1. 27 Mar, 2013 1 commit
  2. 26 Mar, 2013 1 commit
    • fpizlo@apple.com's avatar
      JSC_enableProfiler=true should also cause JSGlobalData to save the profiler output somewhere · 7183460c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=113144
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Added the ability to save profiler output with JSC_enableProfiler=true. It will save it
      to the current directory, or JSC_PROFILER_PATH if the latter was specified.
              
      This works by saving the Profiler::Database either when it is destroyed or atexit(),
      whichever happens first.
              
      This allows use of the profiler from any WebKit client.
      
      * jsc.cpp:
      (jscmain):
      * profiler/ProfilerDatabase.cpp:
      (Profiler):
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::~Database):
      (JSC::Profiler::Database::registerToSaveAtExit):
      (JSC::Profiler::Database::addDatabaseToAtExit):
      (JSC::Profiler::Database::removeDatabaseFromAtExit):
      (JSC::Profiler::Database::performAtExitSave):
      (JSC::Profiler::Database::removeFirstAtExitDatabase):
      (JSC::Profiler::Database::atExitCallback):
      * profiler/ProfilerDatabase.h:
      (JSC::Profiler::Database::databaseID):
      (Database):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
              
      I got tired of the fact that getpid(2) is not a syscall on Windows (unless you do
      _getpid() I believe), so I wrote a header that abstracts it. I also changed existing
      code that uses getpid() to use WTF::getCurrentProcessID().
      
      * GNUmakefile.list.am:
      * WTF.gypi:
      * WTF.pro:
      * WTF.vcproj/WTF.vcproj:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/CMakeLists.txt:
      * wtf/MetaAllocator.cpp:
      (WTF::MetaAllocator::dumpProfile):
      * wtf/ProcessID.h: Added.
      (WTF):
      (WTF::getCurrentProcessID):
      * wtf/text/StringImpl.cpp:
      (WTF::StringStats::printStats):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146932 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7183460c
  3. 25 Mar, 2013 1 commit
  4. 22 Mar, 2013 3 commits
    • mhahnenberg@apple.com's avatar
      opaqueJSClassData should be cached on JSGlobalObject, not the JSGlobalData · ad21fd2f
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=113086
      
      Reviewed by Geoffrey Garen.
      
      opaqueJSClassData stores cached prototypes for JSClassRefs in the C API. It doesn't make sense to 
      share these prototypes within a JSGlobalData across JSGlobalObjects, and in fact doing so will cause 
      a leak of the original JSGlobalObject that these prototypes were created in. Therefore we should move 
      this cache to JSGlobalObject where it belongs and where it won't cause memory leaks.
      
      * API/JSBase.cpp: Needed to add an extern "C" so that testapi.c can use the super secret GC function.
      * API/JSClassRef.cpp: We now grab the cached context data from the global object rather than the global data.
      (OpaqueJSClass::contextData):
      * API/JSClassRef.h: Remove this header because it's unnecessary and causes circular dependencies.
      * API/tests/testapi.c: Added a new test that makes sure that using the same JSClassRef in two different contexts
      doesn't cause leaks of the original global object.
      (leakFinalize):
      (nestedAllocateObject): This is a hack to bypass the conservative scan of the GC, which was unnecessarily marking
      objects and keeping them alive, ruining the test result.
      (testLeakingPrototypesAcrossContexts):
      (main):
      * API/tests/testapi.mm: extern "C" this so we can continue using it here.
      * runtime/JSGlobalData.cpp: Remove JSClassRef related stuff.
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.h: Add the stuff that JSGlobalData had. We add it to JSGlobalObjectRareData so that 
      clients who don't use the C API don't have to pay the memory cost of this extra HashMap.
      (JSGlobalObject):
      (JSGlobalObjectRareData):
      (JSC::JSGlobalObject::opaqueJSClassData):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146682 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ad21fd2f
    • fpizlo@apple.com's avatar
      Fix some minor issues in the DFG's profiling of heap accesses · c5c0fa4e
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=113010
      
      Reviewed by Goeffrey Garen.
              
      1) If a CodeBlock gets jettisoned by GC, we should count the exit sites.
      
      2) If a CodeBlock clears a structure stub during GC, it should record this, and
      the DFG should prefer to not inline that access (i.e. treat it as if it had an
      exit site).
      
      3) If a PutById was seen by the baseline JIT, and the JIT attempted to cache it,
      but it chose not to, then assume that it will take slow path.
      
      4) If we frequently exited because of a structure check on a weak constant,
      don't try to inline that access in the future.
      
      5) Treat all exits that were counted as being frequent.
              
      81% speed-up on Octane/gbemu. Small speed-ups elsewhere, and no regressions.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC):
      (JSC::CodeBlock::resetStubDuringGCInternal):
      (JSC::CodeBlock::reoptimize):
      (JSC::CodeBlock::jettison):
      (JSC::ProgramCodeBlock::jettisonImpl):
      (JSC::EvalCodeBlock::jettisonImpl):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::tallyFrequentExitSites):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::tallyFrequentExitSites):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFor):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFor):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::StructureStubInfo):
      (StructureStubInfo):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
      * dfg/DFGOSRExit.h:
      (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
      (OSRExit):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Options.h:
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146669 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c5c0fa4e
    • rniwa@webkit.org's avatar
      Leak bots erroneously report JSC::WatchpointSet as leaking · 3340cf93
      rniwa@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=107781
      
      Reviewed by Filip Pizlo.
      
      Since leaks doesn't support tagged pointers, avoid using it by flipping the bit flag to indicate
      the entry is "fat". We set the flag when the entry is NOT fat; i.e. slim.
      
      Replaced FatFlag by SlimFlag and initialized m_bits with this flag to indicate that the entry is
      initially "slim".
      
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTableEntry::copySlow): Don't set FatFlag since it has been replaced by SlimFlag.
      (JSC::SymbolTableEntry::inflateSlow): Ditto.
      
      * runtime/SymbolTable.h:
      (JSC::SymbolTableEntry::Fast::Fast): Set SlimFlag by default.
      (JSC::SymbolTableEntry::Fast::isNull): Ignore SlimFlag.
      (JSC::SymbolTableEntry::Fast::isFat): An entry is fat when m_bits is not entirely zero and SlimFlag
      is not set.
      
      (JSC::SymbolTableEntry::SymbolTableEntry): Set SlimFlag by default.
      (JSC::SymbolTableEntry::SymbolTableEntry::getFast): Set SlimFlag when creating Fast from a fat entry.
      (JSC::SymbolTableEntry::isNull): Ignore SlimFlag.
      (JSC::SymbolTableEntry::FatEntry::FatEntry): Strip SlimFlag.
      (JSC::SymbolTableEntry::isFat): An entry is fat when m_bits is not entirely zero and SlimFlag is unset.
      (JSC::SymbolTableEntry::fatEntry): Don't strip FatFlag as this flag doesn't exist anymore.
      (JSC::SymbolTableEntry::pack): Preserve SlimFlag.
      
      (JSC::SymbolTableIndexHashTraits): empty value is no longer zero so don't set emptyValueIsZero true.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146568 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3340cf93
  5. 21 Mar, 2013 3 commits
    • fpizlo@apple.com's avatar
      JSC profiler should have an at-a-glance report of the success of DFG optimization · 791dfcbf
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112988
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * profiler/ProfilerCompilation.cpp:
      (JSC::Profiler::Compilation::Compilation):
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompilation.h:
      (JSC::Profiler::Compilation::noticeInlinedGetById):
      (JSC::Profiler::Compilation::noticeInlinedPutById):
      (JSC::Profiler::Compilation::noticeInlinedCall):
      (Compilation):
      * runtime/CommonIdentifiers.h:
      
      Tools: 
      
      * Scripts/display-profiler-output:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146548 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      791dfcbf
    • commit-queue@webkit.org's avatar
      [BlackBerry] GCActivityCallback: replace JSLock with JSLockHolder · eb79cda9
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=112448
      
      Patch by Alberto Garcia <agarcia@igalia.com> on 2013-03-21
      Reviewed by Xan Lopez.
      
      This changed in r121381.
      
      * runtime/GCActivityCallbackBlackBerry.cpp:
      (JSC::DefaultGCActivityCallback::doWork):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146502 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      eb79cda9
    • mhahnenberg@apple.com's avatar
      Objective-C API: wrapperClass holds a static JSClassRef, which causes JSGlobalObjects to leak · ff81d056
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112856
      
      Reviewed by Geoffrey Garen.
      
      Through a very convoluted path that involves the caching of prototypes on the JSClassRef, we can leak 
      JSGlobalObjects when inserting an Objective-C object into multiple independent JSContexts.
      
      * API/JSAPIWrapperObject.cpp: Removed.
      * API/JSAPIWrapperObject.h:
      (JSAPIWrapperObject):
      * API/JSAPIWrapperObject.mm: Copied from Source/JavaScriptCore/API/JSAPIWrapperObject.cpp. Made this an
      Objective-C++ file so that we can call release on the wrappedObject. Also added a WeakHandleOwner for 
      JSAPIWrapperObjects. This will also be used in a future patch for https://bugs.webkit.org/show_bug.cgi?id=112608.
      (JSAPIWrapperObjectHandleOwner):
      (jsAPIWrapperObjectHandleOwner):
      (JSAPIWrapperObjectHandleOwner::finalize): This finalize replaces the old finalize that was done through
      the C API.
      (JSC::JSAPIWrapperObject::finishCreation): Allocate the WeakImpl. Balanced in finalize.
      (JSC::JSAPIWrapperObject::setWrappedObject): We now do the retain of the wrappedObject here rather than in random
      places scattered around JSWrapperMap.mm
      * API/JSObjectRef.cpp: Added some ifdefs for platforms that don't support the Obj-C API.
      (JSObjectGetPrivate): Ditto.
      (JSObjectSetPrivate): Ditto.
      (JSObjectGetPrivateProperty): Ditto.
      (JSObjectSetPrivateProperty): Ditto.
      (JSObjectDeletePrivateProperty): Ditto.
      * API/JSValueRef.cpp: Ditto.
      (JSValueIsObjectOfClass): Ditto.
      * API/JSWrapperMap.mm: Remove wrapperClass().
      (objectWithCustomBrand): Change to no longer use a parent class, which was only used to give the ability to 
      finalize wrapper objects.
      (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]): Change to no longer use wrapperClass(). 
      (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): Ditto.
      (tryUnwrapObjcObject): We now check if the object inherits from JSAPIWrapperObject.
      * API/tests/testapi.mm: Added a test that exports an Objective-C object to two different JSContexts and makes 
      sure that the first one is collected properly by using a weak JSManagedValue for the wrapper in the first JSContext.
      * CMakeLists.txt: Build file modifications.
      * GNUmakefile.list.am: Ditto.
      * JavaScriptCore.gypi: Ditto.
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Ditto.
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
      * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
      * runtime/JSGlobalObject.cpp: More ifdefs for unsupported platforms.
      (JSC::JSGlobalObject::reset): Ditto.
      (JSC::JSGlobalObject::visitChildren): Ditto.
      * runtime/JSGlobalObject.h: Ditto.
      (JSGlobalObject): Ditto.
      (JSC::JSGlobalObject::objcCallbackFunctionStructure): Ditto.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146494 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ff81d056
  6. 20 Mar, 2013 3 commits
    • fpizlo@apple.com's avatar
      Fix indentation of JSString.h · 494f2d9a
      fpizlo@apple.com authored
      Rubber stamped by Mark Hahnenberg.
      
      * runtime/JSString.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146407 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      494f2d9a
    • fpizlo@apple.com's avatar
      It's called "Hash Consing" not "Hash Consting" · 8fa6e667
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112768
      
      Rubber stamped by Mark Hahnenberg.
              
      See http://en.wikipedia.org/wiki/Hash_consing
      
      * heap/GCThreadSharedData.cpp:
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      * heap/GCThreadSharedData.h:
      (GCThreadSharedData):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::SlotVisitor):
      (JSC::SlotVisitor::setup):
      (JSC::SlotVisitor::reset):
      (JSC::JSString::tryHashConsLock):
      (JSC::JSString::releaseHashConsLock):
      (JSC::JSString::shouldTryHashCons):
      (JSC::SlotVisitor::internalAppend):
      * heap/SlotVisitor.h:
      (SlotVisitor):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      (JSC::JSGlobalData::haveEnoughNewStringsToHashCons):
      (JSC::JSGlobalData::resetNewStringsSinceLastHashCons):
      * runtime/JSString.h:
      (JSC::JSString::finishCreation):
      (JSString):
      (JSC::JSString::isHashConsSingleton):
      (JSC::JSString::clearHashConsSingleton):
      (JSC::JSString::setHashConsSingleton):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146383 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8fa6e667
    • fpizlo@apple.com's avatar
      DFG implementation of op_strcat should inline rope allocations · 4463e44f
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112780
      
      Reviewed by Oliver Hunt.
              
      This gets rid of the StrCat node and adds a MakeRope node. The MakeRope node can
      take either two or three operands, and allocates a rope string with either two or
      three fibers. (The magic choice of three children for non-VarArg nodes happens to
      match exactly with the magic choice of three fibers for rope strings.)
              
      ValueAdd on KnownString is replaced with MakeRope with two children.
              
      StrCat gets replaced by an appropriate sequence of MakeRope's.
              
      MakeRope does not do the dynamic check to see if its children are empty strings.
      This is replaced by a static check, instead. The downside is that we may use more
      memory if the strings passed to MakeRope turn out to dynamically be empty. The
      upside is that we do fewer checks in the cases where either the strings are not
      empty, or where the strings are statically known to be empty. I suspect both of
      those cases are more common, than the case where the string is dynamically empty.
              
      This also results in some badness for X86. MakeRope needs six registers if it is
      allocating a three-rope. We don't have six registers to spare on X86. Currently,
      the code side-steps this problem by just never usign three-ropes in optimized
      code on X86. All other architectures, including X86_64, don't have this problem.
              
      This is a shocking speed-up. 9% progressions on both V8/splay and
      SunSpider/date-format-xparb. 1% progression on V8v7 overall, and ~0.5% progression
      on SunSpider. 2x speed-up on microbenchmarks that test op_strcat.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAdjacencyList.h:
      (AdjacencyList):
      (JSC::DFG::AdjacencyList::removeEdge):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
      * dfg/DFGBackwardsPropagationPhase.cpp:
      (JSC::DFG::BackwardsPropagationPhase::propagate):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGDCEPhase.cpp:
      (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::createToString):
      (JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
      (JSC::DFG::FixupPhase::convertStringAddUse):
      (FixupPhase):
      (JSC::DFG::FixupPhase::convertToMakeRope):
      (JSC::DFG::FixupPhase::fixupMakeRope):
      (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileMakeRope):
      (DFG):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (JSC::DFG::SpeculateCellOperand::~SpeculateCellOperand):
      (JSC::DFG::SpeculateCellOperand::gpr):
      (JSC::DFG::SpeculateCellOperand::use):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/JSString.h:
      (JSRopeString):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146382 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4463e44f
  7. 18 Mar, 2013 4 commits
    • fpizlo@apple.com's avatar
      DFG should inline binary string concatenations (i.e. ValueAdd with string children) · 8d225914
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112599
      
      Reviewed by Oliver Hunt.
              
      This does as advertised: if you do x + y where x and y are strings, you'll get
      a fast inlined JSRopeString allocation (along with whatever checks are necessary).
      It also does good things if either x or y (or both) are StringObjects, or some
      other thing like StringOrStringObject. It also lays the groundwork for making this
      fast if either x or y are numbers, or some other reasonably-cheap-to-convert
      value.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::isStringObjectUse):
      (JSC::DFG::FixupPhase::convertStringAddUse):
      (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileAdd):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * runtime/JSString.h:
      (JSC::JSString::offsetOfFlags):
      (JSString):
      (JSRopeString):
      (JSC::JSRopeString::offsetOfFibers):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146164 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8d225914
    • fpizlo@apple.com's avatar
      JSC_NATIVE_FUNCTION() takes an identifier for the name and then uses #name,... · afa61e0c
      fpizlo@apple.com authored
      JSC_NATIVE_FUNCTION() takes an identifier for the name and then uses #name, which is unsafe if name was already #define'd to something else
      https://bugs.webkit.org/show_bug.cgi?id=112639
      
      Reviewed by Michael Saboff.
      
      Change it to take a string instead.
      
      * runtime/JSObject.h:
      (JSC):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::finishCreation):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146157 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      afa61e0c
    • fpizlo@apple.com's avatar
      DFG string conversions and allocations should be inlined · 0e6e1542
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112376
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      This turns new String(), String(), String.prototype.valueOf(), and
      String.prototype.toString() into intrinsics. It gives the DFG the ability to handle
      conversions from StringObject to JSString and vice-versa, and also gives it the
      ability to handle cases where a variable may be either a StringObject or a JSString.
      To do this, I added StringObject to value profiling (and removed the stale
      distinction between Myarguments and Foreignarguments). I also cleaned up ToPrimitive
      handling, using some of the new functionality but also taking advantage of the
      existence of Identity(String:@a).
              
      This is a 2% SunSpider speed-up. Also there are some speed-ups on V8v7 and Kraken.
      On microbenchmarks that stress new String() this is a 14x speed-up.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::hasExitSite):
      (JSC):
      * bytecode/DFGExitProfile.cpp:
      (JSC::DFG::ExitProfile::hasExitSite):
      (DFG):
      * bytecode/DFGExitProfile.h:
      (ExitProfile):
      (JSC::DFG::ExitProfile::hasExitSite):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      * bytecode/ExitKind.h:
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromClassInfo):
      * bytecode/SpeculatedType.h:
      (JSC):
      (JSC::isStringObjectSpeculation):
      (JSC::isStringOrStringObjectSpeculation):
      * create_hash_table:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAbstractState.h:
      (JSC::DFG::AbstractState::filterEdgeByUse):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
      (DFG):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      * dfg/DFGEdge.h:
      (JSC::DFG::Edge::shift):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (FixupPhase):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::hasGlobalExitSite):
      (Graph):
      (JSC::DFG::Graph::hasExitSite):
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToToString):
      (Node):
      (JSC::DFG::Node::hasStructure):
      (JSC::DFG::Node::shouldSpeculateStringObject):
      (JSC::DFG::Node::shouldSpeculateStringOrStringObject):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileNewStringObject):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateStringObject):
      (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (DFG):
      (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      * interpreter/CallFrame.h:
      (JSC::ExecState::regExpPrototypeTable):
      * runtime/CommonIdentifiers.h:
      * runtime/Intrinsic.h:
      * runtime/JSDestructibleObject.h:
      (JSDestructibleObject):
      (JSC::JSDestructibleObject::classInfoOffset):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      * runtime/JSObject.h:
      (JSC):
      * runtime/JSWrapperObject.h:
      (JSC::JSWrapperObject::allocationSize):
      (JSWrapperObject):
      (JSC::JSWrapperObject::internalValueOffset):
      (JSC::JSWrapperObject::internalValueCellOffset):
      * runtime/StringPrototype.cpp:
      (JSC):
      (JSC::StringPrototype::finishCreation):
      (JSC::StringPrototype::create):
      * runtime/StringPrototype.h:
      (StringPrototype):
      
      LayoutTests: 
      
      Reviewed by Geoffrey Garen.
      
      * fast/js/dfg-to-string-bad-toString-expected.txt: Added.
      * fast/js/dfg-to-string-bad-toString.html: Added.
      * fast/js/dfg-to-string-bad-valueOf-expected.txt: Added.
      * fast/js/dfg-to-string-bad-valueOf.html: Added.
      * fast/js/dfg-to-string-int-expected.txt: Added.
      * fast/js/dfg-to-string-int-or-string-expected.txt: Added.
      * fast/js/dfg-to-string-int-or-string.html: Added.
      * fast/js/dfg-to-string-int.html: Added.
      * fast/js/dfg-to-string-side-effect-clobbers-toString-expected.txt: Added.
      * fast/js/dfg-to-string-side-effect-clobbers-toString.html: Added.
      * fast/js/dfg-to-string-side-effect-expected.txt: Added.
      * fast/js/dfg-to-string-side-effect.html: Added.
      * fast/js/dfg-to-string-toString-becomes-bad-expected.txt: Added.
      * fast/js/dfg-to-string-toString-becomes-bad-with-dictionary-string-prototype-expected.txt: Added.
      * fast/js/dfg-to-string-toString-becomes-bad-with-dictionary-string-prototype.html: Added.
      * fast/js/dfg-to-string-toString-becomes-bad.html: Added.
      * fast/js/dfg-to-string-toString-in-string-expected.txt: Added.
      * fast/js/dfg-to-string-toString-in-string.html: Added.
      * fast/js/dfg-to-string-valueOf-becomes-bad-expected.txt: Added.
      * fast/js/dfg-to-string-valueOf-becomes-bad.html: Added.
      * fast/js/dfg-to-string-valueOf-in-string-expected.txt: Added.
      * fast/js/dfg-to-string-valueOf-in-string.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/regress/script-tests/string-concat-object.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-concat-pair-object.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-concat-pair-simple.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-concat-simple.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-cons-repeat.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-cons-tower.js: Added.
      (foo):
      * fast/js/regress/string-concat-object-expected.txt: Added.
      * fast/js/regress/string-concat-object.html: Added.
      * fast/js/regress/string-concat-pair-object-expected.txt: Added.
      * fast/js/regress/string-concat-pair-object.html: Added.
      * fast/js/regress/string-concat-pair-simple-expected.txt: Added.
      * fast/js/regress/string-concat-pair-simple.html: Added.
      * fast/js/regress/string-concat-simple-expected.txt: Added.
      * fast/js/regress/string-concat-simple.html: Added.
      * fast/js/regress/string-cons-repeat-expected.txt: Added.
      * fast/js/regress/string-cons-repeat.html: Added.
      * fast/js/regress/string-cons-tower-expected.txt: Added.
      * fast/js/regress/string-cons-tower.html: Added.
      * fast/js/script-tests/dfg-to-string-bad-toString.js: Added.
      (String.prototype.toString):
      (foo):
      * fast/js/script-tests/dfg-to-string-bad-valueOf.js: Added.
      (String.prototype.valueOf):
      (foo):
      * fast/js/script-tests/dfg-to-string-int-or-string.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-int.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-side-effect-clobbers-toString.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-side-effect.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-toString-becomes-bad-with-dictionary-string-prototype.js: Added.
      (foo):
      (.String.prototype.toString):
      * fast/js/script-tests/dfg-to-string-toString-becomes-bad.js: Added.
      (foo):
      (.String.prototype.toString):
      * fast/js/script-tests/dfg-to-string-toString-in-string.js: Added.
      (foo):
      (.argument.toString):
      * fast/js/script-tests/dfg-to-string-valueOf-becomes-bad.js: Added.
      (foo):
      (.String.prototype.valueOf):
      * fast/js/script-tests/dfg-to-string-valueOf-in-string.js: Added.
      (foo):
      (.argument.valueOf):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146089 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e6e1542
    • fpizlo@apple.com's avatar
      ObjectPrototype properties should be eagerly created rather than lazily via static tables · 85d516bd
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112539
      
      Reviewed by Oliver Hunt.
              
      This is the first part of https://bugs.webkit.org/show_bug.cgi?id=112233. Rolling this
      in first since it's the less-likely-to-be-broken part.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectConstructorTable):
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectNativeFunction):
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::create):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146071 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85d516bd
  8. 15 Mar, 2013 3 commits
    • akling@apple.com's avatar
      Don't also clone StructureRareData when cloning Structure. · 43d78127
      akling@apple.com authored
      <http://webkit.org/b/111672>
      
      Reviewed by Mark Hahnenberg.
      
      We were cloning a lot of StructureRareData with only the previousID pointer set since
      the enumerationCache is not shared between clones.
      
      Let the Structure copy constructor decide whether it wants to clone the rare data.
      The decision is made by StructureRareData::needsCloning() and will currently always
      return false, since StructureRareData only holds on to caches at present.
      This may change in the future as more members are added to StructureRareData.
      
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::cloneRareDataFrom):
      * runtime/StructureInlines.h:
      (JSC::Structure::create):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145947 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43d78127
    • mhahnenberg@apple.com's avatar
      Roll out r145838 · 871ffe65
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112458
      
      Unreviewed. Requested by Filip Pizlo.
      
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectPrototypeTable):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      * runtime/CommonIdentifiers.h:
      * runtime/JSCell.cpp:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::create):
      (ObjectPrototype):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::findWithString):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      
      LayoutTests:
      
      * fast/js/regress/script-tests/string-lookup-hit-identifier.js: Removed.
      * fast/js/regress/script-tests/string-lookup-hit.js: Removed.
      * fast/js/regress/script-tests/string-lookup-miss.js: Removed.
      * fast/js/regress/string-lookup-hit-expected.txt: Removed.
      * fast/js/regress/string-lookup-hit-identifier-expected.txt: Removed.
      * fast/js/regress/string-lookup-hit-identifier.html: Removed.
      * fast/js/regress/string-lookup-hit.html: Removed.
      * fast/js/regress/string-lookup-miss-expected.txt: Removed.
      * fast/js/regress/string-lookup-miss.html: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145945 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      871ffe65
    • msaboff@apple.com's avatar
      Cleanup of DFG and Baseline JIT debugging code · 096abe0e
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=111871
      
      Reviewed by Geoffrey Garen.
      
      Fixed various debug related issue in baseline and DFG JITs. See below.
      
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::dfgLinkClosureCall): Used pointerDump() to handle when calleeCodeBlock is NULL.
      * dfg/DFGScratchRegisterAllocator.h: Now use ScratchBuffer::activeLengthPtr() to get
      pointer to scratch register length.
      (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
      (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkConsistency): Added missing case labels for DataFormatOSRMarker,
      DataFormatDead, and DataFormatArguments and made them RELEASE_ASSERT_NOT_REACHED();
      * jit/JITCall.cpp:
      (JSC::JIT::privateCompileClosureCall): Used pointerDump() to handle when calleeCodeBlock is NULL.
      * jit/JITCall32_64.cpp:
      (JSC::JIT::privateCompileClosureCall): Used pointerDump() to handle when calleeCodeBlock is NULL.
      * runtime/JSGlobalData.h:
      (JSC::ScratchBuffer::ScratchBuffer): Fixed buffer allocation alignment to
      be on a double boundary.
      (JSC::ScratchBuffer::setActiveLength):
      (JSC::ScratchBuffer::activeLength):
      (JSC::ScratchBuffer::activeLengthPtr):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145933 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      096abe0e
  9. 14 Mar, 2013 2 commits
    • mhahnenberg@apple.com's avatar
      Objective-C API: Objective-C functions exposed to JavaScript have the wrong... · 9c4b2105
      mhahnenberg@apple.com authored
      Objective-C API: Objective-C functions exposed to JavaScript have the wrong type (object instead of function)
      https://bugs.webkit.org/show_bug.cgi?id=105892
      
      Reviewed by Geoffrey Garen.
      
      Changed ObjCCallbackFunction to subclass JSCallbackFunction which already has all of the machinery to call
      functions using the C API. Since ObjCCallbackFunction is now a JSCell, we changed the old implementation of
      ObjCCallbackFunction to be the internal implementation and keep track of all the proper data so that we 
      don't have to put all of that in the header, which will now be included from C++ files (e.g. JSGlobalObject.cpp).
      
      * API/JSCallbackFunction.cpp: Change JSCallbackFunction to allow subclassing. Originally it was internally
      passing its own Structure up the chain of constructors, but we now want to be able to pass other Structures as well.
      (JSC::JSCallbackFunction::JSCallbackFunction):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      * API/JSWrapperMap.mm: Changed interface to tryUnwrapBlock.
      (tryUnwrapObjcObject):
      * API/ObjCCallbackFunction.h:
      (ObjCCallbackFunction): Moved into the JSC namespace, just like JSCallbackFunction.
      (JSC::ObjCCallbackFunction::createStructure): Overridden so that the correct ClassInfo gets used since we have 
      a destructor.
      (JSC::ObjCCallbackFunction::impl): Getter for the internal impl.
      * API/ObjCCallbackFunction.mm:
      (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl): What used to be ObjCCallbackFunction is now 
      ObjCCallbackFunctionImpl. It handles the Objective-C specific parts of managing callback functions.
      (JSC::ObjCCallbackFunctionImpl::~ObjCCallbackFunctionImpl):
      (JSC::objCCallbackFunctionCallAsFunction): Same as the old one, but now it casts to ObjCCallbackFunction and grabs the impl 
      rather than using JSObjectGetPrivate.
      (JSC::ObjCCallbackFunction::ObjCCallbackFunction): New bits to allow being part of the JSCell hierarchy.
      (JSC::ObjCCallbackFunction::create):
      (JSC::ObjCCallbackFunction::destroy):
      (JSC::ObjCCallbackFunctionImpl::call): Handles the actual invocation, just like it used to.
      (objCCallbackFunctionForInvocation):
      (tryUnwrapBlock): Changed to check the ClassInfo for inheritance directly, rather than going through the C API call.
      * API/tests/testapi.mm: Added new test to make sure that doing Function.prototype.toString.call(f) won't result in 
      an error when f is an Objective-C method or block underneath the covers.
      * runtime/JSGlobalObject.cpp: Added new Structure for ObjCCallbackFunction.
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::objcCallbackFunctionStructure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9c4b2105
    • fpizlo@apple.com's avatar
      JSObject fast by-string access optimizations should work even on the prototype... · 10c38d3c
      fpizlo@apple.com authored
      JSObject fast by-string access optimizations should work even on the prototype chain, and even when the result is undefined
      https://bugs.webkit.org/show_bug.cgi?id=112233
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Extended the existing fast access path for String keys to work over the entire prototype chain,
      not just the self access case. This will fail as soon as it sees an object that intercepts
      getOwnPropertySlot, so this patch also ensures that ObjectPrototype does not fall into that
      category. This is accomplished by making ObjectPrototype eagerly reify all of its properties.
      This is safe for ObjectPrototype because it's so common and we expect all of its properties to
      be reified for any interesting programs anyway. A new idiom for adding native functions to
      prototypes is introduced, which ought to work well for any other prototypes that we wish to do
      this conversion for.
              
      This is a >60% speed-up in the case that you frequently do by-string lookups that "miss", i.e.
      they don't turn up anything.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectConstructorTable):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      * runtime/CommonIdentifiers.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getByStringSlow):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC):
      (JSC::JSCell::getByStringAndKey):
      (JSC::JSCell::getByString):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectNativeFunction):
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::create):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::findWithString):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      (JSC):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/js/regress/script-tests/string-lookup-hit-identifier.js: Added.
      (result):
      * fast/js/regress/script-tests/string-lookup-hit.js: Added.
      (result):
      * fast/js/regress/script-tests/string-lookup-miss.js: Added.
      (result):
      * fast/js/regress/string-lookup-hit-expected.txt: Added.
      * fast/js/regress/string-lookup-hit-identifier-expected.txt: Added.
      * fast/js/regress/string-lookup-hit-identifier.html: Added.
      * fast/js/regress/string-lookup-hit.html: Added.
      * fast/js/regress/string-lookup-miss-expected.txt: Added.
      * fast/js/regress/string-lookup-miss.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145838 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10c38d3c
  10. 12 Mar, 2013 3 commits
  11. 11 Mar, 2013 1 commit
  12. 07 Mar, 2013 2 commits
    • ggaren@apple.com's avatar
      REGRESSION (r143759): 40% JSBench regression, 20% Octane/closure regression,... · 9b77c40d
      ggaren@apple.com authored
      REGRESSION (r143759): 40% JSBench regression, 20% Octane/closure regression, 40% Octane/jquery regression, 2% Octane regression
      https://bugs.webkit.org/show_bug.cgi?id=111797
      
      Reviewed by Oliver Hunt.
      
      The bot's testing configuration stresses the cache's starting guess
      of 1MB.
      
      This patch removes any starting guess, and just uses wall clock time
      to discover the initial working set size of an app, in code size.
      
      * runtime/CodeCache.cpp:
      (JSC::CodeCacheMap::pruneSlowCase): Update our timer as we go.
      
      Also fixed a bug where pruning from 0 to 0 would hang -- that case is
      a possibility now that we start with a capacity of 0.
      
      * runtime/CodeCache.h:
      (CodeCacheMap):
      (JSC::CodeCacheMap::CodeCacheMap):
      (JSC::CodeCacheMap::add):
      (JSC::CodeCacheMap::prune): Don't prune if we're in the middle of
      discovering the working set size of an app, in code size.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145171 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9b77c40d
    • mhahnenberg@apple.com's avatar
      Objective-C API: Need a good way to reference event handlers without causing cycles · db731edf
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=111088
      
      Reviewed by Geoffrey Garen.
      
      JSManagedValue is like a special kind of weak value. When you create a JSManagedValue, you can
      supply an Objective-C object as its "owner". As long as the Objective-C owner object remains
      alive and its wrapper remains accessible to the JSC garbage collector (e.g. by being marked by 
      the global object), the reference to the JavaScript value is strong. As soon as the Objective-C
      owner is deallocated or its wrapper becomes inaccessible to the garbage collector, the reference
      becomes weak.
      
      If you do not supply an owner or you use the weakValueWithValue: convenience class method, the
      returned JSManagedValue behaves as a normal weak reference.
      
      This new class allows clients to maintain references to JavaScript values in the Objective-C
      heap without creating reference cycles/leaking memory.
      
      * API/JSAPIWrapperObject.cpp: Added.
      (JSC):
      (JSC::::createStructure):
      (JSC::JSAPIWrapperObject::JSAPIWrapperObject): This is a special JSObject for the Objective-C API that knows
      for the purposes of garbage collection/marking that it wraps an opaque Objective-C object.
      (JSC::JSAPIWrapperObject::visitChildren): We add the pointer to the wrapped Objective-C object to the set of
      opaque roots so that the weak handle owner for JSManagedValues can find it later.
      * API/JSAPIWrapperObject.h: Added.
      (JSC):
      (JSAPIWrapperObject):
      (JSC::JSAPIWrapperObject::wrappedObject):
      (JSC::JSAPIWrapperObject::setWrappedObject):
      * API/JSBase.cpp:
      (JSSynchronousGarbageCollect):
      * API/JSBasePrivate.h:
      * API/JSCallbackObject.cpp:
      (JSC):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::destroy): Moved this to the header so that we don't get link errors with JSAPIWrapperObject.
      * API/JSContext.mm:
      (-[JSContext initWithVirtualMachine:]): We weren't adding manually allocated/initialized JSVirtualMachine objects to 
      the global cache of virtual machines. The init methods handle this now rather than contextWithGlobalContextRef, since 
      not everyone is guaranteed to use the latter.
      (-[JSContext initWithGlobalContextRef:]):
      (+[JSContext contextWithGlobalContextRef:]):
      * API/JSManagedValue.h: Added.
      * API/JSManagedValue.mm: Added.
      (JSManagedValueHandleOwner):
      (managedValueHandleOwner):
      (+[JSManagedValue weakValueWithValue:]):
      (+[JSManagedValue managedValueWithValue:owner:]):
      (-[JSManagedValue init]): We explicitly call the ARC entrypoints to initialize/get the weak owner field since we don't 
      use ARC when building our framework.
      (-[JSManagedValue initWithValue:]):
      (-[JSManagedValue initWithValue:owner:]):
      (-[JSManagedValue dealloc]):
      (-[JSManagedValue value]):
      (-[JSManagedValue weakOwner]):
      (JSManagedValueHandleOwner::isReachableFromOpaqueRoots): If the Objective-C owner is still alive (i.e. loading the weak field
      returns non-nil) and that value was added to the set of opaque roots by the wrapper for that Objective-C owner, then the the 
      JSObject to which the JSManagedObject refers is still alive.
      * API/JSObjectRef.cpp: We have to add explicit checks for the JSAPIWrapperObject, just like the other types of JSCallbackObjects.
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValue.mm:
      (objectToValueWithoutCopy):
      * API/JSValueRef.cpp:
      (JSValueIsObjectOfClass):
      * API/JSVirtualMachine.mm:
      (-[JSVirtualMachine initWithContextGroupRef:]):
      (+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
      * API/JSWrapperMap.mm:
      (wrapperFinalize):
      (makeWrapper): This is our own internal version of JSObjectMake which creates JSAPIWrapperObjects, the Obj-C API 
      version of JSCallbackObjects.
      (createObjectWithCustomBrand):
      (-[JSObjCClassInfo wrapperForObject:]):
      (tryUnwrapObjcObject):
      * API/JavaScriptCore.h:
      * API/tests/testapi.mm: Added new tests for the strong and weak uses of JSManagedValue in the context of an 
      onclick handler for an Objective-C object inserted into a JSContext.
      (-[TextXYZ setWeakOnclick:]):
      (-[TextXYZ setOnclick:]):
      (-[TextXYZ weakOnclick]):
      (-[TextXYZ onclick]):
      (-[TextXYZ click]):
      * CMakeLists.txt: Various build system additions.
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSGlobalObject.cpp: Added the new canonical Structure for the JSAPIWrapperObject class.
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::objcWrapperObjectStructure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145119 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      db731edf
  13. 06 Mar, 2013 3 commits
    • oliver@apple.com's avatar
      Bring back eager resolution of function scoped variables · 75f804e0
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=111497
      
      Reviewed by Geoffrey Garen.
      
      This reverts the get/put_scoped_var part of the great non-local
      variable resolution refactoring.  This still leaves all the lazy
      variable resolution logic as it's necessary for global property
      resolution, and i don't want to make the patch bigger than it
      already is.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC):
      (UnlinkedFunctionExecutable):
      (UnlinkedCodeBlock):
      (JSC::UnlinkedCodeBlock::usesGlobalObject):
      (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
      (JSC::UnlinkedCodeBlock::globalObjectRegister):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::emitLoadGlobalObject):
      (JSC):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::ResolveResult::lexicalResolve):
      (JSC::ResolveResult::isStatic):
      (JSC::ResolveResult::depth):
      (JSC::ResolveResult::index):
      (ResolveResult):
      (JSC::ResolveResult::ResolveResult):
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ResolveNode::isPure):
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixNode::emitResolve):
      (JSC::TypeOfResolveNode::emitBytecode):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::debugFail):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      (JSC::DFG::canInlineOpcode):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      * jit/JIT.h:
      (JIT):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC):
      (JSC::JIT::emit_op_put_scoped_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC):
      (JSC::JIT::emit_op_put_scoped_var):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      * runtime/CodeCache.h:
      (JSC):
      (CodeCache):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145000 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      75f804e0
    • akling@apple.com's avatar
      Pack Structure members better. · b76b00bd
      akling@apple.com authored
      <http://webkit.org/b/111593>
      <rdar://problem/13359200>
      
      Reviewed by Mark Hahnenberg.
      
      Shrink Structure by 8 bytes (now at 104 bytes) on 64-bit by packing the members better.
      
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      * runtime/Structure.h:
      (Structure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b76b00bd
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 85b26820
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Geoffrey Garen.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      This time it should stick; I've been through all the tests with COLLECT_ON_EVERY_ALLOCATION.
      The issue with the last version was that Structure::m_offset could be used uninitialized
      when re-materializing a previously GC'd property table, causing some sanity checks to fail.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
          Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
          Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
          zaps the property table.
      
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureInlines.h:
      (JSC::Structure::propertyTable):
      
          Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
          Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
          Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
      
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      
          Added for setting up the property table in a new transition, this code is now shared between
          addPropertyTransition() and nonPropertyTransition().
      
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
          Add a global propertyTableStructure.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
          Make PropertyTable a GC object.
      
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::checkConsistency):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144910 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85b26820
  14. 05 Mar, 2013 1 commit
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r144708. · 0c94dc67
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/144708
      https://bugs.webkit.org/show_bug.cgi?id=111447
      
      random assertion crashes in inspector tests on qt+mac bots
      (Requested by kling on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-03-05
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::visitChildren):
      (JSC::Structure::checkConsistency):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144767 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0c94dc67
  15. 04 Mar, 2013 2 commits
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 9f23adb0
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Geoffrey Garen.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
          Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
          Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
          zaps the property table.
      
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureInlines.h:
      (JSC::Structure::propertyTable):
      
          Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
          Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
          Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
      
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
          Add a global propertyTableStructure.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
          Make PropertyTable a GC object.
      
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::checkConsistency):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144708 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9f23adb0
    • akling@apple.com's avatar
      Add simple vector traits for JSC::Identifier. · e6089391
      akling@apple.com authored
      <http://webkit.org/b/111323>
      
      Reviewed by Geoffrey Garen.
      
      Identifiers are really just Strings, giving them simple vector traits makes
      Vector move them with memcpy() instead of churning the refcounts.
      
      * runtime/Identifier.h:
      (WTF):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144641 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e6089391
  16. 03 Mar, 2013 1 commit
  17. 26 Feb, 2013 4 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r144074. · a5683e34
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/144074
      https://bugs.webkit.org/show_bug.cgi?id=110897
      
      Causing 20+ crashes on Mac (Requested by bradee-oh on
      #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-26
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144113 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a5683e34
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 1c5bd24a
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Filip Pizlo.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/StructureInlines.h:
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      (Structure):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144074 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c5bd24a
    • akling@apple.com's avatar
      Unreviewed, rolling out r144054. · f9f6d217
      akling@apple.com authored
      http://trac.webkit.org/changeset/144054
      https://bugs.webkit.org/show_bug.cgi?id=110854
      
      broke builds
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f9f6d217
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 11193c50
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Filip Pizlo.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/StructureInlines.h:
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      (Structure):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144054 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      11193c50
  18. 25 Feb, 2013 2 commits