG::MinifiedNode::fromNode):
      * dfg/DFGMinifiedNode.h: Added.
      (DFG):
      (JSC::DFG::belongsInMinifiedGraph):
      (MinifiedNode):
      (JSC::DFG::MinifiedNode::MinifiedNode):
      (JSC::DFG::MinifiedNode::index):
      (JSC::DFG::MinifiedNode::op):
      (JSC::DFG::MinifiedNode::hasChild1):
      (JSC::DFG::MinifiedNode::child1):
      (JSC::DFG::MinifiedNode::hasConstant):
      (JSC::DFG::MinifiedNode::hasConstantNumber):
      (JSC::DFG::MinifiedNode::constantNumber):
      (JSC::DFG::MinifiedNode::hasWeakConstant):
      (JSC::DFG::MinifiedNode::weakConstant):
      (JSC::DFG::MinifiedNode::getIndex):
      (JSC::DFG::MinifiedNode::compareByNodeIndex):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (Node):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler.h:
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::performPredictionPropagation):
      * dfg/DFGRedundantPhiEliminationPhase.cpp:
      (JSC::DFG::performRedundantPhiElimination):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (DFG):
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (DFG):
      (JSC::DFG::SpeculativeJIT::use):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::spill):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValueRecoveryOverride.h: Added.
      (DFG):
      (ValueRecoveryOverride):
      (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
      * dfg/DFGValueSource.cpp: Added.
      (DFG):
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h: Added.
      (DFG):
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::isInRegisterFile):
      (ValueSource):
      (JSC::DFG::ValueSource::ValueSource):
      (JSC::DFG::ValueSource::forPrediction):
      (JSC::DFG::ValueSource::forDataFormat):
      (JSC::DFG::ValueSource::isSet):
      (JSC::DFG::ValueSource::kind):
      (JSC::DFG::ValueSource::isInRegisterFile):
      (JSC::DFG::ValueSource::dataFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      (JSC::DFG::ValueSource::nodeIndex):
      (JSC::DFG::ValueSource::nodeIndexFromKind):
      (JSC::DFG::ValueSource::kindFromNodeIndex):
      * dfg/DFGVariableEvent.cpp: Added.
      (DFG):
      (JSC::DFG::VariableEvent::dump):
      (JSC::DFG::VariableEvent::dumpFillInfo):
      (JSC::DFG::VariableEvent::dumpSpillInfo):
      * dfg/DFGVariableEvent.h: Added.
      (DFG):
      (VariableEvent):
      (JSC::DFG::VariableEvent::VariableEvent):
      (JSC::DFG::VariableEvent::reset):
      (JSC::DFG::VariableEvent::fillGPR):
      (JSC::DFG::VariableEvent::fillPair):
      (JSC::DFG::VariableEvent::fillFPR):
      (JSC::DFG::VariableEvent::spill):
      (JSC::DFG::VariableEvent::death):
      (JSC::DFG::VariableEvent::setLocal):
      (JSC::DFG::VariableEvent::movHint):
      (JSC::DFG::VariableEvent::kind):
      (JSC::DFG::VariableEvent::nodeIndex):
      (JSC::DFG::VariableEvent::dataFormat):
      (JSC::DFG::VariableEvent::gpr):
      (JSC::DFG::VariableEvent::tagGPR):
      (JSC::DFG::VariableEvent::payloadGPR):
      (JSC::DFG::VariableEvent::fpr):
      (JSC::DFG::VariableEvent::virtualRegister):
      (JSC::DFG::VariableEvent::operand):
      (JSC::DFG::VariableEvent::variableRepresentation):
      * dfg/DFGVariableEventStream.cpp: Added.
      (DFG):
      (JSC::DFG::VariableEventStream::logEvent):
      (MinifiedGenerationInfo):
      (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
      (JSC::DFG::MinifiedGenerationInfo::update):
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVariableEventStream.h: Added.
      (DFG):
      (VariableEventStream):
      (JSC::DFG::VariableEventStream::appendAndLog):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::performVirtualRegisterAllocation):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121717 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8618e4ba
  17. 20 Jun, 2012 2 commits
    • fpizlo@apple.com's avatar
      DFG should optimize ResolveGlobal · 3bcb211b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89617
      
      Reviewed by Oliver Hunt.
              
      This adds inlining of ResolveGlobal accesses that are known monomorphic. It also
      adds the specific function optimization to ResolveGlobal, when it is inlined. And,
      it makes internal functions act like specific functions, since that will be the
      most common use-case of this optimization.
              
      This is only a slighy speed-up (sub 1%), since we don't yet do the obvious thing
      with this optimization, which is to completely inline common "globally resolved"
      function and constructor calls, like "new Array()".
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::globalResolveInfoForBytecodeOffset):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::numberOfGlobalResolveInfos):
      * bytecode/GlobalResolveInfo.h:
      (JSC::getGlobalResolveInfoBytecodeOffset):
      (JSC):
      * bytecode/ResolveGlobalStatus.cpp: Added.
      (JSC):
      (JSC::computeForStructure):
      (JSC::computeForLLInt):
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ResolveGlobalStatus.h: Added.
      (JSC):
      (ResolveGlobalStatus):
      (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
      (JSC::ResolveGlobalStatus::state):
      (JSC::ResolveGlobalStatus::isSet):
      (JSC::ResolveGlobalStatus::operator!):
      (JSC::ResolveGlobalStatus::isSimple):
      (JSC::ResolveGlobalStatus::takesSlowPath):
      (JSC::ResolveGlobalStatus::structure):
      (JSC::ResolveGlobalStatus::offset):
      (JSC::ResolveGlobalStatus::specificValue):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (DFG):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * runtime/JSObject.cpp:
      (JSC::getCallableObjectSlow):
      (JSC):
      (JSC::JSObject::put):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::putDirectAccessor):
      * runtime/JSObject.h:
      (JSC):
      (JSC::getCallableObject):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectWithoutTransition):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120897 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3bcb211b
    • fpizlo@apple.com's avatar
      DFG should be able to print disassembly interleaved with the IR · 3d517670
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89551
      
      Reviewed by Geoffrey Garen.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::labelIgnoringWatchpoints):
      (ARMv7Assembler):
      * assembler/AbstractMacroAssembler.h:
      (AbstractMacroAssembler):
      (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
      * assembler/X86Assembler.h:
      (X86Assembler):
      (JSC::X86Assembler::labelIgnoringWatchpoints):
      * dfg/DFGCommon.h:
      (JSC::DFG::shouldShowDisassembly):
      (DFG):
      * dfg/DFGDisassembler.cpp: Added.
      (DFG):
      (JSC::DFG::Disassembler::Disassembler):
      (JSC::DFG::Disassembler::dump):
      (JSC::DFG::Disassembler::dumpDisassembly):
      * dfg/DFGDisassembler.h: Added.
      (DFG):
      (Disassembler):
      (JSC::DFG::Disassembler::setStartOfCode):
      (JSC::DFG::Disassembler::setForBlock):
      (JSC::DFG::Disassembler::setForNode):
      (JSC::DFG::Disassembler::setEndOfMainPath):
      (JSC::DFG::Disassembler::setEndOfCode):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::amountOfNodeWhiteSpace):
      (DFG):
      (JSC::DFG::Graph::printNodeWhiteSpace):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (DFG):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      (JSC::DFG::JITCompiler::setStartOfCode):
      (JSC::DFG::JITCompiler::setForBlock):
      (JSC::DFG::JITCompiler::setForNode):
      (JSC::DFG::JITCompiler::setEndOfMainPath):
      (JSC::DFG::JITCompiler::setEndOfCode):
      * dfg/DFGNode.h:
      (Node):
      (JSC::DFG::Node::willHaveCodeGen):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::nodeFlagsAsString):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120834 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3d517670
  18. 19 Jun, 2012 3 commits
    • fpizlo@apple.com's avatar
      JSC should be able to show disassembly for all generated JIT code · 2adf527e
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89536
      
      Reviewed by Gavin Barraclough.
              
      Now instead of doing linkBuffer.finalizeCode(), you do
      FINALIZE_CODE(linkBuffer, (... explanation ...)). FINALIZE_CODE() then
      prints your explanation and the disassembled code, if
      Options::showDisassembly is set to true.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.cpp: Added.
      (JSC):
      (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      (JSC::LinkBuffer::linkCode):
      (JSC::LinkBuffer::performFinalization):
      (JSC::LinkBuffer::dumpLinkStatistics):
      (JSC::LinkBuffer::dumpCode):
      * assembler/LinkBuffer.h:
      (LinkBuffer):
      (JSC):
      * assembler/MacroAssemblerCodeRef.h:
      (JSC::MacroAssemblerCodeRef::tryToDisassemble):
      (MacroAssemblerCodeRef):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      * disassembler/Disassembler.h:
      (JSC):
      (JSC::tryToDisassemble):
      * disassembler/UDis86Disassembler.cpp:
      (JSC::tryToDisassemble):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::tryToDisassemble):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * yarr/YarrJIT.cpp:
      (JSC::Yarr::YarrGenerator::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120786 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2adf527e
    • fpizlo@apple.com's avatar
      It should be possible to look at disassembly · 01c2a197
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89319
      
      Source/JavaScriptCore: 
      
      Reviewed by Sam Weinig.
              
      This imports the udis86 disassembler library. The library is placed
      behind an abstraction in disassembler/Disassembler.h, so that we can
      in the future use other disassemblers (for other platforms) whenever
      appropriate. As a first step, the disassembler is being invoked for
      DFG verbose dumps.
              
      If we ever want to merge a new version of udis86 in the future, I've
      made notes about changes I made to the library in
      disassembler/udis86/differences.txt.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * disassembler: Added.
      * disassembler/Disassembler.h: Added.
      (JSC):
      (JSC::tryToDisassemble):
      * disassembler/UDis86Disassembler.cpp: Added.
      (JSC):
      (JSC::tryToDisassemble):
      * disassembler/udis86: Added.
      * disassembler/udis86/differences.txt: Added.
      * disassembler/udis86/itab.py: Added.
      (UdItabGenerator):
      (UdItabGenerator.__init__):
      (UdItabGenerator.toGroupId):
      (UdItabGenerator.genLookupTable):
      (UdItabGenerator.genLookupTableList):
      (UdItabGenerator.genInsnTable):
      (genItabH):
      (genItabH.UD_ITAB_H):
      (genItabC):
      (genItab):
      (main):
      * disassembler/udis86/optable.xml: Added.
      * disassembler/udis86/ud_opcode.py: Added.
      (UdOpcodeTables):
      (UdOpcodeTables.sizeOfTable):
      (UdOpcodeTables.nameOfTable):
      (UdOpcodeTables.updateTable):
      (UdOpcodeTables.Insn):
      (UdOpcodeTables.Insn.__init__):
      (UdOpcodeTables.Insn.__init__.opcode):
      (UdOpcodeTables.parse):
      (UdOpcodeTables.addInsnDef):
      (UdOpcodeTables.print_table):
      (UdOpcodeTables.print_tree):
      * disassembler/udis86/ud_optable.py: Added.
      (UdOptableXmlParser):
      (UdOptableXmlParser.parseDef):
      (UdOptableXmlParser.parse):
      (printFn):
      (parse):
      (main):
      * disassembler/udis86/udis86.c: Added.
      (ud_init):
      (ud_disassemble):
      (ud_set_mode):
      (ud_set_vendor):
      (ud_set_pc):
      (ud):
      (ud_insn_asm):
      (ud_insn_off):
      (ud_insn_hex):
      (ud_insn_ptr):
      (ud_insn_len):
      * disassembler/udis86/udis86.h: Added.
      * disassembler/udis86/udis86_decode.c: Added.
      (eff_adr_mode):
      (ud_lookup_mnemonic):
      (decode_prefixes):
      (modrm):
      (resolve_operand_size):
      (resolve_mnemonic):
      (decode_a):
      (decode_gpr):
      (resolve_gpr64):
      (resolve_gpr32):
      (resolve_reg):
      (decode_imm):
      (decode_modrm_reg):
      (decode_modrm_rm):
      (decode_o):
      (decode_operand):
      (decode_operands):
      (clear_insn):
      (resolve_mode):
      (gen_hex):
      (decode_insn):
      (decode_3dnow):
      (decode_ssepfx):
      (decode_ext):
      (decode_opcode):
      (ud_decode):
      * disassembler/udis86/udis86_decode.h: Added.
      (ud_itab_entry_operand):
      (ud_itab_entry):
      (ud_lookup_table_list_entry):
      (sse_pfx_idx):
      (mode_idx):
      (modrm_mod_idx):
      (vendor_idx):
      (is_group_ptr):
      (group_idx):
      * disassembler/udis86/udis86_extern.h: Added.
      * disassembler/udis86/udis86_input.c: Added.
      (inp_buff_hook):
      (inp_file_hook):
      (ud):
      (ud_set_user_opaque_data):
      (ud_get_user_opaque_data):
      (ud_set_input_buffer):
      (ud_set_input_file):
      (ud_input_skip):
      (ud_input_end):
      (ud_inp_next):
      (ud_inp_back):
      (ud_inp_peek):
      (ud_inp_move):
      (ud_inp_uint8):
      (ud_inp_uint16):
      (ud_inp_uint32):
      (ud_inp_uint64):
      * disassembler/udis86/udis86_input.h: Added.
      * disassembler/udis86/udis86_itab_holder.c: Added.
      * disassembler/udis86/udis86_syn-att.c: Added.
      (opr_cast):
      (gen_operand):
      (ud_translate_att):
      * disassembler/udis86/udis86_syn-intel.c: Added.
      (opr_cast):
      (gen_operand):
      (ud_translate_intel):
      * disassembler/udis86/udis86_syn.c: Added.
      * disassembler/udis86/udis86_syn.h: Added.
      (mkasm):
      * disassembler/udis86/udis86_types.h: Added.
      (ud_operand):
      (ud):
      * jit/JITCode.h:
      (JITCode):
      (JSC::JITCode::tryToDisassemble):
      
      Source/WebCore: 
      
      Reviewed by Sam Weinig.
              
      Just fixing EFL's build system now that JSC has a new directory.
      
      * CMakeLists.txt:
      
      Source/WTF: 
      
      Reviewed by Sam Weinig.
              
      Made changes to Assertions.h to make it friendly to C code again.
              
      Added ENABLE(DISASSEMBLER) and USE(UDIS86) logic to Platform.h.
      
      * wtf/Assertions.h:
      * wtf/Platform.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120745 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      01c2a197
    • mhahnenberg@apple.com's avatar
      GCActivityCallback and IncrementalSweeper should share code · a7ec41bc
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89400
      
      Reviewed by Geoffrey Garen.
      
      A lot of functionality is duplicated between GCActivityCallback and IncrementalSweeper.
      We should extract the common functionality out into a separate class that both of them
      can inherit from. This refactoring will be an even greater boon when we add the ability
      to shut these two agents down in a thread-safe fashion
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * heap/Heap.cpp:
      (JSC::Heap::Heap): Move initialization down so that the JSGlobalData has a valid Heap when
      we're initializing the GCActivityCallback and the IncrementalSweeper.
      * heap/Heap.h:
      (Heap):
      * heap/HeapTimer.cpp: Added.
      (JSC):
      (JSC::HeapTimer::HeapTimer): Initialize the various base class data that
      DefaultGCActivityCallback::commonConstructor() used to do.
      (JSC::HeapTimer::~HeapTimer): Call to invalidate().
      (JSC::HeapTimer::synchronize): Same functionality as the old DefaultGCActivityCallback::synchronize().
      Virtual so that non-CF subclasses can override.
      (JSC::HeapTimer::invalidate): Tears down the runloop timer to prevent any future firing.
      (JSC::HeapTimer::timerDidFire): Callback to pass to the timer function. Casts and calls the virtual doWork().
      * heap/HeapTimer.h: Added. This is the class that serves as the common base class for
      both GCActivityCallback and IncrementalSweeper. It handles setting up and tearing down run loops and synchronizing
      across threads for its subclasses.
      (JSC):
      (HeapTimer):
      * heap/IncrementalSweeper.cpp: Changes to accomodate the extraction of common functionality
      between IncrementalSweeper and GCActivityCallback into a common ancestor.
      (JSC):
      (JSC::IncrementalSweeper::doWork):
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::cancelTimer):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      * runtime/GCActivityCallback.h:
      (GCActivityCallback):
      (JSC::GCActivityCallback::willCollect):
      (JSC::GCActivityCallback::GCActivityCallback):
      (JSC):
      (DefaultGCActivityCallback): Remove the platform data struct. The platform data should be kept in
      the class itself so as to be accessible by doWork(). Most of the platform data for CF is kept in
      HeapTimer anyways, so we only need the m_delay field now.
      * runtime/GCActivityCallbackBlackBerry.cpp:
      (JSC):
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GCActivityCallbackCF.cpp:
      (JSC):
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::scheduleTimer):
      (JSC::DefaultGCActivityCallback::cancelTimer):
      (JSC::DefaultGCActivityCallback::didAllocate):
      (JSC::DefaultGCActivityCallback::willCollect):
      (JSC::DefaultGCActivityCallback::cancel):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a7ec41bc
  19. 13 Jun, 2012 3 commits
    • fpizlo@apple.com's avatar
      DFG should be able to set watchpoints on global variables · b75911b2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88692
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Rolling back in after fixing Windows build issues, and implementing
      branchTest8 for the Qt port's strange assemblers.
              
      This implements global variable constant folding by allowing the optimizing
      compiler to set a "watchpoint" on globals that it wishes to constant fold.
      If the watchpoint fires, then an OSR exit is forced by overwriting the
      machine code that the optimizing compiler generated with a jump.
              
      As such, this patch is adding quite a bit of stuff:
              
      - Jump replacement on those hardware targets supported by the optimizing
        JIT. It is now possible to patch in a jump instruction over any recorded
        watchpoint label. The jump must be "local" in the sense that it must be
        within the range of the largest jump distance supported by a one
        instruction jump.
                
      - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
        that records the location where a jump must be inserted and the
        destination to which it should jump. Watchpoints can be added to a
        WatchpointSet. The WatchpointSet can be fired all at once, which plants
        all jumps. WatchpointSet also remembers if it had ever been invalidated,
        which allows for monotonicity: we typically don't want to optimize using
        watchpoints on something for which watchpoints had previously fired. The
        act of notifying a WatchpointSet has a trivial fast path in case no
        Watchpoints are registered (one-byte load+branch).
              
      - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
        except that you don't have to emit branches. But, you need to know what
        WatchpointSet to add the resulting Watchpoint to. Not everything that
        you could write a speculationCheck() for will have a WatchpointSet that
        would get notified if the condition you were speculating against became
        invalid.
                
      - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
        do so without incurring any space overhead for those entries that don't
        have WatchpointSets.
                
      - The bytecode generator infers all global function variables to be
        watchable, and makes all stores perform the WatchpointSet's write check,
        and marks all loads as being potentially watchable (i.e. you can compile
        them to a watchpoint and a constant).
              
      Put together, this allows for fully sleazy inlining of calls to globally
      declared functions. The inline prologue will no longer contain the load of
      the function, or any checks of the function you're calling. I.e. it's
      pretty much like the kind of inlining you would see in Java or C++.
      Furthermore, the watchpointing functionality is built to be fairly general,
      and should allow setting watchpoints on all sorts of interesting things
      in the future.
              
      The sleazy inlining means that we will now sometimes inline in code paths
      that have never executed. Previously, to inline we would have either had
      to have executed the call (to read the call's inline cache) or have
      executed the method check (to read the method check's inline cache). Now,
      we might inline when the callee is a watched global variable. This
      revealed some humorous bugs. First, constant folding disagreed with CFA
      over what kinds of operations can clobber (example: code path A is dead
      but stores a String into variable X, all other code paths store 0 into
      X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
      clobbering constant, but constant folding thought it was clobbering
      because it saw the String prediction). Second, inlining would crash if
      the inline callee had not been compiled. This patch fixes both bugs,
      since otherwise run-javascriptcore-tests would report regressions.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::ARMv7Assembler):
      (JSC::ARMv7Assembler::labelForWatchpoint):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::replaceWithJump):
      (JSC::ARMv7Assembler::maxJumpReplacementSize):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      (JSC::AbstractMacroAssembler::watchpointLabel):
      (JSC::AbstractMacroAssembler::readPointer):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::branchTest8):
      (MacroAssemblerARM):
      (JSC::MacroAssemblerARM::replaceWithJump):
      (JSC::MacroAssemblerARM::maxJumpReplacementSize):
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::load8Signed):
      (JSC::MacroAssemblerARMv7::load16Signed):
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::replaceWithJump):
      (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
      (JSC::MacroAssemblerARMv7::branchTest8):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::branchTest8):
      (MacroAssemblerMIPS):
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::branchTest8):
      (MacroAssemblerSH4):
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::branchTest8):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::replaceWithJump):
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::X86Assembler):
      (X86Assembler):
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::testb_im):
      (JSC::X86Assembler::labelForWatchpoint):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::replaceWithJump):
      (JSC::X86Assembler::maxJumpReplacementSize):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (CodeBlock):
      (JSC::CodeBlock::appendWatchpoint):
      (JSC::CodeBlock::numberOfWatchpoints):
      (JSC::CodeBlock::watchpoint):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeForChain):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Added.
      (JSC):
      (JSC::Watchpoint::~Watchpoint):
      (JSC::Watchpoint::correctLabels):
      (JSC::Watchpoint::fire):
      (JSC::WatchpointSet::WatchpointSet):
      (JSC::WatchpointSet::~WatchpointSet):
      (JSC::WatchpointSet::add):
      (JSC::WatchpointSet::notifyWriteSlow):
      (JSC::WatchpointSet::fireAllWatchpoints):
      * bytecode/Watchpoint.h: Added.
      (JSC):
      (Watchpoint):
      (JSC::Watchpoint::Watchpoint):
      (JSC::Watchpoint::setDestination):
      (WatchpointSet):
      (JSC::WatchpointSet::isStillValid):
      (JSC::WatchpointSet::hasBeenInvalidated):
      (JSC::WatchpointSet::startWatching):
      (JSC::WatchpointSet::notifyWrite):
      (JSC::WatchpointSet::addressOfIsWatched):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      (JSC::DFG::AbstractState::didClobber):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (CCallHelpers):
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (CSEPhase):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      (JSC::DFG::CorrectableJumpPoint::isSet):
      (CorrectableJumpPoint):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (Node):
      (JSC::DFG::Node::identifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCall):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (LLInt):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Added.
      (JSC):
      (JSC::SymbolTableEntry::copySlow):
      (JSC::SymbolTableEntry::freeFatEntrySlow):
      (JSC::SymbolTableEntry::couldBeWatched):
      (JSC::SymbolTableEntry::attemptToWatch):
      (JSC::SymbolTableEntry::addressOfIsWatched):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTableEntry::inflateSlow):
      * runtime/SymbolTable.h:
      (JSC):
      (SymbolTableEntry):
      (Fast):
      (JSC::SymbolTableEntry::Fast::Fast):
      (JSC::SymbolTableEntry::Fast::isNull):
      (JSC::SymbolTableEntry::Fast::getIndex):
      (JSC::SymbolTableEntry::Fast::isReadOnly):
      (JSC::SymbolTableEntry::Fast::getAttributes):
      (JSC::SymbolTableEntry::Fast::isFat):
      (JSC::SymbolTableEntry::SymbolTableEntry):
      (JSC::SymbolTableEntry::~SymbolTableEntry):
      (JSC::SymbolTableEntry::operator=):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (JSC::SymbolTableEntry::getFast):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      (FatEntry):
      (JSC::SymbolTableEntry::FatEntry::FatEntry):
      (JSC::SymbolTableEntry::isFat):
      (JSC::SymbolTableEntry::fatEntry):
      (JSC::SymbolTableEntry::inflate):
      (JSC::SymbolTableEntry::bits):
      (JSC::SymbolTableEntry::freeFatEntry):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
              
      Added ability to set the inline capacity of segmented vectors.
              
      Also added the ability ot ASSERT_NOT_REACHED() without having to
      propagate NO_RETURN macros, which would be a show-stopper for code
      that is conditionally unreachable.
      
      * wtf/Assertions.h:
      (UNREACHABLE_FOR_PLATFORM):
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
              
      Added a test for watchpoints. Also updated the jsc-test-list to include the latest
      tests.
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Added.
      * fast/js/dfg-call-function-hit-watchpoint.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Added.
      (foo):
      (bar):
      (.foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120244 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b75911b2
    • zandobersek@gmail.com's avatar
      Unreviewed, rolling out r120172. · 88d53735
      zandobersek@gmail.com authored
      http://trac.webkit.org/changeset/120172
      https://bugs.webkit.org/show_bug.cgi?id=88976
      
      The patch causes compilation failures on Gtk, Qt and Apple Win
      bots (Requested by zdobersek on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-06-13
      
      Source/JavaScriptCore: 
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::nop):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::readPointer):
      (ARMv7Assembler):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::nop):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      * assembler/MacroAssemblerSH4.h:
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::moveWithPatch):
      * assembler/MacroAssemblerX86Common.h:
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::codeSize):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Removed.
      * bytecode/Watchpoint.h: Removed.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCallSetResult):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      * jit/JITPropertyAccess32_64.cpp:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Removed.
      * runtime/SymbolTable.h:
      (JSC):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (SymbolTableEntry):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Removed.
      * fast/js/dfg-call-function-hit-watchpoint.html: Removed.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120175 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      88d53735
    • fpizlo@apple.com's avatar
      DFG should be able to set watchpoints on global variables · b6c5eeb7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88692
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      This implements global variable constant folding by allowing the optimizing
      compiler to set a "watchpoint" on globals that it wishes to constant fold.
      If the watchpoint fires, then an OSR exit is forced by overwriting the
      machine code that the optimizing compiler generated with a jump.
              
      As such, this patch is adding quite a bit of stuff:
              
      - Jump replacement on those hardware targets supported by the optimizing
        JIT. It is now possible to patch in a jump instruction over any recorded
        watchpoint label. The jump must be "local" in the sense that it must be
        within the range of the largest jump distance supported by a one
        instruction jump.
                
      - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
        that records the location where a jump must be inserted and the
        destination to which it should jump. Watchpoints can be added to a
        WatchpointSet. The WatchpointSet can be fired all at once, which plants
        all jumps. WatchpointSet also remembers if it had ever been invalidated,
        which allows for monotonicity: we typically don't want to optimize using
        watchpoints on something for which watchpoints had previously fired. The
        act of notifying a WatchpointSet has a trivial fast path in case no
        Watchpoints are registered (one-byte load+branch).
              
      - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
        except that you don't have to emit branches. But, you need to know what
        WatchpointSet to add the resulting Watchpoint to. Not everything that
        you could write a speculationCheck() for will have a WatchpointSet that
        would get notified if the condition you were speculating against became
        invalid.
                
      - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
        do so without incurring any space overhead for those entries that don't
        have WatchpointSets.
                
      - The bytecode generator infers all global function variables to be
        watchable, and makes all stores perform the WatchpointSet's write check,
        and marks all loads as being potentially watchable (i.e. you can compile
        them to a watchpoint and a constant).
              
      Put together, this allows for fully sleazy inlining of calls to globally
      declared functions. The inline prologue will no longer contain the load of
      the function, or any checks of the function you're calling. I.e. it's
      pretty much like the kind of inlining you would see in Java or C++.
      Furthermore, the watchpointing functionality is built to be fairly general,
      and should allow setting watchpoints on all sorts of interesting things
      in the future.
              
      The sleazy inlining means that we will now sometimes inline in code paths
      that have never executed. Previously, to inline we would have either had
      to have executed the call (to read the call's inline cache) or have
      executed the method check (to read the method check's inline cache). Now,
      we might inline when the callee is a watched global variable. This
      revealed some humorous bugs. First, constant folding disagreed with CFA
      over what kinds of operations can clobber (example: code path A is dead
      but stores a String into variable X, all other code paths store 0 into
      X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
      clobbering constant, but constant folding thought it was clobbering
      because it saw the String prediction). Second, inlining would crash if
      the inline callee had not been compiled. This patch fixes both bugs,
      since otherwise run-javascriptcore-tests would report regressions.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::ARMv7Assembler):
      (JSC::ARMv7Assembler::labelForWatchpoint):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::replaceWithJump):
      (JSC::ARMv7Assembler::maxJumpReplacementSize):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      (JSC::AbstractMacroAssembler::watchpointLabel):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::replaceWithJump):
      (MacroAssemblerARM):
      (JSC::MacroAssemblerARM::maxJumpReplacementSize):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::replaceWithJump):
      (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
      (JSC::MacroAssemblerARMv7::branchTest8):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (MacroAssemblerMIPS):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (MacroAssemblerSH4):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::branchTest8):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::replaceWithJump):
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::X86Assembler):
      (X86Assembler):
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::testb_im):
      (JSC::X86Assembler::labelForWatchpoint):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::replaceWithJump):
      (JSC::X86Assembler::maxJumpReplacementSize):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (CodeBlock):
      (JSC::CodeBlock::appendWatchpoint):
      (JSC::CodeBlock::numberOfWatchpoints):
      (JSC::CodeBlock::watchpoint):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Added.
      (JSC):
      (JSC::Watchpoint::~Watchpoint):
      (JSC::Watchpoint::correctLabels):
      (JSC::Watchpoint::fire):
      (JSC::WatchpointSet::WatchpointSet):
      (JSC::WatchpointSet::~WatchpointSet):
      (JSC::WatchpointSet::add):
      (JSC::WatchpointSet::notifyWriteSlow):
      (JSC::WatchpointSet::fireAllWatchpoints):
      * bytecode/Watchpoint.h: Added.
      (JSC):
      (Watchpoint):
      (JSC::Watchpoint::Watchpoint):
      (JSC::Watchpoint::setDestination):
      (WatchpointSet):
      (JSC::WatchpointSet::isStillValid):
      (JSC::WatchpointSet::hasBeenInvalidated):
      (JSC::WatchpointSet::startWatching):
      (JSC::WatchpointSet::notifyWrite):
      (JSC::WatchpointSet::addressOfIsWatched):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      (JSC::DFG::AbstractState::didClobber):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (CCallHelpers):
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (CSEPhase):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      (JSC::DFG::CorrectableJumpPoint::isSet):
      (CorrectableJumpPoint):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (Node):
      (JSC::DFG::Node::identifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCall):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::JITThunks):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (LLInt):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Added.
      (JSC):
      (JSC::SymbolTableEntry::copySlow):
      (JSC::SymbolTableEntry::freeFatEntrySlow):
      (JSC::SymbolTableEntry::couldBeWatched):
      (JSC::SymbolTableEntry::attemptToWatch):
      (JSC::SymbolTableEntry::addressOfIsWatched):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTableEntry::inflateSlow):
      * runtime/SymbolTable.h:
      (JSC):
      (SymbolTableEntry):
      (Fast):
      (JSC::SymbolTableEntry::Fast::Fast):
      (JSC::SymbolTableEntry::Fast::isNull):
      (JSC::SymbolTableEntry::Fast::getIndex):
      (JSC::SymbolTableEntry::Fast::isReadOnly):
      (JSC::SymbolTableEntry::Fast::getAttributes):
      (JSC::SymbolTableEntry::Fast::isFat):
      (JSC::SymbolTableEntry::SymbolTableEntry):
      (JSC::SymbolTableEntry::~SymbolTableEntry):
      (JSC::SymbolTableEntry::operator=):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (JSC::SymbolTableEntry::getFast):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      (FatEntry):
      (JSC::SymbolTableEntry::FatEntry::FatEntry):
      (JSC::SymbolTableEntry::isFat):
      (JSC::SymbolTableEntry::fatEntry):
      (JSC::SymbolTableEntry::inflate):
      (JSC::SymbolTableEntry::bits):
      (JSC::SymbolTableEntry::freeFatEntry):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
              
      Added ability to set the inline capacity of segmented vectors.
      
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
              
      Added a test for watchpoints. Also updated the jsc-test-list to include the latest
      tests.
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Added.
      * fast/js/dfg-call-function-hit-watchpoint.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Added.
      (foo):
      (bar):
      (.foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120172 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b6c5eeb7
  20. 06 Jun, 2012 2 commits
    • fpizlo@apple.com's avatar
      PredictedType should be called SpeculatedType · 62336163
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88477
      
      Rubber stamped by Gavin Barraclough.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shouldOptimizeNow):
      (JSC::CodeBlock::dumpValueProfiles):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      * bytecode/LazyOperandValueProfile.cpp:
      (JSC::LazyOperandValueProfileParser::prediction):
      * bytecode/LazyOperandValueProfile.h:
      (LazyOperandValueProfileParser):
      * bytecode/PredictedType.cpp: Removed.
      * bytecode/PredictedType.h: Removed.
      * bytecode/SpeculatedType.cpp: Copied from Source/JavaScriptCore/bytecode/PredictedType.cpp.
      (JSC::speculationToString):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromClassInfo):
      (JSC::speculationFromStructure):
      (JSC::speculationFromCell):
      (JSC::speculationFromValue):
      * bytecode/SpeculatedType.h: Copied from Source/JavaScriptCore/bytecode/PredictedType.h.
      (JSC):
      (JSC::isAnySpeculation):
      (JSC::isCellSpeculation):
      (JSC::isObjectSpeculation):
      (JSC::isFinalObjectSpeculation):
      (JSC::isFinalObjectOrOtherSpeculation):
      (JSC::isFixedIndexedStorageObjectSpeculation):
      (JSC::isStringSpeculation):
      (JSC::isArraySpeculation):
      (JSC::isFunctionSpeculation):
      (JSC::isInt8ArraySpeculation):
      (JSC::isInt16ArraySpeculation):
      (JSC::isInt32ArraySpeculation):
      (JSC::isUint8ArraySpeculation):
      (JSC::isUint8ClampedArraySpeculation):
      (JSC::isUint16ArraySpeculation):
      (JSC::isUint32ArraySpeculation):
      (JSC::isFloat32ArraySpeculation):
      (JSC::isFloat64ArraySpeculation):
      (JSC::isArgumentsSpeculation):
      (JSC::isActionableIntMutableArraySpeculation):
      (JSC::isActionableFloatMutableArraySpeculation):
      (JSC::isActionableTypedMutableArraySpeculation):
      (JSC::isActionableMutableArraySpeculation):
      (JSC::isActionableArraySpeculation):
      (JSC::isArrayOrOtherSpeculation):
      (JSC::isMyArgumentsSpeculation):
      (JSC::isInt32Speculation):
      (JSC::isDoubleRealSpeculation):
      (JSC::isDoubleSpeculation):
      (JSC::isNumberSpeculation):
      (JSC::isBooleanSpeculation):
      (JSC::isOtherSpeculation):
      (JSC::isEmptySpeculation):
      (JSC::mergeSpeculations):
      (JSC::mergeSpeculation):
      * bytecode/StructureSet.h:
      (JSC::StructureSet::speculationFromStructures):
      * bytecode/ValueProfile.h:
      (JSC::ValueProfileBase::ValueProfileBase):
      (JSC::ValueProfileBase::dump):
      (JSC::ValueProfileBase::computeUpdatedPrediction):
      (ValueProfileBase):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      * dfg/DFGAbstractState.h:
      (JSC::DFG::AbstractState::speculateInt32Unary):
      (JSC::DFG::AbstractState::speculateNumberUnary):
      (JSC::DFG::AbstractState::speculateBooleanUnary):
      (JSC::DFG::AbstractState::speculateInt32Binary):
      (JSC::DFG::AbstractState::speculateNumberBinary):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::StructureAbstractValue::filter):
      (JSC::DFG::StructureAbstractValue::speculationFromStructures):
      (JSC::DFG::AbstractValue::AbstractValue):
      (JSC::DFG::AbstractValue::clear):
      (JSC::DFG::AbstractValue::isClear):
      (JSC::DFG::AbstractValue::makeTop):
      (JSC::DFG::AbstractValue::clobberStructures):
      (JSC::DFG::AbstractValue::isTop):
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::merge):
      (JSC::DFG::AbstractValue::filter):
      (JSC::DFG::AbstractValue::validateIgnoringValue):
      (JSC::DFG::AbstractValue::validate):
      (JSC::DFG::AbstractValue::checkConsistency):
      (JSC::DFG::AbstractValue::dump):
      (AbstractValue):
      * dfg/DFGArgumentPosition.h:
      (JSC::DFG::ArgumentPosition::ArgumentPosition):
      (JSC::DFG::ArgumentPosition::mergeArgumentAwareness):
      (JSC::DFG::ArgumentPosition::prediction):
      (ArgumentPosition):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::getSpeculationWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getSpeculation):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::fixVariableAccessSpeculations):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixDoubleEdge):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::nameOfVariableAccessData):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::getJSConstantSpeculation):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::getSpeculation):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (JSC::DFG::Node::getHeapPrediction):
      (JSC::DFG::Node::predictHeap):
      (JSC::DFG::Node::prediction):
      (JSC::DFG::Node::predict):
      (JSC::DFG::Node::shouldSpeculateInteger):
      (JSC::DFG::Node::shouldSpeculateDouble):
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateBoolean):
      (JSC::DFG::Node::shouldSpeculateFinalObject):
      (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
      (JSC::DFG::Node::shouldSpeculateArray):
      (JSC::DFG::Node::shouldSpeculateArguments):
      (JSC::DFG::Node::shouldSpeculateInt8Array):
      (JSC::DFG::Node::shouldSpeculateInt16Array):
      (JSC::DFG::Node::shouldSpeculateInt32Array):
      (JSC::DFG::Node::shouldSpeculateUint8Array):
      (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
      (JSC::DFG::Node::shouldSpeculateUint16Array):
      (JSC::DFG::Node::shouldSpeculateUint32Array):
      (JSC::DFG::Node::shouldSpeculateFloat32Array):
      (JSC::DFG::Node::shouldSpeculateFloat64Array):
      (JSC::DFG::Node::shouldSpeculateArrayOrOther):
      (JSC::DFG::Node::shouldSpeculateObject):
      (JSC::DFG::Node::shouldSpeculateCell):
      (Node):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::setPrediction):
      (JSC::DFG::PredictionPropagationPhase::mergePrediction):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::writeBarrier):
      (JSC::DFG::GPRTemporary::GPRTemporary):
      (JSC::DFG::FPRTemporary::FPRTemporary):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileInstanceOf):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
      (JSC::DFG::SpeculativeJIT::compileRegExpExec):
      * dfg/DFGSpeculativeJIT.h:
      (DFG):
      (JSC::DFG::ValueSource::forSpeculation):
      (SpeculativeJIT):
      (GPRTemporary):
      (FPRTemporary):
      (JSC::DFG::SpecDoubleOperand::SpecDoubleOperand):
      (JSC::DFG::SpecDoubleOperand::~SpecDoubleOperand):
      (JSC::DFG::SpecDoubleOperand::fpr):
      (JSC::DFG::SpecCellOperand::SpecCellOperand):
      (JSC::DFG::SpecCellOperand::~SpecCellOperand):
      (JSC::DFG::SpecCellOperand::gpr):
      (JSC::DFG::SpecBooleanOperand::SpecBooleanOperand):
      (JSC::DFG::SpecBooleanOperand::~SpecBooleanOperand):
      (JSC::DFG::SpecBooleanOperand::gpr):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpecDouble):
      (JSC::DFG::SpeculativeJIT::fillSpecCell):
      (JSC::DFG::SpeculativeJIT::fillSpecBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpecDouble):
      (JSC::DFG::SpeculativeJIT::fillSpecCell):
      (JSC::DFG::SpeculativeJIT::fillSpecBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (JSC::DFG::VariableAccessData::predict):
      (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
      (JSC::DFG::VariableAccessData::prediction):
      (JSC::DFG::VariableAccessData::argumentAwarePrediction):
      (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction):
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
      (VariableAccessData):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119660 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62336163
    • fpizlo@apple.com's avatar
      Global object variable accesses should not require an extra load · 26af9b61
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88385
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
              
      Previously, if you wanted to access a global variable, you'd first have
      to load the register array from the appropriate global object and then
      either load or store at an offset to the register array. This is because
      JSGlobalObject inherited from JSVariableObject, and JSVariableObject is
      designed with the pessimistic assumption that its register array may
      point into the call stack. This is never the case for global objects.
      Hence, even though the global object may add more registers at any time,
      it does not need to store them in a contiguous array. It can use a
      SegmentedVector or similar.
              
      This patch refactors global objects and variable objects as follows:
              
      - The functionality to track variables in an indexable array using a
        SymbolTable to map names to indices is moved into JSSymbolTableObject,
        which is now a supertype of JSVariableObject. JSVariableObject is now
        just a holder for a registers array and implements the registerAt()
        method that is left abstract in JSSymbolTableObject. Because all users
        of JSVariableObject know whether they are a JSStaticScopeObject,
        JSActivation, or JSGlobalObject, this "abstract" method is not virtual;
        instead the utility methods that would call registerAt() are now
        template functions that require you to know statically what subtype of
        JSSymbolTableObject you're using (JSVariableObject or something else),
        so that registerAt() can be statically bound.
              
      - A new class is added called JSSegmentedVariableObject, which only
        differs from JSVariableObject in how it allocates registers. It uses a
        SegmentedVector instead of manually managing a pointer to a contiguous
        slab of registers. This changes the interface somewhat; for example
        with JSVariableObject if you wanted to add a register you had to do
        it yourself since the JSVariableObject didn't know how the registers
        array ought to be allocated. With JSSegmentedVariableObject you can
        just call addRegisters(). JSSegmentedVariableObject preserves the
        invariant that once you get a pointer into a register, that pointer
        will continue to be valid so long as the JSSegmentedVariableObject is
        alive. This allows the JITs and interpreters to skip the extra load.
              
      - JSGlobalObject now inherits from JSSegmentedVariableObject. For now
        (and possibly forever) it is the only subtype of this new class.
              
      - The bytecode format is changed so that get_global_var and
        put_global_var have a pointer to the register directly rather than
        having an index. A convenience method is provided in
        JSSegmentedVariableObject to get the index given a a pointer, which is
        used for assertions and debug dumps.
              
      This appears to be a 1% across the board win.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::registerPointer):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::retrieveLastUnaryOp):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (ResolveResult):
      (BytecodeGenerator):
      * dfg/DFGAssemblyHelpers.h:
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::globalObjectFor):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasVarNumber):
      (Node):
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::registerPointer):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::isWriteBarrierEnabled):
      (JSC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC):
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::visitChildren):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      * runtime/JSSegmentedVariableObject.cpp: Added.
      (JSC):
      (JSC::JSSegmentedVariableObject::findRegisterIndex):
      (JSC::JSSegmentedVariableObject::addRegisters):
      (JSC::JSSegmentedVariableObject::visitChildren):
      * runtime/JSSegmentedVariableObject.h: Added.
      (JSC):
      (JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::registerAt):
      (JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject):
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSSymbolTableObject.cpp: Added.
      (JSC):
      (JSC::JSSymbolTableObject::destroy):
      (JSC::JSSymbolTableObject::deleteProperty):
      (JSC::JSSymbolTableObject::getOwnPropertyNames):
      (JSC::JSSymbolTableObject::putDirectVirtual):
      (JSC::JSSymbolTableObject::isDynamicScope):
      * runtime/JSSymbolTableObject.h: Added.
      (JSC):
      (JSSymbolTableObject):
      (JSC::JSSymbolTableObject::symbolTable):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::JSVariableObject):
      (JSC::JSVariableObject::finishCreation):
      (JSC):
      * runtime/WriteBarrier.h:
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
      
      Updated JSDOMWindowBase.cpp to use the new symbol table API. this->symbolTableFoo(...)
      becomes symbolTableFoo(this, ...).
                      
      No new tests because no change in behavior.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::updateDocument):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119655 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      26af9b61
  21. 30 May, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Heap should sweep incrementally · eb39abc6
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85429
      
      We shouldn't have to wait for the opportunistic GC timer to fire in order 
      to call object destructors. Instead, we should incrementally sweep some 
      subset of the blocks requiring sweeping periodically. We tie this sweeping 
      to a timer rather than to collections because we want to reclaim this memory 
      even if we stop allocating. This way, our memory usage scales smoothly with 
      actual use, regardless of whether we've recently done an opportunistic GC or not.
      
      Reviewed by Geoffrey Garen.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::collect): We no longer sweep during a full sweep. We only shrink now,
      which we will switch over to being done during incremental sweeping too as soon as
      all finalizers can be run lazily (and, by extension, incrementally). 
      (JSC::Heap::sweeper):
      (JSC):
      * heap/Heap.h:
      (JSC):
      (Heap):
      * heap/IncrementalSweeper.cpp: Added.
      (JSC):
      (JSC::IncrementalSweeper::timerDidFire): The IncrementalSweeper works very similarly to 
      GCActivityCallback. It is tied to a run-loop based timer that fires periodically based 
      on how long the previous sweep increment took to run. The IncrementalSweeper doesn't do 
      anything if the platform doesn't support CoreFoundation.
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::~IncrementalSweeper):
      (JSC::IncrementalSweeper::create):
      (JSC::IncrementalSweeper::scheduleTimer):
      (JSC::IncrementalSweeper::cancelTimer):
      (JSC::IncrementalSweeper::doSweep): Iterates over the snapshot of the MarkedSpace taken 
      during the last collection, checking to see which blocks need sweeping. If it successfully 
      gets to the end of the blocks that need sweeping then it cancels the timer.
      (JSC::IncrementalSweeper::startSweeping): We take a snapshot of the Heap and store it in 
      a Vector that the incremental sweep will iterate over. We also reset our index into this Vector.
      * heap/IncrementalSweeper.h: Added.
      (JSC):
      (IncrementalSweeper):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::needsSweeping): If a block is in the Marked state it needs sweeping 
      to be usable and to run any destructors that need to be run.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119028 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      eb39abc6
  22. 23 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should optimize inlined uses of arguments.length and arguments[i] · 9b928726
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86327
      
      Reviewed by Gavin Barraclough.
              
      Merged r117017 from dfgopt.
              
      Turns inlined uses of arguments.length into a constant.
              
      Turns inlined uses of arguments[constant] into a direct reference to the
      argument.
              
      Big win on micro-benchmarks. Not yet a win on V8 because the hot uses of
      arguments.length and arguments[i] are aliased. I'll leave the aliasing
      optimizations to a later patch.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/DFGExitProfile.h:
      (FrequentExitSite):
      (JSC::DFG::FrequentExitSite::FrequentExitSite):
      (JSC::DFG::QueryableExitProfile::hasExitSite):
      (QueryableExitProfile):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArgumentsSimplificationPhase.cpp: Added.
      (DFG):
      (ArgumentsSimplificationPhase):
      (JSC::DFG::ArgumentsSimplificationPhase::ArgumentsSimplificationPhase):
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (JSC::DFG::performArgumentsSimplification):
      * dfg/DFGArgumentsSimplificationPhase.h: Added.
      (DFG):
      * dfg/DFGAssemblyHelpers.cpp:
      (JSC::DFG::AssemblyHelpers::executableFor):
      (DFG):
      * dfg/DFGAssemblyHelpers.h:
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::executableFor):
      (Graph):
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToConstant):
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (Node):
      (JSC::DFG::Node::unlinkedLocal):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118278 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9b928726
  23. 21 May, 2012 2 commits
    • fpizlo@apple.com's avatar
      DFG should be able to compute dominators · ba79d1f9
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85269
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115754 from dfgopt.
              
      Implements a naive dominator calculator, which is currently just used to
      print information in graph dumps. I've enabled it by default mainly to
      be able to track its performance impact. So far it appears that there is
      none, which is unsurprising given that the number of basic blocks in most
      procedures is small.
              
      Also tweaked bytecode dumping to reveal more useful information about the
      nature of the code block.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * dfg/DFGDominators.cpp: Added.
      (DFG):
      (JSC::DFG::Dominators::Dominators):
      (JSC::DFG::Dominators::~Dominators):
      (JSC::DFG::Dominators::compute):
      (JSC::DFG::Dominators::iterateForBlock):
      * dfg/DFGDominators.h: Added.
      (DFG):
      (Dominators):
      (JSC::DFG::Dominators::invalidate):
      (JSC::DFG::Dominators::computeIfNecessary):
      (JSC::DFG::Dominators::isValid):
      (JSC::DFG::Dominators::dominates):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (Graph):
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115754 from dfgopt.
              
      Added a bitvector class suitable for cheap static analysis. This class
      differs from BitVector in that instead of optimizing for space, it
      optimizes for execution time. Its API is also somewhat less friendly,
      which is intentional; it's meant to be used in places where you know
      up front how bit your bitvectors are going to be.
      
      * GNUmakefile.list.am:
      * WTF.vcproj/WTF.vcproj:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/FastBitVector.h: Added.
      (WTF):
      (FastBitVector):
      (WTF::FastBitVector::FastBitVector):
      (WTF::FastBitVector::operator=):
      (WTF::FastBitVector::numBits):
      (WTF::FastBitVector::resize):
      (WTF::FastBitVector::setAll):
      (WTF::FastBitVector::clearAll):
      (WTF::FastBitVector::set):
      (WTF::FastBitVector::setAndCheck):
      (WTF::FastBitVector::equals):
      (WTF::FastBitVector::merge):
      (WTF::FastBitVector::filter):
      (WTF::FastBitVector::exclude):
      (WTF::FastBitVector::clear):
      (WTF::FastBitVector::get):
      (WTF::FastBitVector::arrayLength):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117861 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ba79d1f9
    • barraclough@apple.com's avatar
      Add support for private names · 6c9b264e
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86509
      
      Reviewed by Oliver Hunt.
      
      The spec isn't final, but we can start adding support to allow property maps
      to contain keys that aren't identifiers.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlot):
      (JSC::::put):
      (JSC::::deleteProperty):
      (JSC::::getStaticValue):
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
          - Only expose public named properties over the JSC API.
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
          - Added new files to build system.
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationPutByValInternal):
          - Added support for property access with name objects.
      * interpreter/CallFrame.h:
      (JSC::ExecState::privateNamePrototypeTable):
          - Added hash table for NamePrototype
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
          - Added support for property access with name objects.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
          - Added support for property access with name objects.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
          - Added support for property access with name objects.
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
          - Added hash table for NamePrototype
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::privateNameStructure):
      (JSC::JSGlobalObject::symbolTableHasProperty):
          - Added new global properties.
      * runtime/JSType.h:
      * runtime/JSTypeInfo.h:
      (JSC::TypeInfo::isName):
          - Added type for NameInstances, for fast isName check.
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::deleteProperty):
      (JSC::JSVariableObject::symbolTableGet):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::symbolTablePut):
      (JSC::JSVariableObject::symbolTablePutWithAttributes):
          - symbol table lookup should take a PropertyName.
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::entry):
          - entry lookup should take a PropertyName.
      * runtime/NameConstructor.cpp: Added.
      (JSC):
      (JSC::NameConstructor::NameConstructor):
      (JSC::NameConstructor::finishCreation):
      (JSC::constructPrivateName):
      (JSC::NameConstructor::getConstructData):
      (JSC::NameConstructor::getCallData):
      * runtime/NameConstructor.h: Added.
      (JSC):
      (NameConstructor):
      (JSC::NameConstructor::create):
      (JSC::NameConstructor::createStructure):
          - Added constructor.
      * runtime/NameInstance.cpp: Added.
      (JSC):
      (JSC::NameInstance::NameInstance):
      (JSC::NameInstance::destroy):
      * runtime/NameInstance.h: Added.
      (JSC):
      (NameInstance):
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::create):
      (JSC::NameInstance::privateName):
      (JSC::NameInstance::nameString):
      (JSC::NameInstance::finishCreation):
      (JSC::isName):
          - Added instance.
      * runtime/NamePrototype.cpp: Added.
      (JSC):
      (JSC::NamePrototype::NamePrototype):
      (JSC::NamePrototype::finishCreation):
      (JSC::NamePrototype::getOwnPropertySlot):
      (JSC::NamePrototype::getOwnPropertyDescriptor):
      (JSC::privateNameProtoFuncToString):
      * runtime/NamePrototype.h: Added.
      (JSC):
      (NamePrototype):
      (JSC::NamePrototype::create):
      (JSC::NamePrototype::createStructure):
          - Added prototype.
      * runtime/PrivateName.h: Added.
      (JSC):
      (PrivateName):
      (JSC::PrivateName::PrivateName):
      (JSC::PrivateName::uid):
          - A private name object holds a StringImpl that can be used as a unique key in a property map.
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::find):
      (JSC::PropertyTable::findWithString):
          - Strings should only match keys in the table that are identifiers.
      * runtime/PropertyName.h:
      (JSC::PropertyName::PropertyName):
      (PropertyName):
      (JSC::PropertyName::uid):
      (JSC::PropertyName::publicName):
      (JSC::PropertyName::asIndex):
      (JSC::operator==):
      (JSC::operator!=):
          - replaced impl() & ustring() with uid() [to get the raw impl] and publicName() [impl or null, if not an identifier].
      * runtime/Structure.cpp:
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::getPropertyNamesFromStructure):
      * runtime/Structure.h:
      (JSC::Structure::get):
          - call uid() to get a PropertyName raw impl, for use as a key.
      
      Source/WebCore: 
      
      Test: fast/js/names.html
      
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::cssPropertyIDForJSCSSPropertyName):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::findAtomicString):
      (WebCore::objectToStringFunctionGetter):
      * bindings/js/JSDOMBinding.h:
      (WebCore::propertyNameToString):
      (WebCore::propertyNameToAtomicString):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::nonCachingStaticFunctionGetter):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::nonCachingStaticBackFunctionGetter):
      (WebCore::nonCachingStaticForwardFunctionGetter):
      (WebCore::nonCachingStaticGoFunctionGetter):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::nonCachingStaticReplaceFunctionGetter):
      (WebCore::nonCachingStaticReloadFunctionGetter):
      (WebCore::nonCachingStaticAssignFunctionGetter):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::getMethod):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::methodsNamed):
      (JavaClass::fieldNamed):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      * bridge/objc/objc_class.mm:
      (JSC::Bindings::ObjcClass::methodsNamed):
      (JSC::Bindings::ObjcClass::fieldNamed):
      (JSC::Bindings::ObjcClass::fallbackObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
          - Removed PropertyName::impl(), call publicName() to get the string associated with a name.
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyClass::methodsNamed):
      (WebKit::ProxyClass::fieldNamed):
      (WebKit::ProxyInstance::getMethod):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
          - Removed PropertyName::impl(), call publicName() to get the string associated with a name.
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      (WebKit::JSNPObject::methodGetter):
          - Removed PropertyName::impl(), call publicName() to get the string associated with a name.
      
      Source/WTF: 
      
      * wtf/text/StringImpl.h:
      (WTF::StringImpl::StringImpl):
      (StringImpl):
      (WTF::StringImpl::createEmptyUnique):
      (WTF::StringImpl::isEmptyUnique):
          - Allow empty string impls to be allocated, which can be used as unique keys.
      
      LayoutTests: 
      
      * fast/js/names-expected.txt: Added.
      * fast/js/names.html: Added.
      * fast/js/script-tests/names.js: Added.
          - Added test cases.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117859 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6c9b264e
  24. 18 May, 2012 2 commits
    • fpizlo@apple.com's avatar
      DFG should have control flow graph simplification · 79c51ee1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84553
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115512 from dfgopt.
      
      This change gives the DFG the ability to simplify the control flow graph
      as part of an optimization fixpoint that includes CSE, CFA, and constant
      folding. This required a number of interesting changes including:
              
      - Solidifying the set of invariants that the DFG obeys. For example, the
        head and tail of each basic block must advertise the set of live locals
        and the set of available locals, respectively. It must do so by
        referring to the first access to the local in the block (for head) and
        the last one (for tail). This patch introduces the start of a
        validation step that may be turned on even with asserts disabled. To
        ensure that these invariants are preserved, I had to remove the
        redundant phi elimination phase. For now I just remove the call, but in
        the future we will probably remove it entirely unless we find a use for
        it.
              
      - Making it easier to get the boolean version of a JSValue. This is a
        pure operation, but we previously did not treat it as such.
              
      - Fixing the merging and filtering of AbstractValues that correspond to
        concrete JSValues. This was previously broken and was limiting the
        effect of running constant folding. Fixing this meant that I had to
        change how constant folding eliminates GetLocal nodes, so as to ensure
        that the resulting graph still obeys DFG rules.
              
      - Introducing simplified getters for some of the things that DFG phases
        want to know about, like the Nth child of a node (now just
        graph.child(...) if you don't care about performance too much) or
        getting successors of a basic block.
              
      The current CFG simplifier can handle almost all of the cases that it
      ought to handle; the noteworthy one that is not yet handled is removing
      basic blocks that just have jumps. To do this right we need to be able
      to remove jump-only blocks that also perform keep-alive on some values.
      To make this work, we need to be able to hoist the keep-alive into (or
      just above) a Branch. This is not fundamentally difficult but I opted to
      let this patch omit this optimization. We can handle this later.
              
      This is a big win on programs that include inline functions that are
      often called with constant arguments. Of course, SunSpider, V8, and
      Kraken don't count. Those benchmarks are completely neutral with this
      change.
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
      * bytecode/Operands.h:
      (JSC::Operands::setOperandFirstTime):
      (Operands):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::isClear):
      (JSC::DFG::AbstractValue::operator!=):
      (JSC::DFG::AbstractValue::merge):
      (JSC::DFG::AbstractValue::filter):
      (JSC::DFG::AbstractValue::validateIgnoringValue):
      (AbstractValue):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::child):
      (JSC::DFG::AdjacencyList::setChild):
      (AdjacencyList):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::~BasicBlock):
      (BasicBlock):
      (JSC::DFG::BasicBlock::numNodes):
      (JSC::DFG::BasicBlock::nodeIndex):
      (JSC::DFG::BasicBlock::isPhiIndex):
      (JSC::DFG::BasicBlock::isInPhis):
      (JSC::DFG::BasicBlock::isInBlock):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (DFG):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::run):
      (JSC::DFG::CFAPhase::performBlockCFA):
      (JSC::DFG::performCFA):
      * dfg/DFGCFAPhase.h:
      (DFG):
      * dfg/DFGCFGSimplificationPhase.cpp: Added.
      (DFG):
      (CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::killUnreachable):
      (JSC::DFG::CFGSimplificationPhase::findOperandSource):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
      (OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
      (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      (JSC::DFG::performCFGSimplification):
      * dfg/DFGCFGSimplificationPhase.h: Added.
      (DFG):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::run):
      (CSEPhase):
      (JSC::DFG::CSEPhase::impureCSE):
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::checkStructureLoadElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      (JSC::DFG::CSEPhase::performBlockCSE):
      (JSC::DFG::performCSE):
      * dfg/DFGCSEPhase.h:
      (DFG):
      * dfg/DFGCommon.h:
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      (JSC::DFG::performConstantFolding):
      * dfg/DFGConstantFoldingPhase.h:
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.h:
      (Edge):
      (JSC::DFG::Edge::operator UnspecifiedBoolType*):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupBlock):
      (JSC::DFG::performFixup):
      * dfg/DFGFixupPhase.h:
      (DFG):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::handleSuccessor):
      (DFG):
      (JSC::DFG::Graph::determineReachability):
      (JSC::DFG::Graph::resetReachability):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::deref):
      (JSC::DFG::Graph::changeIndex):
      (Graph):
      (JSC::DFG::Graph::changeEdge):
      (JSC::DFG::Graph::numSuccessors):
      (JSC::DFG::Graph::successor):
      (JSC::DFG::Graph::successorForCondition):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      (JSC::DFG::Graph::numChildren):
      (JSC::DFG::Graph::child):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToConstant):
      (JSC::DFG::Node::numSuccessors):
      (Node):
      (JSC::DFG::Node::successor):
      (JSC::DFG::Node::successorForCondition):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGPhase.h:
      (JSC::DFG::runPhase):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::run):
      (JSC::DFG::performPredictionPropagation):
      * dfg/DFGPredictionPropagationPhase.h:
      (DFG):
      * dfg/DFGRedundantPhiEliminationPhase.cpp:
      (JSC::DFG::RedundantPhiEliminationPhase::run):
      (JSC::DFG::performRedundantPhiElimination):
      * dfg/DFGRedundantPhiEliminationPhase.h:
      (DFG):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::use):
      (ScoreBoard):
      (JSC::DFG::ScoreBoard::useIfHasResult):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::createOSREntries):
      (JSC::DFG::SpeculativeJIT::linkOSREntries):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileRegExpExec):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::nextBlock):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::jump):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp: Added.
      (DFG):
      (Validate):
      (JSC::DFG::Validate::Validate):
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::reportValidationContext):
      (JSC::DFG::Validate::dumpData):
      (JSC::DFG::Validate::dumpGraphIfAppropriate):
      (JSC::DFG::validate):
      * dfg/DFGValidate.h: Added.
      (DFG):
      (JSC::DFG::validate):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      (JSC::DFG::performVirtualRegisterAllocation):
      * dfg/DFGVirtualRegisterAllocationPhase.h:
      (DFG):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      * runtime/JSString.cpp:
      (JSC::JSString::toBoolean):
      * runtime/JSString.h:
      (JSString):
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      
      Source/WebCore: 
      
      Reviewed by Oliver Hunt.
      
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      No new tests, because no new behavior.
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDirectoryEntryCustom.cpp:
      (WebCore::JSDirectoryEntry::getFile):
      (WebCore::JSDirectoryEntry::getDirectory):
      * bindings/js/JSDirectoryEntrySyncCustom.cpp:
      (WebCore::getFlags):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::JSInspectorFrontendHost::showContextMenu):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateEventListenerCall):
      (GenerateImplementation):
      (JSValueToNative):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      
      Source/WebKit/mac: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      
      Source/WebKit2: 
      
      Reviewed by Oliver Hunt.
      
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117646 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      79c51ee1
    • fpizlo@apple.com's avatar
      DFG should have constant propagation · 3187c92c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84004
      
      Reviewed by Gavin Barraclough.
              
      Merge r114554 from dfgopt.
              
      Changes AbstractValue to be able to hold a "set" of constants, where
      the maximum set size is 1 - so merging a value containing constant A
      with another value containing constant B where A != B will result in
      the AbstractValue claiming that it does not know any constants (i.e.
      it'll just have a predicted type and possible a structure).
              
      Added a constant folding phase that uses this new information to
      replace pure operations known to have constant results with
      JSConstants. This is OSR-exit-aware, in that it will prepend a Phantom
      that refers to all of the kids of the node we replaced.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::beginBasicBlock):
      (JSC::DFG::AbstractState::endBasicBlock):
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::clear):
      (JSC::DFG::AbstractValue::isClear):
      (JSC::DFG::AbstractValue::makeTop):
      (JSC::DFG::AbstractValue::clobberValue):
      (AbstractValue):
      (JSC::DFG::AbstractValue::valueIsTop):
      (JSC::DFG::AbstractValue::value):
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::operator==):
      (JSC::DFG::AbstractValue::merge):
      (JSC::DFG::AbstractValue::filter):
      (JSC::DFG::AbstractValue::validate):
      (JSC::DFG::AbstractValue::checkConsistency):
      (JSC::DFG::AbstractValue::dump):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::initialize):
      (AdjacencyList):
      (JSC::DFG::AdjacencyList::reset):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::BasicBlock):
      (BasicBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::constantCSE):
      (CSEPhase):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGConstantFoldingPhase.cpp: Added.
      (DFG):
      (ConstantFoldingPhase):
      (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
      (JSC::DFG::ConstantFoldingPhase::run):
      (JSC::DFG::performConstantFolding):
      * dfg/DFGConstantFoldingPhase.h: Added.
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::convertToConstant):
      * dfg/DFGInsertionSet.h:
      (JSC::DFG::InsertionSet::execute):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToConstant):
      (Node):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (JSValue):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117636 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3187c92c
  25. 28 Apr, 2012 1 commit
  26. 25 Apr, 2012 1 commit
    • kbr@google.com's avatar
      Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced · 94781154
      kbr@google.com authored
      https://bugs.webkit.org/show_bug.cgi?id=83655
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/PredictedType.cpp:
      (JSC::predictionToString):
      (JSC::predictionToAbbreviatedString):
      (JSC::predictionFromClassInfo):
      * bytecode/PredictedType.h:
      (JSC):
      (JSC::isActionableIntMutableArrayPrediction):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGNode.h:
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::ValueSource::forPrediction):
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/JSByteArray.cpp: Removed.
      * runtime/JSByteArray.h: Removed.
      * runtime/JSGlobalData.cpp:
      
      Source/WebCore:
      
      Removed last few references to ByteArray, replacing with
      Uint8ClampedArray as necessary, and deleted now-obsolete
      CanvasPixelArray, ByteArray and JSByteArray. Removed code from
      JavaScriptCore special-casing ByteArray.
      
      No new tests. Did full layout test run on Mac OS; no regressions
      seen from this change.
      
      * CMakeLists.txt:
      * DerivedSources.pri:
      * ForwardingHeaders/runtime/JSByteArray.h: Removed.
      * GNUmakefile.list.am:
      * PlatformBlackBerry.cmake:
      * Target.pri:
      * UseV8.cmake:
      * WebCore.gypi:
      * WebCore.order:
      * WebCore.vcproj/WebCore.vcproj:
      * WebCore.xcodeproj/project.pbxproj:
      * bindings/v8/SerializedScriptValue.cpp:
      * bindings/v8/V8Binding.h:
      (WebCore::isHostObject):
      * bindings/v8/custom/V8CanvasPixelArrayCustom.cpp: Removed.
      * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
      (WebCore::V8InjectedScriptHost::typeCallback):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::isJSUint8ClampedArray):
      (Bindings):
      (JSC::Bindings::valueRealType):
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      * html/canvas/CanvasPixelArray.cpp: Removed.
      * html/canvas/CanvasPixelArray.h: Removed.
      * html/canvas/CanvasPixelArray.idl: Removed.
      * html/canvas/WebGLRenderingContext.cpp:
      (WebCore):
      * platform/graphics/filters/FEConvolveMatrix.h:
      * rendering/svg/RenderSVGResourceMasker.cpp:
      
      Source/WTF:
      
      * GNUmakefile.list.am:
      * WTF.gypi:
      * WTF.pro:
      * WTF.vcproj/WTF.vcproj:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/ByteArray.cpp: Removed.
      * wtf/ByteArray.h: Removed.
      * wtf/CMakeLists.txt:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@115248 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      94781154
  27. 10 Apr, 2012 1 commit
    • paroga@webkit.org's avatar
      [CMake] Enable USE_FOLDERS property · 2fc0c72e
      paroga@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=83571
      
      Reviewed by Daniel Bates.
      
      .:
      
      Setting the FOLDER property on targets gives more structure
      to the generated Visual Studio solutions.
      This does not affect other CMake generators.
      
      * Source/cmake/OptionsCommon.cmake:
      
      Source/JavaScriptCore:
      
      Setting the FOLDER property on targets gives more structure
      to the generated Visual Studio solutions.
      This does not affect other CMake generators.
      
      * CMakeLists.txt:
      * shell/CMakeLists.txt:
      
      Source/WebCore:
      
      Setting the FOLDER property on targets gives more structure
      to the generated Visual Studio solutions.
      This does not affect other CMake generators.
      
      * CMakeLists.txt:
      
      Source/WebKit:
      
      Setting the FOLDER property on targets gives more structure
      to the generated Visual Studio solutions.
      This does not affect other CMake generators.
      
      * CMakeLists.txt:
      
      Source/WebKit2:
      
      Setting the FOLDER property on targets gives more structure
      to the generated Visual Studio solutions.
      This does not affect other CMake generators.
      
      * CMakeLists.txt:
      
      Source/WTF:
      
      Setting the FOLDER property on targets gives more structure
      to the generated Visual Studio solutions.
      This does not affect other CMake generators.
      
      * wtf/CMakeLists.txt:
      
      Tools:
      
      Setting the FOLDER property on targets gives more structure
      to the generated Visual Studio solutions.
      This does not affect other CMake generators.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      * EWebLauncher/CMakeLists.txt:
      * WinCELauncher/CMakeLists.txt:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113764 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2fc0c72e
  28. 06 Apr, 2012 1 commit
    • ggaren@apple.com's avatar
      Renamed · 61b97001
      ggaren@apple.com authored
              WeakHeap => WeakSet
              HandleHeap => HandleSet
      
      Reviewed by Sam Weinig.
      
      These sets do have internal allocators, but it's confusing to call them
      heaps because they're sub-objects of an object called "heap".
      
      * heap/HandleHeap.cpp: Removed.
      * heap/HandleHeap.h: Removed.
      * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp.
      * heap/WeakHeap.cpp: Removed.
      * heap/WeakHeap.h: Removed.
      * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp.
      * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h.
      
      Plus global rename using grep.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113508 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      61b97001