1. 26 Sep, 2012 1 commit
    • barraclough@apple.com's avatar
      Generalize JSGlobalThis as JSProxy · 4aef7247
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97716
      
      Reviewed by Oliver Hunt.
      
      ../JavaScriptCore: 
      
      Generalize JSGlobalThis as JSProxy and move proxying functionality up from the window shell into JSProxy.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::toThisObject):
          - Hoist toThisObject from WebCore.
      (JSC):
      * runtime/JSGlobalObject.h:
          - removed include.
      (JSC::JSGlobalObject::finishCreation):
          - JSGlobalThis -> JSObject
      (JSGlobalObject):
          - Hoist toThisObject from WebCore.
      * runtime/JSGlobalThis.cpp: Removed.
      * runtime/JSGlobalThis.h: Removed.
      * runtime/JSObject.cpp:
          - removed include.
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::isProxy):
          - isGlobalThis -> isProxy
          - GlobalThisType -> ProxyType
      * runtime/JSProxy.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.cpp.
      (JSC):
      (JSC::JSProxy::visitChildren):
      (JSC::JSProxy::setTarget):
      (JSC::JSProxy::className):
      (JSC::JSProxy::getOwnPropertySlot):
      (JSC::JSProxy::getOwnPropertySlotByIndex):
      (JSC::JSProxy::getOwnPropertyDescriptor):
      (JSC::JSProxy::put):
      (JSC::JSProxy::putByIndex):
      (JSC::JSProxy::putDirectVirtual):
      (JSC::JSProxy::defineOwnProperty):
      (JSC::JSProxy::deleteProperty):
      (JSC::JSProxy::deletePropertyByIndex):
      (JSC::JSProxy::getPropertyNames):
      (JSC::JSProxy::getOwnPropertyNames):
          - Class cretaed from JSGlobalThis, JSDOMWindowShell.
      * runtime/JSProxy.h: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.h.
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSProxy):
      (JSC::JSProxy::target):
      (JSC::JSProxy::JSProxy):
          - Class cretaed from JSGlobalThis, JSDOMWindowShell.
      * runtime/JSType.h:
          - GlobalThisType -> ProxyType
      
      ../WebCore: 
      
      This patch moves window shell functionality up to JSC::JSProxy.
      
      * ForwardingHeaders/runtime/JSGlobalThis.h: Removed.
      * ForwardingHeaders/runtime/JSProxy.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalThis.h.
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::finishCreation):
          - JSGlobalThis -> JSObject
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
          - JSGlobalThis -> JSObject
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore):
          - Hoist toThisObject up into JSC.
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
          - Hoist toThisObject up into JSC.
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore):
          - JSGlobalThis -> JSProxy
          - moved JSObject callbacks to JSProxy
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
          - JSGlobalThis -> JSProxy
          - moved JSObject callbacks to JSProxy
      (WebCore::JSDOMWindowShell::window):
          - unwrappedObject() -> target()
      (WebCore::JSDOMWindowShell::setWindow):
          - setUnwrappedObject() -> setTarget()
      (WebCore::JSDOMWindowShell::createStructure):
          - GlobalThisType -> ProxyType
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4aef7247
  2. 24 Sep, 2012 1 commit
    • barraclough@apple.com's avatar
      Remove JSObject::unwrappedGlobalObject(), JSObject::unwrappedObject() · 51bdc905
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97519
      
      Reviewed by Geoff Garen.
      
      ../JavaScriptCore: 
      
      unwrappedGlobalObject() was only needed because globalObject() doesn't always return a helpful result -
      specifically for WebCore's window shell the structure's globalObject is set to null. We can fix this by
      simply keeping the structure up to date as the window navigates, obviating the need for this function.
      
      The only other use of unwrappedObject() came from globalFuncEval(), and this can be trivially removed
      by flipping the way we perform this globalObject check (which we may also be able to remove!) - instead
      of getting the globalObject from the provided this value & comparing to the expected globalObject, we
      can get the this value from the expected globalObject, and compare to that provided.
      
      * runtime/JSGlobalObject.cpp:
          - Call globalObject() instead of unwrappedGlobalObject().
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
          - Changed to compare this object values, instead of globalObjects -
            this means we only need to be able to map globalObject -> this,
            and not vice versa.
      * runtime/JSObject.cpp:
      (JSC::JSObject::allowsAccessFrom):
      (JSC::JSObject::createInheritorID):
          - Call globalObject() instead of unwrappedGlobalObject().
      * runtime/JSObject.h:
      (JSObject):
          - Removed unwrappedGlobalObject(), unwrappedObject().
      
      ../WebCore: 
      
      JSDOMWindowShell::setWindow should update the structure's globalObject.
      
      * bindings/js/JSDOMWindowShell.h:
      (WebCore::JSDOMWindowShell::setWindow):
          - Update the JSDOMWindowShell's structure's globalObject when the
            window changes.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129456 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      51bdc905
  3. 21 Sep, 2012 1 commit
  4. 19 Sep, 2012 1 commit
  5. 18 Sep, 2012 2 commits
    • fpizlo@apple.com's avatar
      Unreviewed, fix sloppy English in comment. · 5d985e06
      fpizlo@apple.com authored
      * runtime/JSGlobalObject.cpp:
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128857 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5d985e06
    • ossy@webkit.org's avatar
      Unreviewed, rolling out r128826 and r128813. · 7c7e4274
      ossy@webkit.org authored
      Source/JavaScriptCore:
      
      * API/JSCallbackConstructor.cpp:
      (JSC):
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      * API/JSCallbackConstructor.h:
      (JSCallbackConstructor):
      * API/JSCallbackObject.cpp:
      (JSC):
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::create):
      (JSCallbackObject):
      * API/JSClassRef.cpp:
      (OpaqueJSClass::prototype):
      * API/JSObjectRef.cpp:
      (JSObjectMake):
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp:
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp:
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * heap/Heap.cpp:
      (JSC::Heap::isSafeToSweepStructures):
      (JSC):
      * heap/Heap.h:
      (JSC::Heap::allocatorForObjectWithDestructor):
      (Heap):
      (JSC::Heap::allocateWithDestructor):
      (JSC::Heap::allocateStructure):
      (JSC):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC::IncrementalSweeper::structuresCanBeSwept):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::cellsNeedDestruction):
      (JSC::MarkedAllocator::onlyContainsStructures):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC):
      (MarkedBlock):
      (JSC::MarkedBlock::cellsNeedDestruction):
      (JSC::MarkedBlock::onlyContainsStructures):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (Subspace):
      (JSC::MarkedSpace::allocatorFor):
      (JSC::MarkedSpace::destructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithDestructor):
      (JSC::MarkedSpace::allocateStructure):
      (JSC::MarkedSpace::forEachBlock):
      * heap/SlotVisitor.cpp:
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSArray):
      * jsc.cpp:
      (GlobalObject::create):
      * runtime/Arguments.cpp:
      (JSC):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::Arguments):
      * runtime/ErrorPrototype.cpp:
      (JSC):
      * runtime/Executable.h:
      * runtime/InternalFunction.cpp:
      (JSC):
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSCell.h:
      (JSC):
      (JSC::allocateCell):
      * runtime/JSDestructibleObject.h: Removed.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::createRareDataIfNeeded):
      (JSC::JSGlobalObject::create):
      * runtime/JSGlobalThis.h:
      (JSGlobalThis):
      (JSC::JSGlobalThis::JSGlobalThis):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSScope.cpp:
      (JSC):
      * runtime/JSString.h:
      (JSC):
      * runtime/JSWrapperObject.h:
      (JSWrapperObject):
      (JSC::JSWrapperObject::JSWrapperObject):
      * runtime/MathObject.cpp:
      (JSC):
      * runtime/NameInstance.h:
      (NameInstance):
      * runtime/RegExp.h:
      * runtime/RegExpObject.cpp:
      (JSC):
      * runtime/SparseArrayValueMap.h:
      * runtime/Structure.h:
      (JSC::Structure):
      (JSC::JSCell::classInfo):
      (JSC):
      * runtime/StructureChain.h:
      * runtime/SymbolTable.h:
      * testRegExp.cpp:
      (GlobalObject::create):
      
      Source/WebCore:
      
      * ForwardingHeaders/runtime/JSDestructibleObject.h: Removed.
      * bindings/js/JSDOMWrapper.h:
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      * bridge/objc/objc_runtime.h:
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (Bindings):
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      * bridge/runtime_array.cpp:
      (JSC):
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      * bridge/runtime_object.cpp:
      (Bindings):
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit):
      (WebKit::JSNPObject::JSNPObject):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (JSNPObject):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128851 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7c7e4274
  6. 17 Sep, 2012 3 commits
    • fpizlo@apple.com's avatar
      We don't have a bad enough time if an object's prototype chain crosses global objects · b9840ea0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96962
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * runtime/JSGlobalObject.cpp:
      (JSC):
      
      LayoutTests: 
      
      * fast/js/cross-frame-really-bad-time-expected.txt: Added.
      * fast/js/cross-frame-really-bad-time-with-__proto__-expected.txt: Added.
      * fast/js/cross-frame-really-bad-time-with-__proto__.html: Added.
      * fast/js/cross-frame-really-bad-time.html: Added.
      * fast/js/script-tests/cross-frame-really-bad-time-with-__proto__.js: Added.
      (foo):
      (evil):
      (bar):
      (done):
      * fast/js/script-tests/cross-frame-really-bad-time.js: Added.
      (Cons):
      (foo):
      (evil):
      (bar):
      (done):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128816 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b9840ea0
    • mhahnenberg@apple.com's avatar
      Delayed structure sweep can leak structures without bound · 013fd88d
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96546
      
      Reviewed by Gavin Barraclough.
      
      This patch gets rid of the separate Structure allocator in the MarkedSpace and adds two new destructor-only
      allocators. We now have separate allocators for our three types of objects: those objects with no destructors,
      those objects with destructors and with immortal structures, and those objects with destructors that don't have 
      immortal structures. All of the objects of the third type (destructors without immortal structures) now 
      inherit from a new class named JSDestructibleObject (which in turn is a subclass of JSNonFinalObject), which stores 
      the ClassInfo for these classes at a fixed offset for safe retrieval during sweeping/destruction.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp: Use JSDestructibleObject for JSCallbackConstructor.
      (JSC):
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      * API/JSCallbackConstructor.h:
      (JSCallbackConstructor):
      * API/JSCallbackObject.cpp: Inherit from JSDestructibleObject for normal JSCallbackObjects and use a finalizer for 
      JSCallbackObject<JSGlobalObject>, since JSGlobalObject also uses a finalizer.
      (JSC):
      (JSC::::create): We need to move the create function for JSCallbackObject<JSGlobalObject> out of line so we can add 
      the finalizer for it. We don't want to add the finalizer is something like finishCreation in case somebody decides 
      to subclass this. We use this same technique for many other subclasses of JSGlobalObject.
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      (JSC):
      * API/JSClassRef.cpp: Change all the JSCallbackObject<JSNonFinalObject> to use JSDestructibleObject instead.
      (OpaqueJSClass::prototype):
      * API/JSObjectRef.cpp: Ditto.
      (JSObjectMake):
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp: Ditto.
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGSpeculativeJIT.h: Use the proper allocator type when doing inline allocation in the DFG.
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * heap/Heap.cpp:
      (JSC):
      * heap/Heap.h: Add accessors for the various types of allocators now. Also remove the isSafeToSweepStructures function 
      since it's always safe to sweep Structures now.
      (JSC::Heap::allocatorForObjectWithNormalDestructor): 
      (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
      (Heap):
      (JSC::Heap::allocateWithNormalDestructor):
      (JSC):
      (JSC::Heap::allocateWithImmortalStructureDestructor):
      * heap/IncrementalSweeper.cpp: Remove all the logic to detect when it's safe to sweep Structures from the 
      IncrementalSweeper since it's always safe to sweep Structures now.
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp: Remove the logic that was preventing us from sweeping Structures if it wasn't safe. Add 
      tracking of the specific destructor type of allocator. 
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::destructorType):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp: Add all the destructor type stuff to MarkedBlocks so that we do the right thing when sweeping. 
      We also use the stored destructor type to determine the right thing to do in all JSCell::classInfo() calls.
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC):
      (JSC::MarkedBlock::allocator):
      (JSC::MarkedBlock::destructorType):
      * heap/MarkedSpace.cpp: Add the new destructor allocators to MarkedSpace.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor):
      (JSC::MarkedSpace::normalDestructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithImmortalStructureDestructor):
      (JSC::MarkedSpace::allocateWithNormalDestructor):
      (JSC::MarkedSpace::forEachBlock):
      * heap/SlotVisitor.cpp: Add include because the symbol was needed in an inlined function.
      * jit/JIT.h: Make sure we use the correct allocator when doing inline allocations in the baseline JIT.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSArray):
      * jsc.cpp: 
      (GlobalObject::create): Add finalizer here since JSGlobalObject needs to use a finalizer instead of inheriting from 
      JSDestructibleObject.
      * runtime/Arguments.cpp: Inherit from JSDestructibleObject.
      (JSC):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::Arguments):
      * runtime/ErrorPrototype.cpp: Added an assert to make sure we have a trivial destructor.
      (JSC):
      * runtime/Executable.h: Indicate that all of the Executable* classes have immortal Structures.
      (JSC):
      * runtime/InternalFunction.cpp: Inherit from JSDestructibleObject.
      (JSC):
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSCell.h: Added the NEEDS_DESTRUCTOR  macro to make it easier for classes to indicate that instead of being 
      allocated in a destructor MarkedAllocator that they will handle their destruction themselves through the 
      use of a finalizer.
      (JSC):
      (HasImmortalStructure): New template to help us determine at compile-time if a particular class 
      should be allocated in the immortal structure MarkedAllocator. The default value is false. In order 
      to be allocated in the immortal structure allocator, classes must specialize this template. Also added 
      a macro to make it easier for classes to specialize the template.
      (JSC::allocateCell): Use the appropriate allocator depending on the destructor type.
      * runtime/JSDestructibleObject.h: Added. New class that stores the ClassInfo of any subclass so that it can be 
      accessed safely when the object is being destroyed.
      (JSC):
      (JSDestructibleObject):
      (JSC::JSDestructibleObject::classInfo):
      (JSC::JSDestructibleObject::JSDestructibleObject):
      (JSC::JSCell::classInfo): Checks the current MarkedBlock to see where it should get the ClassInfo from so that it's always safe.
      * runtime/JSGlobalObject.cpp: JSGlobalObject now uses a finalizer instead of a destructor so that it can avoid forcing all 
      of its relatives in the inheritance hierarchy (e.g. JSScope) to use destructors as well.
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::createRareDataIfNeeded): Since we always create a finalizer now, we don't have to worry about adding one 
      for the m_rareData field when it's created.
      (JSC::JSGlobalObject::create):
      (JSC):
      * runtime/JSGlobalThis.h: Inherit from JSDestructibleObject.
      (JSGlobalThis):
      (JSC::JSGlobalThis::JSGlobalThis):
      * runtime/JSPropertyNameIterator.h: Has an immortal Structure.
      (JSC):
      * runtime/JSScope.cpp:
      (JSC):
      * runtime/JSString.h: Has an immortal Structure.
      (JSC):
      * runtime/JSWrapperObject.h: Inherit from JSDestructibleObject.
      (JSWrapperObject):
      (JSC::JSWrapperObject::JSWrapperObject):
      * runtime/MathObject.cpp: Cleaning up some of the inheritance stuff.
      (JSC):
      * runtime/NameInstance.h: Inherit from JSDestructibleObject.
      (NameInstance):
      * runtime/RegExp.h: Has immortal Structure.
      (JSC):
      * runtime/RegExpObject.cpp: Inheritance cleanup.
      (JSC):
      * runtime/SparseArrayValueMap.h: Has immortal Structure.
      (JSC):
      * runtime/Structure.h: Has immortal Structure.
      (JSC):
      * runtime/StructureChain.h: Ditto.
      (JSC):
      * runtime/SymbolTable.h: Ditto.
      (SharedSymbolTable):
      (JSC):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/runtime/JSDestructableObject.h: Added.
      * bindings/js/JSDOMWrapper.h: Inherits from JSDestructibleObject.
      (JSDOMWrapper):
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/scripts/CodeGeneratorJS.pm: Add finalizers to anything that inherits from JSGlobalObject,
      e.g. JSDOMWindow and JSWorkerContexts. For those classes we also need to use the NEEDS_DESTRUCTOR macro.
      (GenerateHeader):
      * bridge/objc/objc_runtime.h: Inherit from JSDestructibleObject.
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (Bindings):
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      * bridge/runtime_array.cpp: Use a finalizer so that JSArray isn't forced to inherit from JSDestructibleObject.
      (JSC):
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC):
      * bridge/runtime_object.cpp: Inherit from JSDestructibleObject.
      (Bindings):
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128813 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      013fd88d
    • fpizlo@apple.com's avatar
      If a prototype has indexed setters and its instances have indexed storage,... · 1c4a32c9
      fpizlo@apple.com authored
      If a prototype has indexed setters and its instances have indexed storage, then all put_by_val's should have a bad time
      https://bugs.webkit.org/show_bug.cgi?id=96596
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Added comprehensive support for accessors and read-only indexed properties on the
      prototype chain. This is done without any performance regression on benchmarks that
      we're aware of, by having the entire VM's strategy with respect to arrays tilted
      heavily in favor of:
              
      - The prototype chain of JSArrays never having any accessors or read-only indexed
        properties. If that changes, you're going to have a bad time.
              
      - Prototypes of non-JSArray objects either having no indexed accessors or read-only
        indexed properties, or, having those indexed accessor thingies inserted before
        any instance object (i.e. object with that prototype as its prototype) is created.
        If you add indexed accessors or read-only indexed properties to an object that is
        already used as a prototype, you're going to have a bad time.
              
      See below for the exact definition of having a bad time.
              
      Put another way, "fair" uses of indexed accessors and read-only indexed properties
      are:
              
      - Put indexed accessors and read-only indexed properties on an object that is never
        used as a prototype. This will slow down accesses to that object, but will not
        have any effect on any other object.
              
      - Put those indexed accessor thingies on an object before it is used as a prototype
        and then start instantiating objects that claim that object as their prototype.
        This will slightly slow down indexed stores to the instance objects, and greatly
        slow down all indexed accesses to the prototype, but will have no other effect.
              
      In short, "fair" uses only affect the object itself and any instance objects. But
      if you start using indexed accessors in more eclectic ways, you're going to have
      a bad time.
              
      Specifically, if an object that may be used as a prototype has an indexed accessor
      added, the VM performs a whole-heap scan to find all objects that belong to the
      same global object as the prototype you modified. If any of those objects has
      indexed storage, their indexed storage is put into slow-put mode, just as if their
      prototype chain had indexed accessors. This will happen even for objects that do
      not currently have indexed accessors in their prototype chain. As well, all JSArray
      allocations are caused to create arrays with slow-put storage, and all future
      allocations of indexed storage for non-JSArray objects are also flipped to slow-put
      mode. Note there are two aspects to having a bad time: (i) the whole-heap scan and
      (ii) the poisoning of all indexed storage in the entire global object. (i) is
      necessary for correctness. If we detect that an object that may be used as a
      prototype has had an indexed accessor or indexed read-only property inserted into
      it, then we need to ensure that henceforth all instances of that object inspect
      the prototype chain whenever an indexed hole is stored to. But by default, indexed
      stores do no such checking because doing so would be unnecessarily slow. So, we must
      find all instances of the affected object and flip them into a different array
      storage mode that omits all hole optimizations. Since prototypes never keep a list
      of instance objects, the only way to find those objects is a whole-heap scan. But
      (i) alone would be a potential disaster, if a program frequently allocated an
      object without indexed accessors, then allocated a bunch of objects that used that
      one as their prototype, and then added indexed accessors to the prototype. So, to
      prevent massive heap scan storms in such awkward programs, having a bad time also
      implies (ii): henceforth *all* objects belonging to that global object will use
      slow put indexed storage, so that we don't ever have to scan the heap again. Note
      that here we are using the global object as just an approximation of a program
      module; it may be worth investigating in the future if other approximations can be
      used instead.
      
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::isSlowPutAccess):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasIndexedProperties):
      (JSC::hasIndexingHeader):
      (JSC::hasArrayStorage):
      (JSC::shouldUseSlowPut):
      * runtime/JSArray.cpp:
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      * runtime/JSArray.h:
      (JSC::JSArray::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::addressOfArrayStructure):
      (JSC::JSGlobalObject::havingABadTimeWatchpoint):
      (JSC::JSGlobalObject::isHavingABadTime):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::resetInheritorID):
      (JSC::JSObject::inheritorID):
      (JSC::JSObject::allowsAccessFrom):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::unwrappedGlobalObject):
      (JSC::JSObject::notifyUsedAsPrototype):
      (JSC::JSObject::createInheritorID):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
      (JSC::JSObject::attemptToInterceptPutByIndexOnHole):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::mayBeUsedAsPrototype):
      (JSObject):
      (JSC::JSObject::mayInterceptIndexedAccesses):
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrNull):
      (JSC::JSObject::ensureArrayStorage):
      (JSC):
      (JSC::JSValue::putByIndex):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::putToPrimitiveByIndex):
      (JSC):
      * runtime/JSValue.h:
      (JSValue):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayEntry::put):
      (JSC):
      * runtime/SparseArrayValueMap.h:
      (JSC):
      (SparseArrayEntry):
      * runtime/Structure.cpp:
      (JSC::Structure::anyObjectInChainMayInterceptIndexedAccesses):
      (JSC):
      (JSC::Structure::suggestedIndexingTransition):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::mayInterceptIndexedAccesses):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      LayoutTests: 
      
      Removed failing expectation for primitive-property-access-edge-cases, and
      added more tests to cover the numerical-setter-on-prototype cases.
      
      * fast/js/array-bad-time-expected.txt: Added.
      * fast/js/array-bad-time.html: Added.
      * fast/js/array-slow-put-expected.txt: Added.
      * fast/js/array-slow-put.html: Added.
      * fast/js/cross-frame-bad-time-expected.txt: Added.
      * fast/js/cross-frame-bad-time.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/object-bad-time-expected.txt: Added.
      * fast/js/object-bad-time.html: Added.
      * fast/js/object-slow-put-expected.txt: Added.
      * fast/js/object-slow-put.html: Added.
      * fast/js/script-tests/array-bad-time.js: Added.
      * fast/js/script-tests/array-slow-put.js: Added.
      (foo):
      * fast/js/script-tests/cross-frame-bad-time.js: Added.
      (foo):
      * fast/js/script-tests/object-bad-time.js: Added.
      (Cons):
      * fast/js/script-tests/object-slow-put.js: Added.
      (Cons):
      (foo):
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c4a32c9
  7. 12 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should have property butterflies · d8dd0535
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91933
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      This changes the JSC object model. Previously, all objects had fast lookup for
      named properties. Integer indexed properties were only fast if you used a
      JSArray. With this change, all objects have fast indexed properties. This is
      accomplished without any space overhead by using a bidirectional object layout,
      aka butterflies. Each JSObject has a m_butterfly pointer where previously it
      had a m_outOfLineStorage pointer. To the left of the location pointed to by
      m_butterfly, we place all named out-of-line properties. To the right, we place
      all indexed properties along with indexing meta-data. Though, some indexing
      meta-data is placed in the 8-byte word immediately left of the pointed-to
      location; this is in anticipation of the indexing meta-data being small enough
      in the common case that m_butterfly always points to the first indexed
      property.
              
      This is performance neutral, except on tests that use indexed properties on
      plain objects, where the speed-up is in excess of an order of magnitude.
              
      One notable aspect of what this change brings is that it allows indexing
      storage to morph over time. Currently this is only used to allow all non-array
      objects to start out without any indexed storage. But it could be used for
      some kinds of array type inference in the future.
      
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlotByIndex):
      (JSC):
      (JSC::::getOwnNonIndexPropertyNames):
      * API/JSObjectRef.cpp:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitDirectPutById):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (AdjacencyList):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::modeSupportsLength):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::addNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryBuildPutByIdList):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateBasicStorage):
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Arguments.cpp:
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::defineOwnProperty):
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConventions.h: Added.
      (JSC):
      (JSC::isDenseEnoughForVector):
      (JSC::indexingHeaderForArray):
      (JSC::baseIndexingHeaderForArray):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::create):
      (JSC):
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      (JSC::ArrayPrototype::createStructure):
      * runtime/ArrayStorage.h: Added.
      (JSC):
      (ArrayStorage):
      (JSC::ArrayStorage::ArrayStorage):
      (JSC::ArrayStorage::from):
      (JSC::ArrayStorage::butterfly):
      (JSC::ArrayStorage::indexingHeader):
      (JSC::ArrayStorage::length):
      (JSC::ArrayStorage::setLength):
      (JSC::ArrayStorage::vectorLength):
      (JSC::ArrayStorage::setVectorLength):
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (JSC::ArrayStorage::inSparseMode):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::vectorLengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSC::ArrayStorage::indexBiasOffset):
      (JSC::ArrayStorage::sparseMapOffset):
      (JSC::ArrayStorage::sizeFor):
      * runtime/Butterfly.h: Added.
      (JSC):
      (Butterfly):
      (JSC::Butterfly::Butterfly):
      (JSC::Butterfly::totalSize):
      (JSC::Butterfly::fromBase):
      (JSC::Butterfly::offsetOfIndexingHeader):
      (JSC::Butterfly::offsetOfPublicLength):
      (JSC::Butterfly::offsetOfVectorLength):
      (JSC::Butterfly::indexingHeader):
      (JSC::Butterfly::propertyStorage):
      (JSC::Butterfly::indexingPayload):
      (JSC::Butterfly::arrayStorage):
      (JSC::Butterfly::offsetOfPropertyStorage):
      (JSC::Butterfly::indexOfPropertyStorage):
      (JSC::Butterfly::base):
      * runtime/ButterflyInlineMethods.h: Added.
      (JSC):
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::createUninitializedDuringCollection):
      (JSC::Butterfly::base):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/ClassInfo.h:
      (MethodTable):
      (JSC):
      * runtime/IndexingHeader.h: Added.
      (JSC):
      (IndexingHeader):
      (JSC::IndexingHeader::offsetOfIndexingHeader):
      (JSC::IndexingHeader::offsetOfPublicLength):
      (JSC::IndexingHeader::offsetOfVectorLength):
      (JSC::IndexingHeader::IndexingHeader):
      (JSC::IndexingHeader::vectorLength):
      (JSC::IndexingHeader::setVectorLength):
      (JSC::IndexingHeader::publicLength):
      (JSC::IndexingHeader::setPublicLength):
      (JSC::IndexingHeader::from):
      (JSC::IndexingHeader::fromEndOf):
      (JSC::IndexingHeader::propertyStorage):
      (JSC::IndexingHeader::arrayStorage):
      (JSC::IndexingHeader::butterfly):
      * runtime/IndexingHeaderInlineMethods.h: Added.
      (JSC):
      (JSC::IndexingHeader::preCapacity):
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.h: Added.
      (JSC):
      (JSC::hasIndexingHeader):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::getOwnNonIndexPropertyNames):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::getOwnNonIndexPropertyNames):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      (JSC::JSArray::JSArray):
      (JSC::JSArray::length):
      (JSC::JSArray::createStructure):
      (JSC::JSArray::isLengthWritable):
      (JSC::createArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnNonIndexPropertyNames):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC):
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::fillGetterPropertySlot):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::deallocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      (JSC::JSObject::getOwnPropertySlotSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSObject):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::butterfly):
      (JSC::JSObject::outOfLineStorage):
      (JSC::JSObject::offsetForLocation):
      (JSC::JSObject::indexingShouldBeSparse):
      (JSC::JSObject::butterflyOffset):
      (JSC::JSObject::butterflyAddress):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrZero):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::setButterflyWithoutChangingStructure):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::offsetInButterfly):
      (JSC::offsetRelativeToPatchedStorage):
      (JSC::indexRelativeToBase):
      (JSC::offsetRelativeToBase):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/JSTypeInfo.h:
      (JSC):
      (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero):
      (JSC::TypeInfo::overridesGetPropertyNames):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyOffset.h:
      (JSC::offsetInOutOfLineStorage):
      * runtime/PropertyStorage.h: Added.
      (JSC):
      * runtime/PutDirectIndexMode.h: Added.
      (JSC):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnNonIndexPropertyNames):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/Reject.h: Added.
      (JSC):
      (JSC::reject):
      * runtime/SparseArrayValueMap.cpp: Added.
      (JSC):
      * runtime/SparseArrayValueMap.h: Added.
      (JSC):
      (SparseArrayEntry):
      (JSC::SparseArrayEntry::SparseArrayEntry):
      (SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
      * runtime/SparseArrayValueMapInlineMethods.h: Added.
      (JSC):
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::~SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::destroy):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::get):
      (JSC::SparseArrayEntry::getNonSparseMode):
      (JSC::SparseArrayValueMap::visitChildren):
      * runtime/StorageBarrier.h: Removed.
      * runtime/StringObject.cpp:
      (JSC::StringObject::putByIndex):
      (JSC):
      (JSC::StringObject::deletePropertyByIndex):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::nonPropertyTransition):
      (JSC):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::indexingType):
      (JSC::Structure::indexingTypeIncludingHistory):
      (JSC::Structure::indexingTypeOffset):
      (JSC::Structure::create):
      * runtime/StructureTransitionTable.h:
      (JSC):
      (JSC::toAttributes):
      (JSC::newIndexingType):
      (JSC::StructureTransitionTable::Hash::hash):
      * tests/mozilla/js1_6/Array/regress-304828.js:
      
      Source/WebCore: 
      
      Teach the DOM that to intercept get/put on indexed properties, you now have
      to override getOwnPropertySlotByIndex and putByIndex.
      
      No new tests because no new behavior. One test was rebased because indexed
      property iteration order now matches other engines (indexed properties always
      come first).
      
      * bindings/js/ArrayValue.cpp:
      (WebCore::ArrayValue::get):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindow::putByIndex):
      (WebCore::JSDOMWindow::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindowShell::putByIndex):
      (WebCore::JSDOMWindowShell::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSWebSocketCustom.cpp:
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::serialize):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      
      LayoutTests: 
      
      Modify the JSON test to indicate that iterating over properties now returns
      indexed properties first. This is a behavior change that makes us more
      compliant with other implementations.
              
      Also check in new expected file for the edge cases of indexed property access
      with prototype accessors. This changeset introduces a known regression in that
      department, which is tracked here: https://bugs.webkit.org/show_bug.cgi?id=96596
      
      * fast/js/resources/JSON-stringify.js:
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d8dd0535
  8. 07 Sep, 2012 1 commit
    • benjamin@webkit.org's avatar
      Rename the ustring() accessor to string() · c9b7a208
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95919
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-09-07
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Rename ustring() to string() to make the accessor name more logical after
      r127191.
      
      * API/JSBase.cpp:
      (JSEvaluateScript):
      (JSCheckScriptSyntax):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      (JSObjectMakeFunction):
      (JSObjectCopyPropertyNames):
      * API/JSProfilerPrivate.cpp:
      (JSStartProfiling):
      (JSEndProfiling):
      * API/JSValueRef.cpp:
      (JSValueMakeString):
      (JSValueMakeFromJSONString):
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::string):
      * API/OpaqueJSString.h:
      (OpaqueJSString):
      * bytecode/CodeBlock.cpp:
      (JSC::idName):
      (JSC::CodeBlock::dump):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitLoad):
      (JSC::BytecodeGenerator::addStringConstant):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::processClauseList):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::createRegExp):
      * parser/Parser.cpp:
      (JSC::::parsePrimaryExpression):
      * parser/Parser.h:
      (JSC::Scope::declareVariable):
      (JSC::Scope::declareParameter):
      (JSC::Scope::useVariable):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::createRegExp):
      * runtime/ExceptionHelpers.cpp:
      (JSC::createUndefinedVariableError):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::paramString):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::finishCreation):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::addFunctionProperties):
      * runtime/Identifier.h:
      (JSC::Identifier::string):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::calculatedDisplayName):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSONObject.cpp:
      (JSC::PropertyNameForFunctionCall::value):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::finishCreation):
      * runtime/JSScope.cpp:
      (JSC::JSScope::resolveBase):
      * runtime/JSString.h:
      (JSC::inlineJSValueNotStringtoString):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::objectConstructorGetOwnPropertyNames):
      (JSC::objectConstructorKeys):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::finishCreation):
      
      Source/WebCore: 
      
      * bindings/js/Dictionary.cpp:
      (WebCore::Dictionary::getOwnPropertiesAsStringHashMap):
      (WebCore::Dictionary::getOwnPropertyNames):
      * bindings/js/SerializedScriptValue.cpp:
      Simplify a few String constructions which were still using type conversion
      through StringImpl.
      
      (WebCore::CloneSerializer::write):
      (WebCore::CloneDeserializer::CachedString::string):
      (WebCore::CloneDeserializer::readFile):
      (WebCore::CloneDeserializer::readTerminal):
      (WebCore::CloneDeserializer::deserialize):
      * bridge/NP_jsobject.cpp:
      (_NPN_Enumerate):
      
      Source/WebKit/efl: 
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::sendWebIntentResponse):
      (DumpRenderTreeSupportEfl::deliverWebIntent):
      Aslo update the code from the UString->String conversion through StringImpl.
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::enumerate):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::enumerate):
      
      Tools: 
      
      Update EFL's DRT.
      
      Fix some string conversion that have been made useless
      with recent changes.
      
      * DumpRenderTree/efl/EventSender.cpp:
      (keyPadNameFromJSValue):
      (keyNameFromJSValue):
      * DumpRenderTree/efl/TestRunnerEfl.cpp:
      (TestRunner::queueLoad):
      (TestRunner::addOriginAccessWhitelistEntry):
      (TestRunner::removeOriginAccessWhitelistEntry):
      (TestRunner::setUserStyleSheetLocation):
      (TestRunner::setValueForUser):
      (TestRunner::elementDoesAutoCompleteForElementWithId):
      (TestRunner::execCommand):
      (TestRunner::findString):
      (TestRunner::isCommandEnabled):
      (TestRunner::clearApplicationCacheForOrigin):
      (TestRunner::setDomainRelaxationForbiddenForURLScheme):
      (TestRunner::pauseAnimationAtTimeOnElementWithId):
      (TestRunner::pauseTransitionAtTimeOnElementWithId):
      (toInt):
      (TestRunner::overridePreference):
      (TestRunner::addUserScript):
      (TestRunner::addUserStyleSheet):
      (TestRunner::evaluateInWebInspector):
      (TestRunner::evaluateScriptInIsolatedWorld):
      (TestRunner::setTextDirection):
      * DumpRenderTree/efl/WorkQueueItemEfl.cpp:
      (LoadItem::invoke):
      (LoadHTMLStringItem::invoke):
      (ScriptItem::invoke):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127958 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c9b7a208
  9. 04 Sep, 2012 1 commit
    • benjamin@webkit.org's avatar
      Improve JSC use of Strings after the UString->String change · 762e2c65
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95633
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-09-04
      Reviewed by Geoffrey Garen.
      
      This patch improve the use of strings in the JSC runtime.
      
      The initialization of Identifier is left for future patches.
      
      The improvements are the following:
      -5% faster to raise one of the modified exception.
      -3 times faster to execute Boolean::toString()
      
      Most of the changes are just about using the new methods
      for string literals.
      
      With the changes, the binary on x86_64 gets 176 bytes smaller.
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      * bytecode/CodeBlock.cpp:
      (JSC::valueToSourceString):
      (JSC::CodeBlock::nameForRegister):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::addStackTraceIfNecessary):
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
      * runtime/ArrayPrototype.cpp:
      (JSC::shift):
      (JSC::unshift):
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncReverse):
      * runtime/BooleanPrototype.cpp:
      (JSC::booleanProtoFuncToString): Instead of instanciating new strings, reuse the
      keywords available in SmallStrings. Avoiding the creation of the JSString and StringImpl
      makes the method significantly faster.
      
      * runtime/DateConversion.cpp:
      (JSC::formatDateTime):
      * runtime/DatePrototype.cpp:
      (JSC::formatLocaleDate):
      (JSC::formateDateInstance):
      (JSC::dateProtoFuncToISOString):
      Change the way we use snprintf() for clarity and performance.
      
      Instead of allocating one extra byte to put a zero "just in case", we use the size returned
      by snprintf().
      To prevent any overflow from a programming mistake, we explicitely test for overflow and
      return an empty string.
      
      (JSC::dateProtoFuncToJSON):
      * runtime/Error.cpp:
      (JSC::createNotEnoughArgumentsError):
      (JSC::throwTypeError):
      (JSC::throwSyntaxError):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::finishCreation):
      (JSC::errorProtoFuncToString):
      Using a null String is correct because (8) uses jsString(), (9) tests for a length of 0.
      
      * runtime/ExceptionHelpers.cpp:
      (JSC::InterruptedExecutionError::defaultValue):
      (JSC::TerminatedExecutionError::defaultValue):
      (JSC::createStackOverflowError):
      (JSC::createOutOfMemoryError):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::FunctionExecutable::paramString):
      * runtime/FunctionConstructor.cpp:
      (JSC::constructFunction):
      (JSC::constructFunctionSkippingEvalEnabledCheck):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      Using a null String for the name is correct because InternalFunction uses jsString()
      to create the name value.
      
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      There is no need to create an empty string for a null string, jsString() handle both
      cases as empty JSString.
      
      * runtime/JSArray.cpp:
      (JSC::reject):
      (JSC::SparseArrayValueMap::put):
      (JSC::JSArray::put):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::putDirectIndexBeyondVectorLength):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation): Same issue as InternalFunction::finishCreation.
      
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSGlobalData.cpp:
      (JSC::enableAssembler): Use CFSTR() instead of CFStringCreateWithCString().
      CFStringCreateWithCString() copy the content and may choose to decode the data.
      CFSTR() is much more efficient.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      JSFunction uses jsString() to create the name, we can use null strings instead
      of creating empty strings.
      
      (JSC::JSGlobalObject::createThrowTypeError): ditto.
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::encode):
      (JSC::decode):
      (JSC::globalFuncEval):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::defaultValue):
      (JSC::JSObject::hasInstance):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSString.cpp:
      Return an empty JSString to avoid the creation of a temporary empty String.
      
      (JSC::JSRopeString::getIndexSlowCase):
      * runtime/JSString.h:
      (JSC): Remove the versions of jsNontrivialString() taking a char*. All the callers
      have been replaced by calls using ASCIILiteral.
      
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/LiteralParser.cpp:
      (JSC::::Lexer::lex):
      (JSC::::Lexer::lexString):
      (JSC::::Lexer::lexNumber):
      (JSC::::parse):
      * runtime/LiteralParser.h:
      (JSC::LiteralParser::getErrorMessage):
      * runtime/NumberPrototype.cpp:
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetPrototypeOf):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorGetOwnPropertyNames):
      (JSC::objectConstructorKeys):
      (JSC::toPropertyDescriptor):
      (JSC::objectConstructorDefineProperty):
      (JSC::objectConstructorDefineProperties):
      (JSC::objectConstructorCreate):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      (JSC::objectConstructorIsExtensible):
      * runtime/ObjectPrototype.cpp:
      (JSC::objectProtoFuncDefineGetter):
      (JSC::objectProtoFuncDefineSetter):
      (JSC::objectProtoFuncToString):
      * runtime/RegExpConstructor.cpp:
      (JSC::constructRegExp):
      * runtime/RegExpObject.cpp:
      (JSC::reject):
      (JSC::regExpObjectSource):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/StringObject.cpp:
      (JSC::StringObject::defineOwnProperty):
      * runtime/StringPrototype.cpp:
      (JSC::jsSpliceSubstrings):
      (JSC::jsSpliceSubstringsWithSeparators):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127505 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      762e2c65
  10. 01 Sep, 2012 1 commit
    • ggaren@apple.com's avatar
      2012-09-01 Geoffrey Garen <ggaren@apple.com> · 9400df8f
      ggaren@apple.com authored
              Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
      
                  Shrink activation objects by half
                  https://bugs.webkit.org/show_bug.cgi?id=95591
      
                  Reviewed by Sam Weinig.
      
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::JSActivation):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::JSGlobalObject):
              (JSC::JSGlobalObject::setGlobalThis):
              (JSC):
              (JSC::JSGlobalObject::visitChildren):
              * runtime/JSGlobalObject.h:
              (JSGlobalObject):
              (JSC::JSScope::globalThis):
              (JSC):
              (JSC::JSGlobalObject::globalThis):
              * runtime/JSNameScope.h:
              (JSC::JSNameScope::JSNameScope):
              * runtime/JSScope.cpp:
              (JSC::JSScope::visitChildren):
              * runtime/JSScope.h:
              (JSScope):
              (JSC::JSScope::JSScope):
              (JSC::JSScope::globalObject):
              (JSC::JSScope::globalData):
              * runtime/JSSegmentedVariableObject.h:
              (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
              * runtime/JSSymbolTableObject.h:
              (JSC::JSSymbolTableObject::JSSymbolTableObject):
              * runtime/JSVariableObject.h:
              (JSC::JSVariableObject::JSVariableObject):
              * runtime/JSWithScope.h:
              (JSC::JSWithScope::JSWithScope):
              * runtime/StrictEvalActivation.cpp:
              (JSC::StrictEvalActivation::StrictEvalActivation):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127363 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9400df8f
  11. 31 Aug, 2012 3 commits
    • ggaren@apple.com's avatar
      Rolled back in a piece of <http://trac.webkit.org/changeset/127293>. · 70aed69e
      ggaren@apple.com authored
          Shrink activation objects by half
          https://bugs.webkit.org/show_bug.cgi?id=95591
      
          Reviewed by Sam Weinig.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve_global_dynamic):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::withScopeStructure):
      (JSC::JSGlobalObject::strictEvalActivationStructure):
      (JSC::JSGlobalObject::activationStructure):
      (JSC::JSGlobalObject::nameScopeStructure):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127345 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      70aed69e
    • ggaren@apple.com's avatar
      Not reviewed. · 1929b299
      ggaren@apple.com authored
      Rolled out http://trac.webkit.org/changeset/127293 because it broke
      inspector tests on Windows.
      
          Shrink activation objects by half
          https://bugs.webkit.org/show_bug.cgi?id=95591
      
          Reviewed by Sam Weinig.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127304 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1929b299
    • ggaren@apple.com's avatar
      Shrink activation objects by half · 0b44fca6
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95591
      
      Reviewed by Sam Weinig.
      
      Removed the global object, global data, and global this pointers from
      JSScope, and changed an int to a bitfield. This gets the JSActivation
      class down to 64 bytes, which in practice cuts it in half by getting it
      out of the 128 byte size class.
      
      Now, it's one extra indirection to get these pointers. These pointers
      aren't accessed by JIT code, so I thought there would be no cost to the
      extra indirection. However, some C++-heavy SunSpider tests regressed a
      bit in an early version of the patch, which added even more indirection.
      This suggests that calls to exec->globalData() and/or exec->lexicalGlobalObject()
      are common and probably duplicated in lots of places, and could stand
      further optimization in C++.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute): Test against the specific activation
      for our global object, since there's no VM-shared activation structure
      anymore. This is guaranteed to have the same success rate as the old test
      because activation scope is fixed at compile time.
      
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::globalData):
      * heap/WeakSet.cpp:
      (JSC::WeakSet::addAllocator):
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::WeakSet):
      (JSC::WeakSet::globalData): Store a JSGlobalData* instead of a Heap*
      because JSGlobalData->Heap is just a constant fold in the addressing
      mode, while Heap->JSGlobalData is an extra pointer dereference. (These
      objects should eventually just merge.)
      
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve_global_dynamic): See DFGAbstractState.cpp.
      
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Load the activation structure from
      the code block instead of the global data because the structure is not
      VM-shared anymore. (See DFGAbstractState.cpp.)
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      * runtime/JSActivation.h:
      (JSActivation): This is the point of the patch: Remove the data.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData): No longer VM-shared. (See DFGAbstractState.cpp.)
      
      (JSC::WeakSet::heap): (See WeakSet.h.)
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::setGlobalThis):
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::withScopeStructure):
      (JSC::JSGlobalObject::strictEvalActivationStructure):
      (JSC::JSGlobalObject::activationStructure):
      (JSC::JSGlobalObject::nameScopeStructure):
      (JSC::JSScope::globalThis):
      (JSC::JSGlobalObject::globalThis): Data that used to be in the JSScope
      class goes here now, so it's not duplicated across all activations.
      
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSScope.cpp:
      (JSC::JSScope::visitChildren): This is the point of the patch: Remove the data.
      
      * runtime/JSScope.h:
      (JSScope):
      (JSC::JSScope::JSScope):
      (JSC::JSScope::globalObject):
      (JSC::JSScope::globalData):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::JSWithScope):
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation): Simplified now that
      we don't need to pass so much data to JSScope.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127293 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0b44fca6
  12. 30 Aug, 2012 1 commit
    • ggaren@apple.com's avatar
      Use one object instead of two for closures, eliminating ScopeChainNode · b11e7874
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95501
      
      Reviewed by Filip Pizlo.
      
      ../JavaScriptCore: 
      
      This patch removes ScopeChainNode, and moves all the data and related
      functions that used to be in ScopeChainNode into JSScope.
      
      Most of this patch is mechanical changes to use a JSScope* where we used
      to use a ScopeChainNode*. I've only specifically commented about items
      that were non-mechanical.
      
      * runtime/Completion.cpp:
      (JSC::evaluate):
      * runtime/Completion.h: Don't require an explicit scope chain argument
      when evaluating code. Clients never wanted anything other than the
      global scope, and other arbitrary scopes probably wouldn't work
      correctly, anyway.
      
      * runtime/JSScope.cpp:
      * runtime/JSScope.h:
      (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
      ScopeChainNode, so it can link itself into the scope chain correctly.
      
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
      for specifically supplying your own scope chain. The DOM needs this
      interface for setting up the scope chain for certain event handlers.
      Other clients always just push the JSWithScope to the head of the current
      scope chain.
      
      ../WebCore: 
      
      Mechanical changes to update for JSC interface changes.
      
      ../WebKit/mac: 
      
      Mechanical change to update for JSC interface change.
      
      ../WebKit/qt: 
      
      Mechanical change to update for JSC interface change.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      ../WebKit2: 
      
      Mechanical changes to update for JSC interface change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b11e7874
  13. 26 Aug, 2012 1 commit
  14. 25 Aug, 2012 1 commit
    • ggaren@apple.com's avatar
      Don't use malloc / destructors for activation objects · 47e224a6
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=94897
      
      Reviewed by Oliver Hunt.
      
      65% faster on v8-real-earley.
      
      Lots of boilerplate here, but the jist is this:
      
      (1) Use CopiedSpace instead of malloc to allocate the activation's
      backing store.
      
      (2) Use MarkedSpace instead of ref-counting to allocate the symbol table.
      
      (3) ==> No more destructor.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::symbolTable):
      (CodeBlock):
      (JSC::GlobalCodeBlock::GlobalCodeBlock):
      (JSC::FunctionCodeBlock::FunctionCodeBlock):
      (FunctionCodeBlock): SymbolTable is a GC object now, so it gets a write
      barrier and visit calls instead of ref-counting. I changed all CodeBlocks
      to use shared symbol tables because the distinction between shared and
      unshared hurt my head.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): Sometimes, a period just wants
      to be an arrow. And then C++ is there to accommodate.
      
      * jit/JITDriver.h:
      (JSC::jitCompileFunctionIfAppropriate):
      * runtime/Arguments.h:
      (ArgumentsData):
      (JSC::Arguments::setRegisters):
      (Arguments):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::symbolTable):
      (FunctionExecutable):
      * runtime/ExecutionHarness.h:
      (JSC::prepareFunctionForExecution): I changed from WriteBarrier to
      WriteBarrierBase so activations could reuse StorageBarrier and PropertyStorage.
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::finishCreation): Allocate the symbol table here,
      after we're fully constructed, to avoid GC during initialization.
      
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::getOwnPropertyNames):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSActivation):
      (JSC::JSActivation::registerOffset):
      (JSC):
      (JSC::JSActivation::registerArraySize):
      (JSC::JSActivation::registerArraySizeInBytes):
      (JSC::JSActivation::tearOff): Tear-off zero-initializes all uncopied
      registers. This makes it safe to copyAndAppend the full buffer in
      visitChildren, without any extra checks.
      
      * runtime/JSCell.h:
      (JSCell): Moved a shared default set of flags into this base class, so
      I could use it in a few places.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData): New structure for symbol tables.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::addStaticGlobals):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::symbolTableHasProperty): We don't need an inline
      symbol table -- JSSymbolTableObject will GC allocate one for us.
      
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      * runtime/JSStaticScopeObject.cpp:
      (JSC):
      (JSC::JSStaticScopeObject::visitChildren): NULL check our register store
      because finishCreation allocates an object now, so we may get marked
      before we've assigned to our register store.
      
      * runtime/JSStaticScopeObject.h:
      (JSC::JSStaticScopeObject::finishCreation):
      (JSC::JSStaticScopeObject::JSStaticScopeObject):
      (JSStaticScopeObject): No more destructor for this object, either, since
      it no longer embeds a hash table.
      
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::visitChildren):
      (JSC::JSSymbolTableObject::deleteProperty):
      (JSC::JSSymbolTableObject::getOwnPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::symbolTable):
      (JSSymbolTableObject):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes): SymbolTableObject allocates a symbol
      table automatically if one isn't provided. (Activations provide their
      own, which they get from compiled code.)
      
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::registerAt):
      (JSC::JSVariableObject::addressOfRegisters):
      (JSVariableObject):
      (JSC::JSVariableObject::JSVariableObject):
      (JSC::JSVariableObject::finishCreation): Removed a bunch of obsolete code.
      Activations manage their registers directly now.
      
      * runtime/StorageBarrier.h:
      (StorageBarrier):
      (JSC::StorageBarrier::operator!):
      
      * runtime/SymbolTable.cpp:
      (JSC):
      (JSC::SharedSymbolTable::destroy):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::create):
      (SharedSymbolTable):
      (JSC::SharedSymbolTable::createStructure):
      (JSC::SharedSymbolTable::SharedSymbolTable): Boilerplat code to
      make shared symbol table GC-allocated.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126695 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      47e224a6
  15. 23 Aug, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Change behavior of MasqueradesAsUndefined to better accommodate DFG changes · 3b9069ce
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=93884
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
      
      There are two primary changes that are taking place here. One is to thread the ExecState* through  
      JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's  
      JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two  
      are distinct, then the object cannot MasqueradeAsUndefined. 
      
      The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined 
      flag in the Structure is checked. For C++ code, this check has been factored into its own function in  
      Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has  
      had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed  
      through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers 
      that are MasqueradesAsUndefined.
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      * debugger/DebuggerCallFrame.h:
      (JSC::DebuggerCallFrame::callFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
      * runtime/JSString.h:
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC::jsIsObjectType):
      * runtime/Operations.h:
      (JSC):
      (JSC::JSValue::equalSlowCaseInline):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::globalObjectOffset):
      (JSC::Structure::masqueradesAsUndefined):
      (JSC):
      
      Source/WebCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
      
      Test: fast/js/document-all-between-frames.html
      
      All of the changes in WebCore are simply passing the additional ExecState argument to JSValue::toBoolean. 
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::exec):
      (WebCore):
      * bindings/js/JavaScriptCallFrame.h:
      (JavaScriptCallFrame):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::dumpIfTerminal):
      * bindings/scripts/CodeGeneratorJS.pm: Also add the custom create function for MasqueradesAsUndefined JS DOM wrappers. 
      (GenerateEventListenerCall):
      (GenerateHeader):
      (JSValueToNative):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::setJSTestObjCreate):
      (WebCore::setJSTestObjReflectedBooleanAttr):
      (WebCore::setJSTestObjReflectedCustomBooleanAttr):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      
      Source/WebKit/mac: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray): Passing ExecState to toBoolean call.
      
      Source/WebKit2: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant): Passing ExecState to toBoolean call.
      
      LayoutTests: 
      
      Added a test that uses a variety of ways of checking whether something is correctly 
      masquerading as undefined (or not) in a subframe.
      
      * fast/js/document-all-between-frames-expected.txt: Added.
      * fast/js/document-all-between-frames.html: Added.
      * fast/js/resources/document-all-between-frames-subframe.html: Added.
      * platform/chromium/TestExpectations: Chromium treats document.all differently, so skip our new test.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126494 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3b9069ce
  16. 15 Aug, 2012 2 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r125687. · 45974062
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/125687
      https://bugs.webkit.org/show_bug.cgi?id=94147
      
      It broke the whole world (Requested by Ossy_night on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-08-15
      
      Source/JavaScriptCore:
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      * debugger/DebuggerCallFrame.h:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      * runtime/JSString.h:
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC::jsIsObjectType):
      * runtime/Operations.h:
      (JSC):
      (JSC::JSValue::equalSlowCaseInline):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      * runtime/Structure.h:
      
      Source/WebCore:
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDirectoryEntryCustom.cpp:
      (WebCore::JSDirectoryEntry::getFile):
      (WebCore::JSDirectoryEntry::getDirectory):
      * bindings/js/JSDirectoryEntrySyncCustom.cpp:
      (WebCore::getFlags):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/JavaScriptCallFrame.cpp:
      * bindings/js/JavaScriptCallFrame.h:
      (JavaScriptCallFrame):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateEventListenerCall):
      (GenerateHeader):
      (JSValueToNative):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::setJSTestObjCreate):
      (WebCore::setJSTestObjReflectedBooleanAttr):
      (WebCore::setJSTestObjReflectedCustomBooleanAttr):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      
      Source/WebKit/mac:
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      
      LayoutTests:
      
      * fast/js/document-all-between-frames-expected.txt: Removed.
      * fast/js/document-all-between-frames.html: Removed.
      * fast/js/resources/document-all-between-frames-subframe.html: Removed.
      * platform/chromium/TestExpectations:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125711 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      45974062
    • mhahnenberg@apple.com's avatar
      Change behavior of MasqueradesAsUndefined to better accommodate DFG changes · 35d5455b
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=93884
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      There are two primary changes that are taking place here. One is to thread the ExecState* through 
      JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's 
      JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two 
      are distinct, then the object cannot MasqueradeAsUndefined.
      
      The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined
      flag in the Structure is checked. For C++ code, this check has been factored into its own function in 
      Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has 
      had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed 
      through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers
      that are MasqueradesAsUndefined.
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      * debugger/DebuggerCallFrame.h:
      (JSC::DebuggerCallFrame::callFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
      * runtime/JSString.h:
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC::jsIsObjectType):
      * runtime/Operations.h:
      (JSC):
      (JSC::JSValue::equalSlowCaseInline):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::globalObjectOffset):
      (JSC::Structure::masqueradesAsUndefined):
      (JSC):
      
      Source/WebCore: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      Test: fast/js/document-all-between-frames.html
      
      All of the changes in WebCore are simply passing the additional ExecState argument to JSValue::toBoolean.
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDirectoryEntryCustom.cpp:
      (WebCore::JSDirectoryEntry::getFile):
      (WebCore::JSDirectoryEntry::getDirectory):
      * bindings/js/JSDirectoryEntrySyncCustom.cpp:
      (WebCore::getFlags):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::exec):
      (WebCore):
      * bindings/js/JavaScriptCallFrame.h:
      (JavaScriptCallFrame):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/scripts/CodeGeneratorJS.pm: Also add the custom create function for MasqueradesAsUndefined JS DOM wrappers.
      (GenerateEventListenerCall):
      (GenerateHeader):
      (JSValueToNative):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::setJSTestObjCreate):
      (WebCore::setJSTestObjReflectedBooleanAttr):
      (WebCore::setJSTestObjReflectedCustomBooleanAttr):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      
      Source/WebKit/mac: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray): Passing ExecState to toBoolean call.
      
      Source/WebKit2: 
      
      With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
      MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
      we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
      objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
      For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
      masquerade as undefined within frame B, but it will continue to masquerade in frame A.
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant): Passing ExecState to toBoolean call.
      
      LayoutTests: 
      
      Added a test that uses a variety of ways of checking whether something is correctly 
      masquerading as undefined (or not) in a subframe.
      
      * fast/js/document-all-between-frames-expected.txt: Added.
      * fast/js/document-all-between-frames.html: Added.
      * fast/js/resources/document-all-between-frames-subframe.html: Added.
      * platform/chromium/TestExpectations: Chromium treats document.all differently, so skip our new test.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125687 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      35d5455b
  17. 03 Jul, 2012 1 commit
    • commit-queue@webkit.org's avatar
      Add ability to symbolically set and dump JSC VM options. · fbda60c5
      commit-queue@webkit.org authored
      See comments in runtime/Options.h for details on how the options work.
      https://bugs.webkit.org/show_bug.cgi?id=90420
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-07-03
      Reviewed by Filip Pizlo.
      
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      * assembler/LinkBuffer.h:
      (JSC):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::reoptimizationRetryCounter):
      (JSC::CodeBlock::countReoptimization):
      (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
      (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeSoon):
      (JSC::CodeBlock::exitCountThresholdForReoptimization):
      (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
      * bytecode/ExecutionCounter.h:
      (JSC::ExecutionCounter::clippedThreshold):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::mightCompileEval):
      (JSC::DFG::mightCompileProgram):
      (JSC::DFG::mightCompileFunctionForCall):
      (JSC::DFG::mightCompileFunctionForConstruct):
      (JSC::DFG::mightInlineFunctionForCall):
      (JSC::DFG::mightInlineFunctionForConstruct):
      * dfg/DFGCommon.h:
      (JSC::DFG::shouldShowDisassembly):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      * heap/MarkStack.cpp:
      (JSC::MarkStackSegmentAllocator::allocate):
      (JSC::MarkStackSegmentAllocator::shrinkReserve):
      (JSC::MarkStackArray::MarkStackArray):
      (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
      (JSC::SlotVisitor::donateKnownParallel):
      (JSC::SlotVisitor::drain):
      (JSC::SlotVisitor::drainFromShared):
      * heap/MarkStack.h:
      (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
      (JSC::MarkStack::addOpaqueRoot):
      * heap/SlotVisitor.h:
      (JSC::SlotVisitor::donate):
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      * jsc.cpp:
      (printUsageStatement):
      (parseArguments):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/JSGlobalData.cpp:
      (JSC::enableAssembler):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/Options.cpp:
      (JSC):
      (JSC::overrideOptionWithHeuristic):
      (JSC::Options::initialize):
      (JSC::Options::setOption):
      (JSC::Options::dumpAllOptions):
      (JSC::Options::dumpOption):
      * runtime/Options.h:
      (JSC):
      (Options):
      (EntryInfo):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121798 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fbda60c5
  18. 27 Jun, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      JSLock should be per-JSGlobalData · e16f8096
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89123
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * API/APIShims.h:
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
      determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
      HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
      JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
      its destruction has begun. 
      (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
      Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
      and before we've released it, which can only done in APIEntryShim.
      (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
      * API/JSContextRef.cpp:
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRelease):
      (JSContextCreateBacktrace):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      * heap/Heap.cpp:
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::collect):
      (JSC::Heap::setActivityCallback):
      (JSC::Heap::activityCallback):
      (JSC::Heap::sweeper):
      * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
      are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
      and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
      prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
      (Heap):
      * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
      (JSC::HeapTimer::~HeapTimer):
      (JSC::HeapTimer::invalidate):
      (JSC):
      (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
      that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
      HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
      (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
      out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
      but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
      we were interrupted between releasing our mutex and trying to grab the APILock.
      * heap/HeapTimer.h:
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
      all of that for us. 
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::reap):
      * jsc.cpp:
      (functionGC):
      (functionReleaseExecutableMemory):
      (jscmain):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/GCActivityCallback.h:
      (DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::create):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
      that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
      it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
      APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
      (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
      (JSC::JSGlobalData::sharedInstanceInternal):
      * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
      de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
      (JSGlobalData):
      (JSC::JSGlobalData::apiLock):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::init):
      * runtime/JSLock.cpp:
      (JSC):
      (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
      (JSC::GlobalJSLock::~GlobalJSLock):
      (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
      it can successfully unlock it later without it disappearing from underneath it.
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::~JSLock):
      (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
      actually waiting for long periods. 
      (JSC::JSLock::unlock):
      (JSC::JSLock::currentThreadIsHoldingLock):
      (JSC::JSLock::dropAllLocks):
      (JSC::JSLock::dropAllLocksUnconditionally):
      (JSC::JSLock::grabAllLocks):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (GlobalJSLock):
      (JSLockHolder):
      (JSLock):
      (DropAllLocks):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::set):
      * testRegExp.cpp:
      (realMain):
      
      Source/WebCore: 
      
      No new tests. Current regression tests are sufficient.
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomVoidCallback.cpp:
      (WebCore::JSCustomVoidCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::inspectedObject):
      * bindings/js/JSInjectedScriptManager.cpp:
      (WebCore::InjectedScriptManager::createInjectedScript):
      (WebCore::InjectedScriptManager::canAccessInspectedWindow):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMainThreadExecState.h:
      (WebCore::JSMainThreadExecState::evaluate):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::evaluate):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::windowScriptNPObject):
      (WebCore::ScriptController::jsObjectForPluginElement):
      (WebCore::ScriptController::clearScriptObjects):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptCallArgumentHandler::appendArgument):
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptFunctionCall::construct):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::set):
      (WebCore::ScriptGlobalObject::get):
      (WebCore::ScriptGlobalObject::remove):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::getString):
      (WebCore::ScriptValue::toInspectorValue):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/objc/WebScriptObject.mm:
      (_didExecute):
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject valueForKey:]):
      (-[WebScriptObject removeWebScriptKey:]):
      (-[WebScriptObject hasWebScriptKey:]):
      (-[WebScriptObject stringRepresentation]):
      (-[WebScriptObject webScriptValueAtIndex:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateCallbackImplementation):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bridge/NP_jsobject.cpp:
      (_NPN_InvokeDefault):
      (_NPN_Invoke):
      (_NPN_Evaluate):
      (_NPN_GetProperty):
      (_NPN_SetProperty):
      (_NPN_RemoveProperty):
      (_NPN_HasProperty):
      (_NPN_HasMethod):
      (_NPN_Enumerate):
      (_NPN_Construct):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::~CClass):
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
      (JSC::Bindings::CInstance::invokeMethod):
      (JSC::Bindings::CInstance::invokeDefaultMethod):
      (JSC::Bindings::CInstance::invokeConstruct):
      (JSC::Bindings::CInstance::getPropertyNames):
      * bridge/c/c_runtime.cpp:
      (JSC::Bindings::CField::valueFromInstance):
      (JSC::Bindings::CField::setValueToInstance):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      (JSC::Bindings::convertNPVariantToValue):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::call):
      (JavaJSObject::eval):
      (JavaJSObject::getMember):
      (JavaJSObject::setMember):
      (JavaJSObject::removeMember):
      (JavaJSObject::getSlot):
      (JavaJSObject::setSlot):
      (JavaJSObject::toString):
      (JavaJSObject::convertValueToJObject):
      (JavaJSObject::convertJObjectToValue):
      * bridge/jni/jni_objc.mm:
      (JSC::Bindings::dispatchJNICall):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::JavaClass):
      (JavaClass::~JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaInstance::stringValue):
      * bridge/jni/jsc/JavaMethodJSC.cpp:
      (appendClassName):
      (JavaMethod::signature):
      * bridge/jni/jsc/JavaStringJSC.h:
      (JSC::Bindings::JavaString::JavaString):
      (JSC::Bindings::JavaString::~JavaString):
      (JSC::Bindings::JavaString::utf8):
      (JSC::Bindings::JavaString::init):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      (JSC::Bindings::Instance::newRuntimeObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::moveGlobalExceptionToExecState):
      (ObjcInstance::invokeObjcMethod):
      (ObjcInstance::invokeDefaultMethod):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcField::valueFromInstance):
      (JSC::Bindings::ObjcField::setValueToInstance):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertValueToObjcValue):
      (JSC::Bindings::convertNSStringToString):
      (JSC::Bindings::convertObjcValueToValue):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      (JSC::Bindings::QtInstance::newRuntimeObject):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::QtPixmapInstance::createPixmapRuntimeObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/qt/qt_runtime_qt4.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::gcProtect):
      (JSC::Bindings::RootObject::gcUnprotect):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      (WebCoreTestSupport::resetInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      Source/WebKit/blackberry: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::computedStyleIncludingVisitedInfo):
      
      Source/WebKit/efl: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/gtk: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      Source/WebKit/mac: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * DOM/WebDOMOperations.mm:
      (JSC):
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::invoke):
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      (WebKit::NetscapePluginInstanceProxy::construct):
      (WebKit::NetscapePluginInstanceProxy::getProperty):
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      (WebKit::NetscapePluginInstanceProxy::hasMethod):
      (WebKit::NetscapePluginInstanceProxy::enumerate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebView.mm:
      (+[WebView _reportException:inContext:]):
      (-[WebView aeDescByEvaluatingJavaScriptFromString:]):
      (-[WebView _computedStyleIncludingVisitedInfo:forElement:]):
      
      Source/WebKit/qt: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * Api/qwebframe.cpp:
      (QWebFramePrivate::addQtSenderToGlobalObject):
      (QWebFrame::addToJavaScriptWindowObject):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::injectInternalsObject):
      (DumpRenderTreeSupportQt::resetInternalsObject):
      
      Source/WebKit/win: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      (WebView::reportException):
      (WebView::elementFromJS):
      
      Source/WebKit2: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      (WebKit::InjectedBundle::reportException):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::hasMethod):
      (WebKit::NPJSObject::invoke):
      (WebKit::NPJSObject::invokeDefault):
      (WebKit::NPJSObject::hasProperty):
      (WebKit::NPJSObject::getProperty):
      (WebKit::NPJSObject::setProperty):
      (WebKit::NPJSObject::removeProperty):
      (WebKit::NPJSObject::enumerate):
      (WebKit::NPJSObject::construct):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      * WebProcess/WebPage/WebFrame.cpp:
      (WebKit::WebFrame::jsWrapperForWorld):
      (WebKit::WebFrame::computedStyleIncludingVisitedInfo):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121381 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e16f8096
  19. 25 Jun, 2012 1 commit
    • fpizlo@apple.com's avatar
      Value profiling should use tier-up threshold randomization to get more coverage · 3745dbcf
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89802
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      This patch causes both LLInt and Baseline JIT code to take the OSR slow path several
      times before actually doing OSR. If we take the OSR slow path before the execution
      count threshold is reached, then we just call CodeBlock::updateAllPredictions() to
      compute the current latest least-upper-bound SpecType of all values seen in each
      ValueProfile.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC):
      (JSC::CodeBlock::updateAllPredictions):
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::llintExecuteCounter):
      (JSC::CodeBlock::jitExecuteCounter):
      (CodeBlock):
      (JSC::CodeBlock::updateAllPredictions):
      * bytecode/ExecutionCounter.cpp:
      (JSC::ExecutionCounter::setThreshold):
      (JSC::ExecutionCounter::status):
      (JSC):
      * bytecode/ExecutionCounter.h:
      (JSC::ExecutionCounter::count):
      (ExecutionCounter):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::weakRandomInteger):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/WeakRandom.h:
      (WeakRandom):
      (JSC::WeakRandom::seedUnsafe):
      
      LayoutTests: 
      
      Reviewed by Gavin Barraclough.
              
      * fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit-expected.txt: Added.
      * fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit.html: Added.
      * fast/js/script-tests/dfg-store-unexpected-value-into-argument-and-osr-exit.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121215 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3745dbcf
  20. 23 Jun, 2012 1 commit
    • zandobersek@gmail.com's avatar
      Unreviewed, rolling out r121058. · a6460e15
      zandobersek@gmail.com authored
      http://trac.webkit.org/changeset/121058
      https://bugs.webkit.org/show_bug.cgi?id=89809
      
      Patch causes plugins tests to crash in GTK debug builds
      (Requested by zdobersek on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-06-23
      
      Source/JavaScriptCore: 
      
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APICallbackShim::~APICallbackShim):
      * API/JSContextRef.cpp:
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRelease):
      (JSContextCreateBacktrace):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      * heap/Heap.cpp:
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::collect):
      (JSC::Heap::setActivityCallback):
      (JSC::Heap::activityCallback):
      (JSC::Heap::sweeper):
      * heap/Heap.h:
      (Heap):
      * heap/HeapTimer.cpp:
      (JSC::HeapTimer::~HeapTimer):
      (JSC::HeapTimer::invalidate):
      (JSC::HeapTimer::timerDidFire):
      (JSC):
      * heap/HeapTimer.h:
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doWork):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::reap):
      * jsc.cpp:
      (functionGC):
      (functionReleaseExecutableMemory):
      (jscmain):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/GCActivityCallback.h:
      (DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::create):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      (JSC::JSGlobalData::sharedInstance):
      (JSC::JSGlobalData::sharedInstanceInternal):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::init):
      * runtime/JSLock.cpp:
      (JSC):
      (JSC::createJSLockCount):
      (JSC::JSLock::lockCount):
      (JSC::setLockCount):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::lock):
      (JSC::JSLock::unlock):
      (JSC::JSLock::currentThreadIsHoldingLock):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (JSLock):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::~JSLock):
      (DropAllLocks):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::set):
      * testRegExp.cpp:
      (realMain):
      
      Source/WebCore: 
      
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomVoidCallback.cpp:
      (WebCore::JSCustomVoidCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::inspectedObject):
      * bindings/js/JSInjectedScriptManager.cpp:
      (WebCore::InjectedScriptManager::createInjectedScript):
      (WebCore::InjectedScriptManager::canAccessInspectedWindow):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMainThreadExecState.h:
      (WebCore::JSMainThreadExecState::evaluate):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::evaluate):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::windowScriptNPObject):
      (WebCore::ScriptController::jsObjectForPluginElement):
      (WebCore::ScriptController::clearScriptObjects):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptCallArgumentHandler::appendArgument):
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptFunctionCall::construct):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::set):
      (WebCore::ScriptGlobalObject::get):
      (WebCore::ScriptGlobalObject::remove):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::getString):
      (WebCore::ScriptValue::toInspectorValue):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/objc/WebScriptObject.mm:
      (_didExecute):
      (-[WebScriptObject _setImp:originRootObject:rootObject:]):
      (-[WebScriptObject _setOriginRootObject:andRootObject:]):
      (-[WebScriptObject dealloc]):
      (-[WebScriptObject finalize]):
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject valueForKey:]):
      (-[WebScriptObject removeWebScriptKey:]):
      (-[WebScriptObject hasWebScriptKey:]):
      (-[WebScriptObject stringRepresentation]):
      (-[WebScriptObject webScriptValueAtIndex:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateCallbackImplementation):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bridge/NP_jsobject.cpp:
      (_NPN_InvokeDefault):
      (_NPN_Invoke):
      (_NPN_Evaluate):
      (_NPN_GetProperty):
      (_NPN_SetProperty):
      (_NPN_RemoveProperty):
      (_NPN_HasProperty):
      (_NPN_HasMethod):
      (_NPN_Enumerate):
      (_NPN_Construct):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::~CClass):
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
      (JSC::Bindings::CInstance::invokeMethod):
      (JSC::Bindings::CInstance::invokeDefaultMethod):
      (JSC::Bindings::CInstance::invokeConstruct):
      (JSC::Bindings::CInstance::getPropertyNames):
      * bridge/c/c_runtime.cpp:
      (JSC::Bindings::CField::valueFromInstance):
      (JSC::Bindings::CField::setValueToInstance):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      (JSC::Bindings::convertNPVariantToValue):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::call):
      (JavaJSObject::eval):
      (JavaJSObject::getMember):
      (JavaJSObject::setMember):
      (JavaJSObject::removeMember):
      (JavaJSObject::getSlot):
      (JavaJSObject::setSlot):
      (JavaJSObject::toString):
      (JavaJSObject::convertValueToJObject):
      (JavaJSObject::convertJObjectToValue):
      * bridge/jni/jni_objc.mm:
      (JSC::Bindings::dispatchJNICall):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::JavaClass):
      (JavaClass::~JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaInstance::stringValue):
      * bridge/jni/jsc/JavaMethodJSC.cpp:
      (appendClassName):
      (JavaMethod::signature):
      * bridge/jni/jsc/JavaStringJSC.h:
      (JSC::Bindings::JavaString::JavaString):
      (JSC::Bindings::JavaString::~JavaString):
      (JSC::Bindings::JavaString::utf8):
      (JSC::Bindings::JavaString::init):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      (JSC::Bindings::Instance::newRuntimeObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::moveGlobalExceptionToExecState):
      (ObjcInstance::invokeObjcMethod):
      (ObjcInstance::invokeDefaultMethod):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcField::valueFromInstance):
      (JSC::Bindings::ObjcField::setValueToInstance):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertValueToObjcValue):
      (JSC::Bindings::convertNSStringToString):
      (JSC::Bindings::convertObjcValueToValue):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      (JSC::Bindings::QtInstance::newRuntimeObject):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::QtPixmapInstance::createPixmapRuntimeObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/qt/qt_runtime_qt4.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      (WebCoreTestSupport::resetInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      Source/WebKit/blackberry: 
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::computedStyleIncludingVisitedInfo):
      
      Source/WebKit/efl: 
      
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/gtk: 
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      Source/WebKit/mac: 
      
      * DOM/WebDOMOperations.mm:
      (JSC):
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::invoke):
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      (WebKit::NetscapePluginInstanceProxy::construct):
      (WebKit::NetscapePluginInstanceProxy::getProperty):
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      (WebKit::NetscapePluginInstanceProxy::hasMethod):
      (WebKit::NetscapePluginInstanceProxy::enumerate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebView.mm:
      (+[WebView _reportException:inContext:]):
      (-[WebView aeDescByEvaluatingJavaScriptFromString:]):
      (-[WebView _computedStyleIncludingVisitedInfo:forElement:]):
      
      Source/WebKit/qt: 
      
      * Api/qwebframe.cpp:
      (QWebFramePrivate::addQtSenderToGlobalObject):
      (QWebFrame::addToJavaScriptWindowObject):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::injectInternalsObject):
      (DumpRenderTreeSupportQt::resetInternalsObject):
      
      Source/WebKit/win: 
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      (WebView::reportException):
      (WebView::elementFromJS):
      
      Source/WebKit2: 
      
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      (WebKit::InjectedBundle::reportException):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::hasMethod):
      (WebKit::NPJSObject::invoke):
      (WebKit::NPJSObject::invokeDefault):
      (WebKit::NPJSObject::hasProperty):
      (WebKit::NPJSObject::getProperty):
      (WebKit::NPJSObject::setProperty):
      (WebKit::NPJSObject::removeProperty):
      (WebKit::NPJSObject::enumerate):
      (WebKit::NPJSObject::construct):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      * WebProcess/WebPage/WebFrame.cpp:
      (WebKit::WebFrame::jsWrapperForWorld):
      (WebKit::WebFrame::computedStyleIncludingVisitedInfo):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121098 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a6460e15
  21. 22 Jun, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      JSLock should be per-JSGlobalData · 6d9f86d9
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89123
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * API/APIShims.h:
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
      determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
      HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
      JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
      its destruction has begun. 
      (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock): Now derefs if it also refed.
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
      Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
      and before we've released it, which can only done in APIEntryShim.
      (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
      * API/JSContextRef.cpp:
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRelease):
      (JSContextCreateBacktrace):
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      * heap/Heap.cpp:
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::collect):
      (JSC::Heap::setActivityCallback):
      (JSC::Heap::activityCallback):
      (JSC::Heap::sweeper):
      * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
      are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
      and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
      prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
      (Heap):
      * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
      (JSC::HeapTimer::~HeapTimer):
      (JSC::HeapTimer::invalidate):
      (JSC):
      (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
      that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
      HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
      (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
      out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
      but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
      we were interrupted between releasing our mutex and trying to grab the APILock.
      * heap/HeapTimer.h: 
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
      all of that for us. 
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::reap):
      * jsc.cpp:
      (functionGC):
      (functionReleaseExecutableMemory):
      (jscmain):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/GCActivityCallback.h:
      (DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::create):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
      that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
      it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
      APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
      (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
      (JSC::JSGlobalData::sharedInstanceInternal):
      * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
      de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
      (JSGlobalData):
      (JSC::JSGlobalData::apiLock):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::init):
      * runtime/JSLock.cpp:
      (JSC):
      (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
      (JSC::GlobalJSLock::~GlobalJSLock):
      (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
      it can successfully unlock it later without it disappearing from underneath it.
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::~JSLock):
      (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
      actually waiting for long periods. 
      (JSC::JSLock::unlock):
      (JSC::JSLock::currentThreadIsHoldingLock): 
      (JSC::JSLock::dropAllLocks):
      (JSC::JSLock::dropAllLocksUnconditionally):
      (JSC::JSLock::grabAllLocks):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (GlobalJSLock):
      (JSLockHolder):
      (JSLock):
      (DropAllLocks):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::set):
      * testRegExp.cpp:
      (realMain):
      
      Source/WebCore: 
      
      No new tests. Current regression tests are sufficient.
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection. Also added a couple JSLocks to places that didn't already 
      have it that needed it.
      
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomVoidCallback.cpp:
      (WebCore::JSCustomVoidCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::inspectedObject):
      * bindings/js/JSInjectedScriptManager.cpp:
      (WebCore::InjectedScriptManager::createInjectedScript):
      (WebCore::InjectedScriptManager::canAccessInspectedWindow):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMainThreadExecState.h:
      (WebCore::JSMainThreadExecState::evaluate):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JavaScriptCallFrame.cpp:
      (WebCore::JavaScriptCallFrame::evaluate):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::windowScriptNPObject):
      (WebCore::ScriptController::jsObjectForPluginElement):
      (WebCore::ScriptController::clearScriptObjects):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptCallArgumentHandler::appendArgument):
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptFunctionCall::construct):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::set):
      (WebCore::ScriptGlobalObject::get):
      (WebCore::ScriptGlobalObject::remove):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::getString):
      (WebCore::ScriptValue::toInspectorValue):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/objc/WebScriptObject.mm:
      (_didExecute):
      (-[WebScriptObject _setImp:originRootObject:rootObject:]):
      (-[WebScriptObject _setOriginRootObject:andRootObject:]):
      (-[WebScriptObject dealloc]):
      (-[WebScriptObject finalize]):
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject valueForKey:]):
      (-[WebScriptObject removeWebScriptKey:]):
      (-[WebScriptObject hasWebScriptKey:]):
      (-[WebScriptObject stringRepresentation]):
      (-[WebScriptObject webScriptValueAtIndex:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateCallbackImplementation):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bridge/NP_jsobject.cpp:
      (_NPN_InvokeDefault):
      (_NPN_Invoke):
      (_NPN_Evaluate):
      (_NPN_GetProperty):
      (_NPN_SetProperty):
      (_NPN_RemoveProperty):
      (_NPN_HasProperty):
      (_NPN_HasMethod):
      (_NPN_Enumerate):
      (_NPN_Construct):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::~CClass):
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
      (JSC::Bindings::CInstance::invokeMethod):
      (JSC::Bindings::CInstance::invokeDefaultMethod):
      (JSC::Bindings::CInstance::invokeConstruct):
      (JSC::Bindings::CInstance::getPropertyNames):
      * bridge/c/c_runtime.cpp:
      (JSC::Bindings::CField::valueFromInstance):
      (JSC::Bindings::CField::setValueToInstance):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      (JSC::Bindings::convertNPVariantToValue):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::call):
      (JavaJSObject::eval):
      (JavaJSObject::getMember):
      (JavaJSObject::setMember):
      (JavaJSObject::removeMember):
      (JavaJSObject::getSlot):
      (JavaJSObject::setSlot):
      (JavaJSObject::toString):
      (JavaJSObject::convertValueToJObject):
      (JavaJSObject::convertJObjectToValue):
      * bridge/jni/jni_objc.mm:
      (JSC::Bindings::dispatchJNICall):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::JavaClass):
      (JavaClass::~JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaInstance::stringValue):
      * bridge/jni/jsc/JavaMethodJSC.cpp:
      (appendClassName):
      (JavaMethod::signature):
      * bridge/jni/jsc/JavaStringJSC.h:
      (JSC::Bindings::JavaString::JavaString):
      (JSC::Bindings::JavaString::~JavaString):
      (JSC::Bindings::JavaString::utf8):
      (JSC::Bindings::JavaString::init):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      (JSC::Bindings::Instance::newRuntimeObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::moveGlobalExceptionToExecState):
      (ObjcInstance::invokeObjcMethod):
      (ObjcInstance::invokeDefaultMethod):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcField::valueFromInstance):
      (JSC::Bindings::ObjcField::setValueToInstance):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertValueToObjcValue):
      (JSC::Bindings::convertNSStringToString):
      (JSC::Bindings::convertObjcValueToValue):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      (JSC::Bindings::QtInstance::newRuntimeObject):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::QtPixmapInstance::createPixmapRuntimeObject):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * bridge/qt/qt_runtime_qt4.cpp:
      (JSC::Bindings::convertValueToQVariant):
      (JSC::Bindings::convertQVariantToValue):
      (JSC::Bindings::QtRuntimeMetaMethod::call):
      (JSC::Bindings::QtRuntimeConnectionMethod::call):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      (WebCoreTestSupport::resetInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      Source/WebKit/blackberry: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::computedStyleIncludingVisitedInfo):
      
      Source/WebKit/efl: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/gtk: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      Source/WebKit/mac: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * DOM/WebDOMOperations.mm:
      (JSC):
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::invoke):
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      (WebKit::NetscapePluginInstanceProxy::construct):
      (WebKit::NetscapePluginInstanceProxy::getProperty):
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      (WebKit::NetscapePluginInstanceProxy::hasMethod):
      (WebKit::NetscapePluginInstanceProxy::enumerate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebView.mm:
      (+[WebView _reportException:inContext:]):
      (-[WebView aeDescByEvaluatingJavaScriptFromString:]):
      (-[WebView _computedStyleIncludingVisitedInfo:forElement:]):
      
      Source/WebKit/qt: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * Api/qwebframe.cpp:
      (QWebFramePrivate::addQtSenderToGlobalObject):
      (QWebFrame::addToJavaScriptWindowObject):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::injectInternalsObject):
      (DumpRenderTreeSupportQt::resetInternalsObject):
      
      Source/WebKit/win: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      (WebView::reportException):
      (WebView::elementFromJS):
      
      Source/WebKit2: 
      
      Changed all sites that used JSLock to instead use the new JSLockHolder
      and pass in the correct JS context that the code is about to interact with that 
      needs protection.
      
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      (WebKit::InjectedBundle::reportException):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::hasMethod):
      (WebKit::NPJSObject::invoke):
      (WebKit::NPJSObject::invokeDefault):
      (WebKit::NPJSObject::hasProperty):
      (WebKit::NPJSObject::getProperty):
      (WebKit::NPJSObject::setProperty):
      (WebKit::NPJSObject::removeProperty):
      (WebKit::NPJSObject::enumerate):
      (WebKit::NPJSObject::construct):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      * WebProcess/WebPage/WebFrame.cpp:
      (WebKit::WebFrame::jsWrapperForWorld):
      (WebKit::WebFrame::computedStyleIncludingVisitedInfo):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121058 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6d9f86d9
  22. 20 Jun, 2012 1 commit
  23. 08 Jun, 2012 1 commit
    • ggaren@apple.com's avatar
      Don't rely on weak pointers for eager CodeBlock finalization · d7147575
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88465
      
      Reviewed by Gavin Barraclough.
      
      This is incompatible with lazy weak pointer finalization.
      
      I considered just making CodeBlock finalization lazy-friendly, but it
      turns out that the heap is already way up in CodeBlock's business when
      it comes to finalization, so I decided to finish the job and move full
      responsibility for CodeBlock finalization into the heap.
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Maybe this
      will build.
      
      * debugger/Debugger.cpp: Updated for rename.
      
      * heap/Heap.cpp:
      (JSC::Heap::deleteAllCompiledCode): Renamed for consistency. Fixed a bug
      where we would not delete code for a code block that had been previously
      jettisoned. I don't know if this happens in practice -- I mostly did
      this to improve consistency with deleteUnmarkedCompiledCode.
      
      (JSC::Heap::deleteUnmarkedCompiledCode): New function, responsible for
      eager finalization of unmarked code blocks.
      
      (JSC::Heap::collect): Updated for rename. Updated to call
      deleteUnmarkedCompiledCode(), which takes care of jettisoned DFG code
      blocks too.
      
      (JSC::Heap::addCompiledCode): Renamed, since this points to all code
      now, not just functions.
      
      * heap/Heap.h:
      (Heap): Keep track of all user code, not just functions. This is a
      negligible additional overhead, since most code is function code.
      
      * runtime/Executable.cpp:
      (JSC::*::finalize): Removed these functions, since we don't rely on
      weak pointer finalization anymore.
      
      (JSC::FunctionExecutable::FunctionExecutable): Moved linked-list stuff
      into base class so all executables can be in the list.
      
      (JSC::EvalExecutable::clearCode):
      (JSC::ProgramExecutable::clearCode):
      (JSC::FunctionExecutable::clearCode): All we need to do is delete our
      CodeBlock -- that will delete all of its internal data structures.
      
      (JSC::FunctionExecutable::clearCodeIfNotCompiling): Factored out a helper
      function to improve clarity.
      
      * runtime/Executable.h:
      (JSC::ExecutableBase): Moved linked-list stuff
      into base class so all executables can be in the list.
      
      (JSC::NativeExecutable::create):
      (NativeExecutable):
      (ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::create):
      (EvalExecutable):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::create): Don't use a finalizer -- the heap
      will call us back to destroy our code block.
      
      (JSC::FunctionExecutable::discardCode): Renamed to clearCodeIfNotCompiling()
      for clarity.
      
      (JSC::FunctionExecutable::isCompiling): New helper function, for clarity.
      
      (JSC::ScriptExecutable::clearCodeVirtual): New helper function, since
      the heap needs to make polymorphic calls to clear code.
      
      * runtime/JSGlobalData.cpp:
      (JSC::StackPreservingRecompiler::operator()):
      * runtime/JSGlobalObject.cpp:
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Updated for
      renames.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119844 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d7147575
  24. 06 Jun, 2012 1 commit
    • fpizlo@apple.com's avatar
      Global object variable accesses should not require an extra load · 26af9b61
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88385
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
              
      Previously, if you wanted to access a global variable, you'd first have
      to load the register array from the appropriate global object and then
      either load or store at an offset to the register array. This is because
      JSGlobalObject inherited from JSVariableObject, and JSVariableObject is
      designed with the pessimistic assumption that its register array may
      point into the call stack. This is never the case for global objects.
      Hence, even though the global object may add more registers at any time,
      it does not need to store them in a contiguous array. It can use a
      SegmentedVector or similar.
              
      This patch refactors global objects and variable objects as follows:
              
      - The functionality to track variables in an indexable array using a
        SymbolTable to map names to indices is moved into JSSymbolTableObject,
        which is now a supertype of JSVariableObject. JSVariableObject is now
        just a holder for a registers array and implements the registerAt()
        method that is left abstract in JSSymbolTableObject. Because all users
        of JSVariableObject know whether they are a JSStaticScopeObject,
        JSActivation, or JSGlobalObject, this "abstract" method is not virtual;
        instead the utility methods that would call registerAt() are now
        template functions that require you to know statically what subtype of
        JSSymbolTableObject you're using (JSVariableObject or something else),
        so that registerAt() can be statically bound.
              
      - A new class is added called JSSegmentedVariableObject, which only
        differs from JSVariableObject in how it allocates registers. It uses a
        SegmentedVector instead of manually managing a pointer to a contiguous
        slab of registers. This changes the interface somewhat; for example
        with JSVariableObject if you wanted to add a register you had to do
        it yourself since the JSVariableObject didn't know how the registers
        array ought to be allocated. With JSSegmentedVariableObject you can
        just call addRegisters(). JSSegmentedVariableObject preserves the
        invariant that once you get a pointer into a register, that pointer
        will continue to be valid so long as the JSSegmentedVariableObject is
        alive. This allows the JITs and interpreters to skip the extra load.
              
      - JSGlobalObject now inherits from JSSegmentedVariableObject. For now
        (and possibly forever) it is the only subtype of this new class.
              
      - The bytecode format is changed so that get_global_var and
        put_global_var have a pointer to the register directly rather than
        having an index. A convenience method is provided in
        JSSegmentedVariableObject to get the index given a a pointer, which is
        used for assertions and debug dumps.
              
      This appears to be a 1% across the board win.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::registerPointer):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::retrieveLastUnaryOp):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (ResolveResult):
      (BytecodeGenerator):
      * dfg/DFGAssemblyHelpers.h:
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::globalObjectFor):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasVarNumber):
      (Node):
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::registerPointer):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::isWriteBarrierEnabled):
      (JSC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC):
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::visitChildren):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      * runtime/JSSegmentedVariableObject.cpp: Added.
      (JSC):
      (JSC::JSSegmentedVariableObject::findRegisterIndex):
      (JSC::JSSegmentedVariableObject::addRegisters):
      (JSC::JSSegmentedVariableObject::visitChildren):
      * runtime/JSSegmentedVariableObject.h: Added.
      (JSC):
      (JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::registerAt):
      (JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject):
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSSymbolTableObject.cpp: Added.
      (JSC):
      (JSC::JSSymbolTableObject::destroy):
      (JSC::JSSymbolTableObject::deleteProperty):
      (JSC::JSSymbolTableObject::getOwnPropertyNames):
      (JSC::JSSymbolTableObject::putDirectVirtual):
      (JSC::JSSymbolTableObject::isDynamicScope):
      * runtime/JSSymbolTableObject.h: Added.
      (JSC):
      (JSSymbolTableObject):
      (JSC::JSSymbolTableObject::symbolTable):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::JSVariableObject):
      (JSC::JSVariableObject::finishCreation):
      (JSC):
      * runtime/WriteBarrier.h:
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
      
      Updated JSDOMWindowBase.cpp to use the new symbol table API. this->symbolTableFoo(...)
      becomes symbolTableFoo(this, ...).
                      
      No new tests because no change in behavior.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::updateDocument):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119655 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      26af9b61
  25. 04 Jun, 2012 1 commit
    • barraclough@apple.com's avatar
      Remove enabledProfilerReference · 282d26a4
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88258
      
      Reviewed by Michael Saboff.
      
      Make the enabled profiler a member of JSGlobalData, and switch code that accesses it to do so directly
      via the JSGlobalData, rather than holding a Profiler** reference to it. Do not pass the Profiler**
      reference to JIT code. This patch does not change the stack layout on entry into JIT code (passing an
      unused void* instead), since this is an intrusive change better handled in a separate patch.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::privateExecute):
      * jit/JITCode.h:
      (JSC::JITCode::execute):
          - Don't pass Profiler** to JIT code.
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_profile_will_call):
      (JSC::JIT::emit_op_profile_did_call):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_profile_will_call):
      (JSC::JIT::emit_op_profile_did_call):
      * jit/JITStubs.cpp:
      (JSC):
      (JSC::ctiTrampoline):
      (JSC::ctiVMThrowTrampoline):
      (JSC::ctiOpThrowNotCaught):
      (JSC::JITThunks::JITThunks):
      (JSC::DEFINE_STUB_FUNCTION):
          - For ARM_THUMB2, rename ENABLE_PROFILER_REFERENCE_OFFSET to FIRST_STACK_ARGUMENT (which is how it is being used).
          - For MIPS, remove ENABLE_PROFILER_REFERENCE_OFFSET.
      * jit/JITStubs.h:
      (JITStackFrame):
      (JSC):
          - Renamed enabledProfilerReference to unusedX.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * profiler/Profiler.cpp:
      (JSC):
      (JSC::Profiler::startProfiling):
      (JSC::Profiler::stopProfiling):
      * profiler/Profiler.h:
      (Profiler):
          - Removed s_sharedEnabledProfilerReference, enabledProfilerReference().
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSC::JSGlobalData::enabledProfiler):
      (JSGlobalData):
          - Added m_enabledProfiler, enabledProfiler().
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::~JSGlobalObject):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119441 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      282d26a4
  26. 31 May, 2012 2 commits
    • mhahnenberg@apple.com's avatar
      JSGlobalObject does not mark m_privateNameStructure · 016c5786
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88023
      
      Rubber stamped by Gavin Barraclough.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren): We need to mark this so it doesn't get 
      inadvertently garbage collected.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119175 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      016c5786
    • arv@chromium.org's avatar
      Make DOM Exceptions Errors · 31fddbcd
      arv@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=85078
      
      Reviewed by Oliver Hunt.
      
      WebIDL mandates that exceptions should have Error.prototype on its prototype chain.
      
      For JSC we have access to the Error.prototype from the binding code.
      
      For V8 we set a field in the WrapperTypeInfo and when the constructor function is created we
      set the prototype as needed.
      
      Updated test: fast/dom/DOMException/prototype-object.html
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      (JSC::JSGlobalObject::errorPrototype):
      
      Source/WebCore:
      
      * ForwardingHeaders/runtime/ErrorPrototype.h: Added.
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bindings/scripts/CodeGeneratorV8.pm:
      (GenerateNamedConstructorCallback):
      (GenerateImplementation):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestException::createPrototype):
      * bindings/scripts/test/JS/JSTestException.h:
      * bindings/scripts/test/V8/V8Float64Array.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestEventConstructor.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestEventTarget.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestException.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestInterface.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestNode.cpp:
      (WebCore):
      * bindings/scripts/test/V8/V8TestObj.cpp:
      (WebCore):
      (WebCore::V8TestObj::installPerContextProperties):
      * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
      (WebCore):
      * bindings/v8/NPV8Object.cpp:
      (WebCore::npObjectTypeInfo):
      * bindings/v8/V8BindingPerContextData.cpp:
      (WebCore):
      (WebCore::V8BindingPerContextData::init):
      (WebCore::V8BindingPerContextData::createWrapperFromCacheSlowCase):
      (WebCore::V8BindingPerContextData::constructorForTypeSlowCase):
      * bindings/v8/V8BindingPerContextData.h:
      (V8BindingPerContextData):
      * bindings/v8/V8HiddenPropertyName.h:
      (WebCore):
      * bindings/v8/WrapperTypeInfo.h:
      (WebCore):
      (WrapperTypeInfo):
      * bindings/v8/custom/V8HTMLImageElementConstructor.cpp:
      (WebCore):
      
      LayoutTests:
      
      * fast/dom/DOMException/prototype-object-expected.txt:
      * fast/dom/DOMException/prototype-object.html:
      * fast/dom/DOMException/resources/prototype-object.js: Removed.
      * platform/chromium-win/fast/dom/NamedNodeMap-setNamedItem-crash-expected.txt: Removed.
      * platform/chromium-win/fast/dom/timer-clear-interval-in-handler-and-generate-error-expected.txt: Removed.
      * platform/chromium-win/svg/filters/feBlend-invalid-mode-expected.txt: Removed.
      * platform/chromium/dom/xhtml/level3/core/documentnormalizedocument10-expected.txt: Added.
      * platform/chromium/dom/xhtml/level3/core/documentsetxmlversion03-expected.txt: Added.
      * platform/chromium/fast/dom/DOMException/prototype-object-expected.txt:
      * platform/chromium/fast/dom/NamedNodeMap-setNamedItem-crash-expected.txt: Renamed from LayoutTests/platform/chromium-mac/fast/dom/NamedNodeMap-setNamedItem-crash-expected.txt.
      * platform/chromium/fast/dom/timer-clear-interval-in-handler-and-generate-error-expected.txt: Renamed from LayoutTests/platform/chromium-mac/fast/dom/timer-clear-interval-in-handler-and-generate-error-expected.txt.
      * platform/chromium/svg/filters/feBlend-invalid-mode-expected.txt: Renamed from LayoutTests/platform/chromium-mac/svg/filters/feBlend-invalid-mode-expected.txt.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119124 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      31fddbcd
  27. 26 May, 2012 1 commit
    • ggaren@apple.com's avatar
      WebKit should be lazy-finalization-safe (esp. the DOM) v2 · 72da8116
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=87581
      
      Reviewed by Oliver Hunt.
      
      ../JavaScriptCore: 
      
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::callDestructor):
      * heap/WeakBlock.h:
      * heap/WeakSetInlines.h:
      (JSC::WeakBlock::finalize): Since we don't guarantee destruction order,
      it's not valid to access GC pointers like the Structure pointer during
      finalization. We NULL out the structure pointer in debug builds to try
      to make this programming mistake more obvious.
      
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::destroy):
      * API/JSCallbackObject.cpp:
      (JSC::::destroy):
      (JSC::JSCallbackObjectData::finalize):
      * runtime/Arguments.cpp:
      (JSC::Arguments::destroy):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::destroy):
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::destroy):
      * runtime/Executable.cpp:
      (JSC::ExecutableBase::destroy):
      (JSC::NativeExecutable::destroy):
      (JSC::ScriptExecutable::destroy):
      (JSC::EvalExecutable::destroy):
      (JSC::ProgramExecutable::destroy):
      (JSC::FunctionExecutable::destroy):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::destroy):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::destroy):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::destroy):
      * runtime/JSString.cpp:
      (JSC::JSString::destroy):
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::destroy):
      * runtime/NameInstance.cpp:
      (JSC::NameInstance::destroy):
      * runtime/RegExp.cpp:
      (JSC::RegExp::destroy):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::destroy):
      * runtime/Structure.cpp:
      (JSC::Structure::destroy):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::destroy): Use static_cast instead of jsCast because
      jsCast does Structure-based validation, and our Structure is not guaranteed
      to be alive when we get finalized.
      
      ../WebCore: 
      
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::destroy):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::destroy):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::destroy):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNodeOwner::finalize):
      * bindings/js/JSWorkerContextBase.cpp:
      (WebCore::JSWorkerContextBase::destroy):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateImplementation):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObject::destroy):
      (WebCore::JSTestActiveDOMObjectOwner::finalize):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetter::destroy):
      (WebCore::JSTestCustomNamedGetterOwner::finalize):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructor::destroy):
      (WebCore::JSTestEventConstructorOwner::finalize):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTarget::destroy):
      (WebCore::JSTestEventTargetOwner::finalize):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestException::destroy):
      (WebCore::JSTestExceptionOwner::finalize):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterface::destroy):
      (WebCore::JSTestInterfaceOwner::finalize):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListener::destroy):
      (WebCore::JSTestMediaQueryListListenerOwner::finalize):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructor::destroy):
      (WebCore::JSTestNamedConstructorOwner::finalize):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObj::destroy):
      (WebCore::JSTestObjOwner::finalize):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterface::destroy):
      (WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::destroy):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMethod::destroy):
      * bridge/qt/qt_runtime_qt4.cpp:
      (JSC::Bindings::QtRuntimeMethod::destroy):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::destroy):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::destroy):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::finalize): Use static_cast instead of jsCast because
      jsCast does Structure-based validation, and our Structure is not guaranteed
      to be alive when we get finalized.
      
      ../WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::destroy):
      (WebKit::JSNPObject::leakNPObject):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::finalize): Use static_cast instead of jsCast because
      jsCast does Structure-based validation, and our Structure is not guaranteed
      to be alive when we get finalized.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118616 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      72da8116
  28. 22 May, 2012 1 commit
    • barraclough@apple.com's avatar
      Disable private names by default in WebCore · 6e5e896c
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=87088
      
      Reviewed by Geoff Garen.
      
      r117859 introduced a preliminary implementation of ES6-like private name objects to JSC.
      These are probably not yet ready to be web-facing, so disabling by default in WebCore.
      Opting-in for JSC & DumpRenderTree so that we can still run the fast/js/names.html test.
      
      Source/JavaScriptCore: 
      
      * jsc.cpp:
      (GlobalObject):
      (GlobalObject::javaScriptExperimentsEnabled):
          - Implemented new trap to opt-in to private names support.
      * runtime/JSGlobalObject.cpp:
      (JSC):
      (JSC::JSGlobalObject::reset):
          - Only add the Name property to the global object if experiments are enabled.
      * runtime/JSGlobalObject.h:
      (GlobalObjectMethodTable):
          - Added new trap to enabled experiments.
      (JSGlobalObject):
      (JSC::JSGlobalObject::finishCreation):
          - Set the global object's m_experimentsEnabled state on construction.
      (JSC::JSGlobalObject::javaScriptExperimentsEnabled):
          - Defaults to off.
      
      Source/WebCore: 
      
      * WebCore.exp.in:
          - Added export.
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore):
      (WebCore::JSDOMWindowBase::javaScriptExperimentsEnabled):
          - Override default from JSC, enable based on corresponding Setting.
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
          - Added declaration for javaScriptExperimentsEnabled. 
      * page/Settings.cpp:
      (WebCore::Settings::Settings):
      (WebCore::Settings::setJavaScriptExperimentsEnabled):
      (WebCore):
      * page/Settings.h:
      (Settings):
      (WebCore::Settings::javaScriptExperimentsEnabled):
          - Added Setting, reflecting WebPreference.
      
      Source/WebKit/mac: 
      
      * WebView/WebPreferenceKeysPrivate.h:
      * WebView/WebPreferences.mm:
      (+[WebPreferences initialize]):
      (-[WebPreferences setJavaScriptExperimentsEnabled:]):
      (-[WebPreferences javaScriptExperimentsEnabled]):
      * WebView/WebPreferencesPrivate.h:
      * WebView/WebView.mm:
      (-[WebView _preferencesChanged:]):
          - Added JavaScriptExperimentsEnabled to WebPreferences.
      
      Source/WebKit2: 
      
      * Shared/WebPreferencesStore.h:
      (WebKit):
      * UIProcess/API/C/WKPreferences.cpp:
      (WKPreferencesSetJavaScriptExperimentsEnabled):
      (WKPreferencesGetJavaScriptExperimentsEnabled):
      * UIProcess/API/C/WKPreferences.h:
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::updatePreferences):
          - Added JavaScriptExperimentsEnabled to WebPreferences.
      
      Tools: 
      
      * DumpRenderTree/mac/DumpRenderTree.mm:
      (resetDefaultsToConsistentValues):
          - Enable private name support in DRT.
      * WebKitTestRunner/TestController.cpp:
      (WTR::TestController::resetStateToConsistentValues):
          - Enable private name support in WKTR.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118018 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6e5e896c
  29. 21 May, 2012 1 commit
    • barraclough@apple.com's avatar
      Add support for private names · 6c9b264e
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86509
      
      Reviewed by Oliver Hunt.
      
      The spec isn't final, but we can start adding support to allow property maps
      to contain keys that aren't identifiers.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlot):
      (JSC::::put):
      (JSC::::deleteProperty):
      (JSC::::getStaticValue):
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
          - Only expose public named properties over the JSC API.
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
          - Added new files to build system.
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationPutByValInternal):
          - Added support for property access with name objects.
      * interpreter/CallFrame.h:
      (JSC::ExecState::privateNamePrototypeTable):
          - Added hash table for NamePrototype
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
          - Added support for property access with name objects.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
          - Added support for property access with name objects.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
          - Added support for property access with name objects.
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
          - Added hash table for NamePrototype
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::privateNameStructure):
      (JSC::JSGlobalObject::symbolTableHasProperty):
          - Added new global properties.
      * runtime/JSType.h:
      * runtime/JSTypeInfo.h:
      (JSC::TypeInfo::isName):
          - Added type for NameInstances, for fast isName check.
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::deleteProperty):
      (JSC::JSVariableObject::symbolTableGet):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::symbolTablePut):
      (JSC::JSVariableObject::symbolTablePutWithAttributes):
          - symbol table lookup should take a PropertyName.
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::entry):
          - entry lookup should take a PropertyName.
      * runtime/NameConstructor.cpp: Added.
      (JSC):
      (JSC::NameConstructor::NameConstructor):
      (JSC::NameConstructor::finishCreation):
      (JSC::constructPrivateName):
      (JSC::NameConstructor::getConstructData):
      (JSC::NameConstructor::getCallData):
      * runtime/NameConstructor.h: Added.
      (JSC):
      (NameConstructor):
      (JSC::NameConstructor::create):
      (JSC::NameConstructor::createStructure):
          - Added constructor.
      * runtime/NameInstance.cpp: Added.
      (JSC):
      (JSC::NameInstance::NameInstance):
      (JSC::NameInstance::destroy):
      * runtime/NameInstance.h: Added.
      (JSC):
      (NameInstance):
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::create):
      (JSC::NameInstance::privateName):
      (JSC::NameInstance::nameString):
      (JSC::NameInstance::finishCreation):
      (JSC::isName):
          - Added instance.
      * runtime/NamePrototype.cpp: Added.
      (JSC):
      (JSC::NamePrototype::NamePrototype):
      (JSC::NamePrototype::finishCreation):
      (JSC::NamePrototype::getOwnPropertySlot):
      (JSC::NamePrototype::getOwnPropertyDescriptor):
      (JSC::privateNameProtoFuncToString):
      * runtime/NamePrototype.h: Added.
      (JSC):
      (NamePrototype):
      (JSC::NamePrototype::create):
      (JSC::NamePrototype::createStructure):
          - Added prototype.
      * runtime/PrivateName.h: Added.
      (JSC):
      (PrivateName):
      (JSC::PrivateName::PrivateName):
      (JSC::PrivateName::uid):
          - A private name object holds a StringImpl that can be used as a unique key in a property map.
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::find):
      (JSC::PropertyTable::findWithString):
          - Strings should only match keys in the table that are identifiers.
      * runtime/PropertyName.h:
      (JSC::PropertyName::PropertyName):
      (PropertyName):
      (JSC::PropertyName::uid):
      (JSC::PropertyName::publicName):
      (JSC::PropertyName::asIndex):
      (JSC::operator==):
      (JSC::operator!=):
          - replaced impl() & ustring() with uid() [to get the raw impl] and publicName() [impl or null, if not an identifier].
      * runtime/Structure.cpp:
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::getPropertyNamesFromStructure):
      * runtime/Structure.h:
      (JSC::Structure::get):
          - call uid() to get a PropertyName raw impl, for use as a key.
      
      Source/WebCore: 
      
      Test: fast/js/names.html
      
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::cssPropertyIDForJSCSSPropertyName):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::findAtomicString):
      (WebCore::objectToStringFunctionGetter):
      * bindings/js/JSDOMBinding.h:
      (WebCore::propertyNameToString):
      (WebCore::propertyNameToAtomicString):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::nonCachingStaticFunctionGetter):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::nonCachingStaticBackFunctionGetter):
      (WebCore::nonCachingStaticForwardFunctionGetter):
      (WebCore::nonCachingStaticGoFunctionGetter):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::nonCachingStaticReplaceFunctionGetter):
      (WebCore::nonCachingStaticReloadFunctionGetter):
      (WebCore::nonCachingStaticAssignFunctionGetter):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::getMethod):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::methodsNamed):
      (JavaClass::fieldNamed):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      * bridge/objc/objc_class.mm:
      (JSC::Bindings::ObjcClass::methodsNamed):
      (JSC::Bindings::ObjcClass::fieldNamed):
      (JSC::Bindings::ObjcClass::fallbackObject):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
          - Removed PropertyName::impl(), call publicName() to get the string associated with a name.
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyClass::methodsNamed):
      (WebKit::ProxyClass::fieldNamed):
      (WebKit::ProxyInstance::getMethod):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
          - Removed PropertyName::impl(), call publicName() to get the string associated with a name.
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      (WebKit::JSNPObject::methodGetter):
          - Removed PropertyName::impl(), call publicName() to get the string associated with a name.
      
      Source/WTF: 
      
      * wtf/text/StringImpl.h:
      (WTF::StringImpl::StringImpl):
      (StringImpl):
      (WTF::StringImpl::createEmptyUnique):
      (WTF::StringImpl::isEmptyUnique):
          - Allow empty string impls to be allocated, which can be used as unique keys.
      
      LayoutTests: 
      
      * fast/js/names-expected.txt: Added.
      * fast/js/names.html: Added.
      * fast/js/script-tests/names.js: Added.
          - Added test cases.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117859 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6c9b264e
  30. 11 May, 2012 1 commit
    • barraclough@apple.com's avatar
      Introduce PropertyName class · 38d3c75b
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86241
      
      Reviewed by Geoff Garen.
      
      Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
      This change paves the way to allow for properties keyed by values that are not Identifiers.
      
      This change is largely a mechanical find & replace.
      It also changes JSFunction's constructor to take a UString& instead of an Identifier&
      (since in some cases we can no longer guarantee that we'lll have an Identifier), and
      unifies Identifier's methods to obtain array indices onto PropertyName.
      
      The new PropertyName class retains the ability to support .impl() and .ustring(), but
      in a future patch we may need to rework this, since not all PropertyNames should be
      equal based on their string representation.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlot):
      (JSC::::getOwnPropertyDescriptor):
      (JSC::::put):
      (JSC::::deleteProperty):
      (JSC::::getStaticValue):
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertySlot):
      (JSC::DebuggerActivation::put):
      (JSC::DebuggerActivation::putDirectVirtual):
      (JSC::DebuggerActivation::deleteProperty):
      (JSC::DebuggerActivation::getOwnPropertyDescriptor):
      (JSC::DebuggerActivation::defineOwnProperty):
      * debugger/DebuggerActivation.h:
      (DebuggerActivation):
      * jsc.cpp:
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      (ArrayConstructor):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      (JSC::putProperty):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      (BooleanPrototype):
      * runtime/ClassInfo.h:
      (MethodTable):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      (DateConstructor):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::getOwnPropertySlot):
      (JSC::DatePrototype::getOwnPropertyDescriptor):
      * runtime/DatePrototype.h:
      (DatePrototype):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      (ErrorPrototype):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      (FunctionPrototype):
      * runtime/Identifier.cpp:
      (JSC):
      * runtime/Identifier.h:
      (Identifier):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::deleteProperty):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      * runtime/JSArray.h:
      (JSArray):
      (JSC):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSBoundFunction.h:
      (JSBoundFunction):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnPropertySlot):
      (JSC::JSCell::put):
      (JSC::JSCell::deleteProperty):
      (JSC::JSCell::putDirectVirtual):
      (JSC::JSCell::defineOwnProperty):
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::argumentsGetter):
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::lengthGetter):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::put):
      (JSC::JSFunction::deleteProperty):
      (JSC::JSFunction::defineOwnProperty):
      (JSC::getCalculatedDisplayName):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      (JSC::JSGlobalObject::symbolTableHasProperty):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::getOwnPropertySlot):
      (JSC::JSNotAnObject::getOwnPropertyDescriptor):
      (JSC::JSNotAnObject::put):
      (JSC::JSNotAnObject::deleteProperty):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::getOwnPropertySlot):
      (JSC::JSONObject::getOwnPropertyDescriptor):
      * runtime/JSONObject.h:
      (JSONObject):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::hasProperty):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::hasOwnProperty):
      (JSC::callDefaultValueFunction):
      (JSC::JSObject::findPropertyHashEntry):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::JSObject::getPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectLocation):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::getOwnPropertySlot):
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSObject::getPropertySlot):
      (JSC::JSObject::get):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::JSValue::get):
      (JSC::JSValue::put):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSStaticScopeObject.h:
      (JSStaticScopeObject):
      * runtime/JSString.cpp:
      (JSC::JSString::getOwnPropertySlot):
      (JSC::JSString::getStringPropertyDescriptor):
      * runtime/JSString.h:
      (JSString):
      (JSC::JSString::getStringPropertySlot):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/JSValue.h:
      (JSC):
      (JSValue):
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::deleteProperty):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::putDirectVirtual):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::symbolTablePut):
      (JSC::JSVariableObject::symbolTablePutWithAttributes):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::entry):
      (JSC):
      (JSC::getStaticPropertySlot):
      (JSC::getStaticPropertyDescriptor):
      (JSC::getStaticFunctionSlot):
      (JSC::getStaticFunctionDescriptor):
      (JSC::getStaticValueSlot):
      (JSC::getStaticValueDescriptor):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::getOwnPropertySlot):
      (JSC::MathObject::getOwnPropertyDescriptor):
      * runtime/MathObject.h:
      (MathObject):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC):
      (JSC::NumberConstructor::finishCreation):
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      (JSC::NumberConstructor::put):
      (JSC::numberConstructorNaNValue):
      (JSC::numberConstructorNegInfinity):
      (JSC::numberConstructorPosInfinity):
      (JSC::numberConstructorMaxValue):
      (JSC::numberConstructorMinValue):
      * runtime/NumberConstructor.h:
      (NumberConstructor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      (NumberPrototype):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::ObjectConstructor::getOwnPropertySlot):
      (JSC::ObjectConstructor::getOwnPropertyDescriptor):
      * runtime/ObjectConstructor.h:
      (ObjectConstructor):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::defineOwnProperty):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertySlot.h:
      (PropertySlot):
      (JSC::PropertySlot::getValue):
      * runtime/RegExpConstructor.cpp:
      (JSC):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::RegExpConstructor::getOwnPropertySlot):
      (JSC::RegExpConstructor::getOwnPropertyDescriptor):
      (JSC::regExpConstructorDollar1):
      (JSC::regExpConstructorDollar2):
      (JSC::regExpConstructorDollar3):
      (JSC::regExpConstructorDollar4):
      (JSC::regExpConstructorDollar5):
      (JSC::regExpConstructorDollar6):
      (JSC::regExpConstructorDollar7):
      (JSC::regExpConstructorDollar8):
      (JSC::regExpConstructorDollar9):
      (JSC::regExpConstructorInput):
      (JSC::regExpConstructorMultiline):
      (JSC::regExpConstructorLastMatch):
      (JSC::regExpConstructorLastParen):
      (JSC::regExpConstructorLeftContext):
      (JSC::regExpConstructorRightContext):
      (JSC::RegExpConstructor::put):
      * runtime/RegExpConstructor.h:
      (RegExpConstructor):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertySlot):
      (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
      (JSC::RegExpMatchesArray::put):
      (JSC::RegExpMatchesArray::deleteProperty):
      (JSC::RegExpMatchesArray::defineOwnProperty):
      * runtime/RegExpObject.cpp:
      (JSC):
      (JSC::RegExpObject::getOwnPropertySlot):
      (JSC::RegExpObject::getOwnPropertyDescriptor):
      (JSC::RegExpObject::deleteProperty):
      (JSC::RegExpObject::defineOwnProperty):
      (JSC::regExpObjectGlobal):
      (JSC::regExpObjectIgnoreCase):
      (JSC::regExpObjectMultiline):
      (JSC::regExpObjectSource):
      (JSC::RegExpObject::put):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      (RegExpPrototype):
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::deleteProperty):
      * runtime/StrictEvalActivation.h:
      (StrictEvalActivation):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      (StringConstructor):
      * runtime/StringObject.cpp:
      (JSC::StringObject::getOwnPropertySlot):
      (JSC::StringObject::getOwnPropertyDescriptor):
      (JSC::StringObject::put):
      (JSC::StringObject::defineOwnProperty):
      (JSC::StringObject::deleteProperty):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::getOwnPropertySlot):
      (JSC::StringPrototype::getOwnPropertyDescriptor):
      * runtime/StringPrototype.h:
      (StringPrototype):
      * runtime/Structure.cpp:
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::get):
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::cssPropertyIDForJSCSSPropertyName):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertyDescriptorDelegate):
      (WebCore::JSCSSStyleDeclaration::putDelegate):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::findAtomicString):
      (WebCore::objectToStringFunctionGetter):
      * bindings/js/JSDOMBinding.h:
      (WebCore):
      (WebCore::propertyNameToString):
      (WebCore::propertyNameToAtomicString):
      * bindings/js/JSDOMMimeTypeArrayCustom.cpp:
      (WebCore::JSDOMMimeTypeArray::canGetItemsForName):
      (WebCore::JSDOMMimeTypeArray::nameGetter):
      * bindings/js/JSDOMPluginArrayCustom.cpp:
      (WebCore::JSDOMPluginArray::canGetItemsForName):
      (WebCore::JSDOMPluginArray::nameGetter):
      * bindings/js/JSDOMPluginCustom.cpp:
      (WebCore::JSDOMPlugin::canGetItemsForName):
      (WebCore::JSDOMPlugin::nameGetter):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::canGetItemsForName):
      (WebCore::JSDOMStringMap::nameGetter):
      (WebCore::JSDOMStringMap::deleteProperty):
      (WebCore::JSDOMStringMap::putDelegate):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::nonCachingStaticFunctionGetter):
      (WebCore::childFrameGetter):
      (WebCore::namedItemGetter):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindow::put):
      (WebCore::JSDOMWindow::deleteProperty):
      (WebCore::JSDOMWindow::defineOwnProperty):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlot):
      (WebCore::JSDOMWindowShell::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindowShell::put):
      (WebCore::JSDOMWindowShell::putDirectVirtual):
      (WebCore::JSDOMWindowShell::defineOwnProperty):
      (WebCore::JSDOMWindowShell::deleteProperty):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHTMLAllCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::callHTMLAllCollection):
      (WebCore::JSHTMLAllCollection::canGetItemsForName):
      (WebCore::JSHTMLAllCollection::nameGetter):
      (WebCore::JSHTMLAllCollection::item):
      * bindings/js/JSHTMLAppletElementCustom.cpp:
      (WebCore::JSHTMLAppletElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLAppletElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLAppletElement::putDelegate):
      * bindings/js/JSHTMLCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::JSHTMLCollection::canGetItemsForName):
      (WebCore::JSHTMLCollection::nameGetter):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::canGetItemsForName):
      (WebCore::JSHTMLDocument::nameGetter):
      * bindings/js/JSHTMLEmbedElementCustom.cpp:
      (WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLEmbedElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLEmbedElement::putDelegate):
      * bindings/js/JSHTMLFormElementCustom.cpp:
      (WebCore::JSHTMLFormElement::canGetItemsForName):
      (WebCore::JSHTMLFormElement::nameGetter):
      * bindings/js/JSHTMLFrameSetElementCustom.cpp:
      (WebCore::JSHTMLFrameSetElement::canGetItemsForName):
      (WebCore::JSHTMLFrameSetElement::nameGetter):
      * bindings/js/JSHTMLObjectElementCustom.cpp:
      (WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLObjectElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLObjectElement::putDelegate):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::nonCachingStaticBackFunctionGetter):
      (WebCore::nonCachingStaticForwardFunctionGetter):
      (WebCore::nonCachingStaticGoFunctionGetter):
      (WebCore::JSHistory::getOwnPropertySlotDelegate):
      (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHistory::putDelegate):
      (WebCore::JSHistory::deleteProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::nonCachingStaticReplaceFunctionGetter):
      (WebCore::nonCachingStaticReloadFunctionGetter):
      (WebCore::nonCachingStaticAssignFunctionGetter):
      (WebCore::JSLocation::getOwnPropertySlotDelegate):
      (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
      (WebCore::JSLocation::putDelegate):
      (WebCore::JSLocation::deleteProperty):
      (WebCore::JSLocation::defineOwnProperty):
      (WebCore::JSLocationPrototype::putDelegate):
      (WebCore::JSLocationPrototype::defineOwnProperty):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::canGetItemsForName):
      (WebCore::JSNamedNodeMap::nameGetter):
      * bindings/js/JSNodeListCustom.cpp:
      (WebCore::JSNodeList::canGetItemsForName):
      (WebCore::JSNodeList::nameGetter):
      * bindings/js/JSPluginElementFunctions.cpp:
      (WebCore::runtimeObjectPropertyGetter):
      (WebCore::runtimeObjectCustomGetOwnPropertySlot):
      (WebCore::runtimeObjectCustomGetOwnPropertyDescriptor):
      (WebCore::runtimeObjectCustomPut):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::canGetItemsForName):
      (WebCore::JSStorage::nameGetter):
      (WebCore::JSStorage::deleteProperty):
      (WebCore::JSStorage::putDelegate):
      * bindings/js/JSStyleSheetListCustom.cpp:
      (WebCore::JSStyleSheetList::canGetItemsForName):
      (WebCore::JSStyleSheetList::nameGetter):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::getOwnPropertySlotDelegate):
      (WebCore::JSWorkerContext::getOwnPropertyDescriptorDelegate):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertySlotBody):
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_class.h:
      (CClass):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      (JSC::Bindings::CInstance::getMethod):
      * bridge/c/c_instance.h:
      (CInstance):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::methodsNamed):
      (JavaClass::fieldNamed):
      * bridge/jni/jsc/JavaClassJSC.h:
      (JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaRuntimeMethod::create):
      (JavaRuntimeMethod::finishCreation):
      * bridge/jni/jsc/JavaInstanceJSC.h:
      (JavaInstance):
      * bridge/jsc/BridgeJSC.h:
      (Class):
      (JSC::Bindings::Class::fallbackObject):
      (JSC::Bindings::Instance::setValueOfUndefinedField):
      (Instance):
      (JSC::Bindings::Instance::getOwnPropertySlot):
      (JSC::Bindings::Instance::getOwnPropertyDescriptor):
      (JSC::Bindings::Instance::put):
      * bridge/objc/objc_class.h:
      (ObjcClass):
      * bridge/objc/objc_class.mm:
      (JSC::Bindings::ObjcClass::methodsNamed):
      (JSC::Bindings::ObjcClass::fieldNamed):
      (JSC::Bindings::ObjcClass::fallbackObject):
      * bridge/objc/objc_instance.h:
      (ObjcInstance):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::finishCreation):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::create):
      (JSC::Bindings::ObjcFallbackObjectImp::propertyName):
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertyDescriptor):
      (JSC::Bindings::ObjcFallbackObjectImp::put):
      (JSC::Bindings::callObjCFallbackObject):
      (JSC::Bindings::ObjcFallbackObjectImp::deleteProperty):
      (JSC::Bindings::ObjcFallbackObjectImp::defaultValue):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::lengthGetter):
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertyDescriptor):
      (JSC::RuntimeArray::put):
      (JSC::RuntimeArray::deleteProperty):
      * bridge/runtime_array.h:
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      (JSC::RuntimeMethod::lengthGetter):
      (JSC::RuntimeMethod::getOwnPropertySlot):
      (JSC::RuntimeMethod::getOwnPropertyDescriptor):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
      (JSC::Bindings::RuntimeObject::fieldGetter):
      (JSC::Bindings::RuntimeObject::methodGetter):
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      (JSC::Bindings::RuntimeObject::getOwnPropertyDescriptor):
      (JSC::Bindings::RuntimeObject::put):
      (JSC::Bindings::RuntimeObject::deleteProperty):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/ProxyInstance.h:
      (ProxyInstance):
      * Plugins/Hosted/ProxyInstance.mm:
      (ProxyClass):
      (WebKit::ProxyClass::methodsNamed):
      (WebKit::ProxyClass::fieldNamed):
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getMethod):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (JSNPObject):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116828 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      38d3c75b
  31. 28 Apr, 2012 1 commit
    • ggaren@apple.com's avatar
      Clarified JSGlobalData (JavaScript VM) lifetime · c143e90f
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85142
      
      Reviewed by Anders Carlsson.
      
      Source/JavaScriptCore: 
      
      This was so confusing that I didn't feel like I could reason about 
      memory lifetime in the heap without fixing it.
      
      The rules are:
      
      (1) JSGlobalData owns the virtual machine and all memory in it.
      
      (2) Deleting a JSGlobalData frees the virtual machine and all memory 
      in it.
      
      (Caveat emptor: if you delete the virtual machine while you're running 
      JIT code or accessing GC objects, you're gonna have a bad time.)
      
      (I opted not to make arbitrary sub-objects keep the virtual machine 
      alive automatically because:
      
              (a) doing that right would be complex and slow;
      
              (b) in the case of an exiting thread or process, there's no 
              clear way to give the garbage collector a chance to try again 
              later; 
      
              (c) continuing to run the garbage collector after we've been 
              asked to shut down the virtual machine seems rude;
      
              (d) we've never really supported that feature, anyway.)
      
      (3) Normal ref-counting will do. No need to call a battery of 
      specialty functions to tear down a JSGlobalData. Its foibles 
      notwithstanding, C++ does in fact know how to execute destructors in 
      order.
      
      * API/JSContextRef.cpp:
      (JSGlobalContextCreate): Removed compatibility shim for older 
      operating systems because it's no longer used.
      
      (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do 
      the right thing", this code is much simpler. We still have one special 
      case to notify the garbage collector if we're removing the last 
      reference to the global object, since this can improve memory behavior.
      
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::freeAllBlocks):
      * heap/CopiedSpace.h:
      (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true 
      destruction-time behaviors should be limited to our C++ destructor.
      
      * heap/Heap.cpp:
      (JSC::Heap::~Heap):
      (JSC):
      (JSC::Heap::lastChanceToFinalize):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because 
      true destruction-time behaviors should be limited to our C++ 
      destructor.
      
      Reorganized the code, putting code that must run before any objects 
      get torn down into lastChanceToFinalize, and code that just tears down 
      objects into our destructor.
      
      * heap/Local.h:
      (JSC::LocalStack::LocalStack):
      (JSC::LocalStack::push):
      (LocalStack): See rule (2).
      
      * jsc.cpp:
      (functionQuit):
      (main):
      (printUsageStatement):
      (parseArguments):
      (jscmain):
      * testRegExp.cpp:
      (main):
      (printUsageStatement):
      (parseArguments):
      (realMain): See rule (3).
      
      I removed the feature of ensuring orderly tear-down when calling quit()
      or running in --help mode because it didn't seem very useful and 
      making it work with Windows structured exception handling and 
      NO_RETURN didn't seem like a fun way to spend a Saturday.
      
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data 
      member in JSGlobalData to ensure that it's destructed last, so other 
      objects that reference it destruct without crashing. This allowed me 
      to remove clearBuiltinStructures() altogether, and helped guarantee 
      rule (3).
      
      (JSC::JSGlobalData::~JSGlobalData): Explicitly call 
      lastChanceToFinalize() at the head of our destructor to ensure that 
      all pending finalizers run while the virtual machine is still in a 
      valid state. Trying to resurrect (re-ref) the virtual machine at this 
      point is not valid, but all other operations are.
      
      Changed a null to a 0xbbadbeef to clarify just how bad this beef is.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::init):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::globalData): See rule (3).
      
      Source/WebCore: 
      
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::~WorkerScriptController): Slightly 
      simpler than before. We can't just rely on our default destructor 
      because we need to hold the JSLock when we tear down the VM.
      
      * bridge/NP_jsobject.cpp:
      (_NPN_InvokeDefault):
      (_NPN_Invoke):
      (_NPN_Evaluate):
      (_NPN_Construct): Don't RefPtr<> the JSGlobalData because it makes it 
      seem like you know something the rest of our code doesn't know. The 
      plugin JSGlobalData is immortal, anyway.
      
      I also removed some timeout checker related code because that feature 
      doesn't work anymore, so it was effectively dead code.
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::invoke):
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      (WebKit::NetscapePluginInstanceProxy::construct):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@115579 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c143e90f
  32. 29 Mar, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Refactor recompileAllJSFunctions() to be less expensive · cab4752f
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80330
      
      Reviewed by Filip Pizlo.
      
      This change is performance neutral on the JS benchmarks we track. It's mostly to improve page
      load performance, which currently does at least a couple full GCs per navigation.
      
      * heap/Heap.cpp:
      (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode
      because the function doesn't actually recompile anything (and never did); it simply throws code
      away for it to be recompiled later if we determine we should do so.
      (JSC):
      (JSC::Heap::collectAllGarbage):
      (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
      (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
      * heap/Heap.h:
      (JSC):
      (Heap):
      * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can
      be used in DoublyLinkedLists.
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
      * runtime/Executable.h:
      (FunctionExecutable):
      (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
      * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage
      the list of FunctionExecutables.
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@112624 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cab4752f
  33. 07 Mar, 2012 1 commit