1. 29 Sep, 2013 3 commits
  2. 28 Sep, 2013 2 commits
  3. 27 Sep, 2013 1 commit
  4. 26 Sep, 2013 14 commits
    • akling@apple.com's avatar
      GetterSetter construction should take a VM instead of ExecState. · 8370dec1
      akling@apple.com authored
      <https://webkit.org/b/121993>
      
      Reviewed by Sam Weinig.
      
      Pass VM& instead of ExecState* to GetterSetter. Updated surrounding
      code at touched sites to cache VM in a local for fewer loads.
      
      JSC release binary size -= 4120 bytes.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156521 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8370dec1
    • oliver@apple.com's avatar
      2013-09-25 Oliver Hunt <oliver@apple.com> · f1ae6d11
      oliver@apple.com authored
              Implement prefixed-destructuring assignment
              https://bugs.webkit.org/show_bug.cgi?id=121930
      
              Reviewed by Mark Hahnenberg.
      
              Relanding with fix after rollout
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156514 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f1ae6d11
    • msaboff@apple.com's avatar
      VirtualRegister should be a class · 62aa8b77
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121732
      
      Reviewed by Geoffrey Garen.
      
      This is a refactoring change.  Changed VirtualRegister from an enum to a class.
      Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
      and the similar functions for locals to VirtualRegister class.
      
      This is in preparation for changing the offset for the first local register from
      0 to -1.  This is needed since most native calling conventions have the architected
      frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
      pointer.  Local values start below that address.
      
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      * bytecode/MethodOfGettingAValueProfile.cpp:
      * bytecode/Operands.h:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecode/UnlinkedCodeBlock.h:
      * bytecode/ValueRecovery.h:
      * bytecode/VirtualRegister.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * bytecompiler/BytecodeGenerator.h:
      * bytecompiler/RegisterID.h:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGAbstractHeap.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      * dfg/DFGArgumentPosition.h:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      * dfg/DFGCapabilities.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCode.cpp:
      * dfg/DFGNode.h:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGScoreBoard.h:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGValidate.cpp:
      * dfg/DFGValueRecoveryOverride.h:
      * dfg/DFGVariableAccessData.h:
      * dfg/DFGVariableEvent.h:
      * dfg/DFGVariableEventStream.cpp:
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      * ftl/FTLExitArgumentForOperand.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLLowerDFGToLLVM.cpp:
      * ftl/FTLOSREntry.cpp:
      * ftl/FTLOSRExit.cpp:
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * jit/AssemblyHelpers.h:
      * jit/JIT.h:
      * jit/JITCall.cpp:
      * jit/JITCall32_64.cpp:
      * jit/JITInlines.h:
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITPropertyAccess32_64.cpp:
      * jit/JITStubs.cpp:
      * llint/LLIntSlowPaths.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * runtime/CommonSlowPaths.cpp:
      * runtime/JSActivation.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156511 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62aa8b77
    • andersca@apple.com's avatar
      Source/JavaScriptCore: Work around another MSVC bug. · fe416bb9
      andersca@apple.com authored
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      
      Source/WTF: Build fixes.
      
      Fix a paste-o.
      
      * wtf/StdLibExtras.h:
      (std::make_unique):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156505 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fe416bb9
    • akling@apple.com's avatar
      Pass VM instead of ExecState to many finishCreation() functions. · 22558063
      akling@apple.com authored
      <https://webkit.org/b/121975>
      
      Reviewed by Sam Weinig.
      
      Reduce unnecessary loads by passing the VM to object creation
      functions that don't need the ExecState.
      
      There are tons of opportunities in this area, I'm just scratching
      the surface.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156498 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      22558063
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r156464 and r156480. · c68e9807
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/156464
      http://trac.webkit.org/changeset/156480
      https://bugs.webkit.org/show_bug.cgi?id=121981
      
      Leaking too much and killi
      ng buildbot. (Requested by xenon on
      #webkit).
      
      Source/JavaScriptCore:
      
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedFunctionExecutable::paramString):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::emitExpressionInfo):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ForInNode::emitBytecode):
      (JSC::FuncExprNode::emitBytecode):
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::createFormalParameterList):
      (JSC::ASTBuilder::createForInLoop):
      (JSC::ASTBuilder::addVar):
      * parser/NodeConstructors.h:
      (JSC::CommaNode::CommaNode):
      (JSC::ParameterNode::ParameterNode):
      (JSC::ForInNode::ForInNode):
      * parser/Nodes.cpp:
      (JSC::FunctionParameters::create):
      (JSC::FunctionParameters::FunctionParameters):
      (JSC::FunctionParameters::~FunctionParameters):
      * parser/Nodes.h:
      (JSC::CommaNode::append):
      (JSC::ParameterNode::ident):
      (JSC::FunctionParameters::at):
      (JSC::FunctionParameters::identifiers):
      * parser/Parser.cpp:
      (JSC::::Parser):
      (JSC::::parseVarDeclaration):
      (JSC::::parseVarDeclarationList):
      (JSC::::parseForStatement):
      (JSC::::parseFormalParameters):
      (JSC::::parseAssignmentExpression):
      * parser/Parser.h:
      (JSC::Scope::declareParameter):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::createFormalParameterList):
      (JSC::SyntaxChecker::createForInLoop):
      (JSC::SyntaxChecker::operatorStackPop):
      * runtime/JSONObject.cpp:
      * runtime/JSONObject.h:
      
      LayoutTests:
      
      * js/destructuring-assignment-expected.txt: Removed.
      * js/destructuring-assignment.html: Removed.
      * js/mozilla/strict/13.1-expected.txt:
      * js/mozilla/strict/regress-532254-expected.txt:
      * js/mozilla/strict/script-tests/13.1.js:
      * js/regress/destructuring-arguments-expected.txt: Removed.
      * js/regress/destructuring-arguments-length-expected.txt: Removed.
      * js/regress/destructuring-arguments-length.html: Removed.
      * js/regress/destructuring-arguments.html: Removed.
      * js/regress/destructuring-swap-expected.txt: Removed.
      * js/regress/destructuring-swap.html: Removed.
      * js/regress/script-tests/destructuring-arguments-length.js: Removed.
      * js/regress/script-tests/destructuring-arguments.js: Removed.
      * js/regress/script-tests/destructuring-swap.js: Removed.
      * js/script-tests/destructuring-assignment.js: Removed.
      * sputnik/Conformance/13_Function_Definition/S13_A5.html:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156497 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c68e9807
    • andersca@apple.com's avatar
      Change a couple of HashMap value types from OwnPtr to std::unique_ptr · 2a6c489f
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121973
      
      Reviewed by Andreas Kling.
      
      Source/JavaScriptCore:
      
      * API/JSClassRef.cpp:
      (OpaqueJSClassContextData::OpaqueJSClassContextData):
      (OpaqueJSClass::contextData):
      * API/JSClassRef.h:
      * bytecode/SamplingTool.h:
      * ftl/FTLAbstractHeap.h:
      * parser/Parser.cpp:
      (JSC::::parseFunctionInfo):
      * parser/SourceProviderCache.cpp:
      (JSC::SourceProviderCache::add):
      * parser/SourceProviderCache.h:
      * parser/SourceProviderCacheItem.h:
      (JSC::SourceProviderCacheItem::create):
      * profiler/ProfilerCompilation.cpp:
      (JSC::Profiler::Compilation::executionCounterFor):
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompilation.h:
      * runtime/JSGlobalObject.h:
      
      Source/WTF:
      
      * wtf/RefPtrHashMap.h:
      Add a missing std::forward.
      
      * wtf/StdLibExtras.h:
      (std::make_unique):
      Add more overloads.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156492 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2a6c489f
    • andersca@apple.com's avatar
      Stop using PassWeak · c21b1344
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121968
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore:
      
      * heap/Weak.h:
      Remove all knowledge of PassWeak.
      
      (JSC::Weak::Weak):
      These constructors don't need to be explicit.
      
      * heap/WeakInlines.h:
      (JSC::weakAdd):
      Change Value to be an rvalue reference and use std::forward.
      
      * jit/JITThunks.cpp:
      (JSC::JITThunks::hostFunctionStub):
      Remove PassWeak.
      
      * runtime/RegExpCache.cpp:
      (JSC::RegExpCache::lookupOrCreate):
      Use Weak instead of PassWeak.
      
      * runtime/SimpleTypedArrayController.cpp:
      Change add and set to take Weak by value and std::move into place.
      
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::get):
      (JSC::WeakGCMap::set):
      (JSC::WeakGCMap::add):
      
      Source/WebCore:
      
      Update for JavaScriptCore changes.
      
      * bindings/js/JSDOMBinding.h:
      (WebCore::setInlineCachedWrapper):
      (WebCore::cacheWrapper):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::JSEventListener):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::setWrapper):
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSMutationCallback.cpp:
      (WebCore::JSMutationCallback::JSMutationCallback):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::JSNodeFilterCondition):
      * bindings/js/ScriptWrappableInlines.h:
      (WebCore::ScriptWrappable::setWrapper):
      * bindings/js/WebCoreTypedArrayController.cpp:
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::addRuntimeObject):
      
      Source/WebKit2:
      
      Update for JavaScriptCore changes.
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::getOrCreateJSObject):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156487 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c21b1344
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r156474. · bf43ed96
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/156474
      https://bugs.webkit.org/show_bug.cgi?id=121966
      
      Broke the builds. (Requested by xenon on #webkit).
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::registerName):
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::nameForRegister):
      * bytecode/CodeBlock.h:
      (JSC::unmodifiedArgumentsRegister):
      (JSC::CodeBlock::isKnownNotImmediate):
      (JSC::CodeBlock::setThisRegister):
      (JSC::CodeBlock::thisRegister):
      (JSC::CodeBlock::setArgumentsRegister):
      (JSC::CodeBlock::argumentsRegister):
      (JSC::CodeBlock::uncheckedArgumentsRegister):
      (JSC::CodeBlock::setActivationRegister):
      (JSC::CodeBlock::activationRegister):
      (JSC::CodeBlock::uncheckedActivationRegister):
      (JSC::CodeBlock::usesArguments):
      (JSC::CodeBlock::isCaptured):
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
      (JSC::LazyOperandValueProfileKey::operator!):
      (JSC::LazyOperandValueProfileKey::hash):
      (JSC::LazyOperandValueProfileKey::operand):
      (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
      (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
      * bytecode/MethodOfGettingAValueProfile.cpp:
      (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/Operands.h:
      (JSC::localToOperand):
      (JSC::operandIsLocal):
      (JSC::operandToLocal):
      (JSC::operandIsArgument):
      (JSC::operandToArgument):
      (JSC::argumentToOperand):
      (JSC::Operands::operand):
      (JSC::Operands::hasOperand):
      (JSC::Operands::setOperand):
      (JSC::Operands::operandForIndex):
      (JSC::Operands::setOperandFirstTime):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedCodeBlock::setThisRegister):
      (JSC::UnlinkedCodeBlock::setActivationRegister):
      (JSC::UnlinkedCodeBlock::setArgumentsRegister):
      (JSC::UnlinkedCodeBlock::usesArguments):
      (JSC::UnlinkedCodeBlock::argumentsRegister):
      (JSC::UnlinkedCodeBlock::usesGlobalObject):
      (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
      (JSC::UnlinkedCodeBlock::globalObjectRegister):
      (JSC::UnlinkedCodeBlock::thisRegister):
      (JSC::UnlinkedCodeBlock::activationRegister):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * bytecode/VirtualRegister.h:
      (WTF::printInternal):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate):
      (JSC::BytecodeGenerator::addVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
      (JSC::BytecodeGenerator::newRegister):
      (JSC::BytecodeGenerator::emitLoadGlobalObject):
      (JSC::BytecodeGenerator::emitGetArgumentsLength):
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::createArgumentsIfNecessary):
      (JSC::BytecodeGenerator::emitReturn):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::registerFor):
      * bytecompiler/RegisterID.h:
      (JSC::RegisterID::RegisterID):
      (JSC::RegisterID::setIndex):
      (JSC::RegisterID::index):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::thisObject):
      * dfg/DFGAbstractHeap.h:
      (JSC::DFG::AbstractHeap::Payload::Payload):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      (JSC::DFG::::clobberCapturedVars):
      * dfg/DFGArgumentPosition.h:
      (JSC::DFG::ArgumentPosition::dump):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::newVariableAccessData):
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::setDirect):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
      (JSC::DFG::ByteCodeParser::findArgumentPosition):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::getToInt32):
      (JSC::DFG::ByteCodeParser::getThis):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitFunctionChecks):
      (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedActivationRegisterFor):
      (JSC::DFG::Graph::valueProfileFor):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (JSC::DFG::Node::hasVirtualRegister):
      (JSC::DFG::Node::virtualRegister):
      (JSC::DFG::Node::setVirtualRegister):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      (JSC::DFG::OSREntrypointCreationPhase::run):
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGRegisterBank.h:
      (JSC::DFG::RegisterBank::tryAllocate):
      (JSC::DFG::RegisterBank::allocateSpecific):
      (JSC::DFG::RegisterBank::retain):
      (JSC::DFG::RegisterBank::isInUse):
      (JSC::DFG::RegisterBank::dump):
      (JSC::DFG::RegisterBank::releaseAtIndex):
      (JSC::DFG::RegisterBank::allocateInternal):
      (JSC::DFG::RegisterBank::MapEntry::MapEntry):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::allocate):
      (JSC::DFG::ScoreBoard::use):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::checkConsistency):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::allocate):
      (JSC::DFG::SpeculativeJIT::fprAllocate):
      (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
      (JSC::DFG::SpeculativeJIT::flushRegisters):
      (JSC::DFG::SpeculativeJIT::isFlushed):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
      (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
      (JSC::DFG::SpeculativeJIT::setNodeForOperand):
      (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::validateCPS):
      (JSC::DFG::Validate::checkOperand):
      (JSC::DFG::Validate::reportValidationContext):
      * dfg/DFGValueRecoveryOverride.h:
      (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::operand):
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
      (JSC::DFG::VariableAccessData::flushFormat):
      * dfg/DFGVariableEvent.h:
      (JSC::DFG::VariableEvent::spill):
      (JSC::DFG::VariableEvent::setLocal):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLExitArgumentForOperand.h:
      (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
      (JSC::FTL::ExitArgumentForOperand::operand):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
      (JSC::FTL::LowerDFGToLLVM::observeMovHint):
      (JSC::FTL::LowerDFGToLLVM::addressFor):
      (JSC::FTL::LowerDFGToLLVM::payloadFor):
      (JSC::FTL::LowerDFGToLLVM::tagFor):
      * ftl/FTLOSREntry.cpp:
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSRExit.cpp:
      (JSC::FTL::OSRExit::convertToForward):
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      (JSC::unwindCallFrame):
      (JSC::Interpreter::unwind):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::addressFor):
      (JSC::AssemblyHelpers::tagFor):
      (JSC::AssemblyHelpers::payloadFor):
      (JSC::AssemblyHelpers::argumentsRegisterFor):
      * jit/JIT.h:
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITInlines.h:
      (JSC::JIT::emitGetVirtualRegister):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_tear_off_arguments):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_enter):
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_enter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::argumentsGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bf43ed96
    • andersca@apple.com's avatar
      WeakGCMap should not inherit from HashMap · e4b2dd9c
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121964
      
      Reviewed by Geoffrey Garen.
      
      Add the HashMap as a member variable instead and implement the missing member functions.
      
      * runtime/WeakGCMap.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156476 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e4b2dd9c
    • msaboff@apple.com's avatar
      VirtualRegister should be a class · 1796ad0f
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121732
      
      Reviewed by Geoffrey Garen.
      
      This is a refactoring change.  Changed VirtualRegister from an enum to a class.
      Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
      and the similar functions for locals to VirtualRegister class.
      
      This is in preparation for changing the offset for the first local register from
      0 to -1.  This is needed since most native calling conventions have the architected
      frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
      pointer.  Local values start below that address.
      
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      * bytecode/MethodOfGettingAValueProfile.cpp:
      * bytecode/Operands.h:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecode/UnlinkedCodeBlock.h:
      * bytecode/ValueRecovery.h:
      * bytecode/VirtualRegister.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * bytecompiler/BytecodeGenerator.h:
      * bytecompiler/RegisterID.h:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGAbstractHeap.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      * dfg/DFGArgumentPosition.h:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      * dfg/DFGCapabilities.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCode.cpp:
      * dfg/DFGNode.h:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGScoreBoard.h:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGValidate.cpp:
      * dfg/DFGValueRecoveryOverride.h:
      * dfg/DFGVariableAccessData.h:
      * dfg/DFGVariableEvent.h:
      * dfg/DFGVariableEventStream.cpp:
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      * ftl/FTLExitArgumentForOperand.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLLowerDFGToLLVM.cpp:
      * ftl/FTLOSREntry.cpp:
      * ftl/FTLOSRExit.cpp:
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * jit/AssemblyHelpers.h:
      * jit/JIT.h:
      * jit/JITCall.cpp:
      * jit/JITInlines.h:
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITStubs.cpp:
      * llint/LLIntSlowPaths.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * runtime/CommonSlowPaths.cpp:
      * runtime/JSActivation.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156474 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1796ad0f
    • andersca@apple.com's avatar
      Weak should have a move constructor and move assignment operator · b366a0c2
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121963
      
      Reviewed by Oliver Hunt.
      
      This is the first step towards getting rid of PassWeak.
      
      * API/JSClassRef.cpp:
      (OpaqueJSClass::prototype):
      * heap/Weak.h:
      * heap/WeakInlines.h:
      (JSC::::Weak):
      (JSC::::leakImpl):
      * runtime/SimpleTypedArrayController.cpp:
      (JSC::SimpleTypedArrayController::toJS):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b366a0c2
    • mhahnenberg@apple.com's avatar
      op_to_this shouldn't use value profiling · c5684714
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121920
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Currently it's the only opcode that uses m_singletonValue, which is unnecessary. Our current plan is
      to remove m_singletonValue so that GenGC can have a simpler story for handling CodeBlocks/FunctionExecutables
      during nursery collections.
      
      This patch adds an inline cache for the Structure of to_this so it no longer depends on the ValueProfile's
      m_singletonValue. Since nobody uses m_singletonValue now, this patch also removes m_singletonValue from
      ValueProfile.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC::CodeBlock::updateAllValueProfilePredictions):
      (JSC::CodeBlock::updateAllPredictions):
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::updateAllValueProfilePredictions):
      (JSC::CodeBlock::updateAllPredictions):
      * bytecode/LazyOperandValueProfile.cpp:
      (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
      * bytecode/LazyOperandValueProfile.h:
      * bytecode/ValueProfile.h:
      (JSC::ValueProfileBase::ValueProfileBase):
      (JSC::ValueProfileBase::briefDescription):
      (JSC::ValueProfileBase::dump):
      (JSC::ValueProfileBase::computeUpdatedPrediction):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_to_this):
      (JSC::JIT::emitSlow_op_to_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_to_this):
      (JSC::JIT::emitSlow_op_to_this):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      
      LayoutTests:
      
      Updated a couple tests that waited for two DFG compiles, but with this patch we
      don't do two compiles any more, so we don't want to wait forever.
      
      * js/script-tests/dfg-convert-this-polymorphic-object-then-exit-on-other.js:
      * js/script-tests/dfg-convert-this-polymorphic-object-then-exit-on-string.js:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156468 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c5684714
    • oliver@apple.com's avatar
      Implement prefixed-destructuring assignment · aeca5dcd
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121930
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore:
      
      This is mostly simple - the semantics of deconstruction are already
      present in the language, so most of the complexity (if you call it
      that) is addition of new AST nodes, and parsing the syntax.
      
      In order to get correct semantics for the parameter lists, FunctionParameters
      now needs to store refcounted references to the parameter patterns.
      There's also a little work to ensure that variable creation and assignment
      occurs in the correct order while the BytecodeGenerator is being constructed.
      
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedFunctionExecutable::paramString):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::emitExpressionInfo):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ForInNode::emitBytecode):
      (JSC::DeconstructingAssignmentNode::emitBytecode):
      (JSC::DeconstructionPatternNode::~DeconstructionPatternNode):
      (JSC::ArrayPatternNode::emitBytecode):
      (JSC::ArrayPatternNode::emitDirectBinding):
      (JSC::ArrayPatternNode::toString):
      (JSC::ArrayPatternNode::collectBoundIdentifiers):
      (JSC::ObjectPatternNode::toString):
      (JSC::ObjectPatternNode::emitBytecode):
      (JSC::ObjectPatternNode::collectBoundIdentifiers):
      (JSC::BindingNode::emitBytecode):
      (JSC::BindingNode::toString):
      (JSC::BindingNode::collectBoundIdentifiers):
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::createFormalParameterList):
      (JSC::ASTBuilder::createForInLoop):
      (JSC::ASTBuilder::addVar):
      (JSC::ASTBuilder::createDeconstructingAssignment):
      (JSC::ASTBuilder::createArrayPattern):
      (JSC::ASTBuilder::appendArrayPatternSkipEntry):
      (JSC::ASTBuilder::appendArrayPatternEntry):
      (JSC::ASTBuilder::createObjectPattern):
      (JSC::ASTBuilder::appendObjectPatternEntry):
      (JSC::ASTBuilder::createBindingLocation):
      * parser/NodeConstructors.h:
      (JSC::CommaNode::CommaNode):
      (JSC::ParameterNode::ParameterNode):
      (JSC::ForInNode::ForInNode):
      (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
      (JSC::ArrayPatternNode::ArrayPatternNode):
      (JSC::ArrayPatternNode::create):
      (JSC::ObjectPatternNode::ObjectPatternNode):
      (JSC::ObjectPatternNode::create):
      (JSC::BindingNode::create):
      (JSC::BindingNode::BindingNode):
      (JSC::DeconstructingAssignmentNode::DeconstructingAssignmentNode):
      * parser/Nodes.cpp:
      (JSC::FunctionParameters::create):
      (JSC::FunctionParameters::FunctionParameters):
      (JSC::FunctionParameters::~FunctionParameters):
      * parser/Nodes.h:
      (JSC::ExpressionNode::isDeconstructionNode):
      (JSC::ArrayNode::elements):
      (JSC::CommaNode::append):
      (JSC::ParameterNode::pattern):
      (JSC::FunctionParameters::at):
      (JSC::FunctionParameters::patterns):
      (JSC::DeconstructionPatternNode::isBindingNode):
      (JSC::DeconstructionPatternNode::emitDirectBinding):
      (JSC::ArrayPatternNode::appendIndex):
      (JSC::ObjectPatternNode::appendEntry):
      (JSC::ObjectPatternNode::Entry::Entry):
      (JSC::BindingNode::boundProperty):
      (JSC::BindingNode::isBindingNode):
      (JSC::DeconstructingAssignmentNode::bindings):
      (JSC::DeconstructingAssignmentNode::isLocation):
      (JSC::DeconstructingAssignmentNode::isDeconstructionNode):
      * parser/Parser.cpp:
      (JSC::::Parser):
      (JSC::::parseVarDeclaration):
      (JSC::::parseVarDeclarationList):
      (JSC::::createBindingPattern):
      (JSC::::parseDeconstructionPattern):
      (JSC::::parseForStatement):
      (JSC::::parseFormalParameters):
      (JSC::::parseAssignmentExpression):
      * parser/Parser.h:
      (JSC::Scope::declareBoundParameter):
      (JSC::Parser::declareBoundParameter):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::createFormalParameterList):
      (JSC::SyntaxChecker::addVar):
      (JSC::SyntaxChecker::operatorStackPop):
      * runtime/JSONObject.cpp:
      (JSC::escapeStringToBuilder):
      * runtime/JSONObject.h:
      
      LayoutTests:
      
      Add enw tests, and update old ones.
      
      * js/destructuring-assignment-expected.txt: Added.
      * js/destructuring-assignment.html: Added.
      * js/mozilla/strict/13.1-expected.txt:
      * js/mozilla/strict/regress-532254-expected.txt:
      * js/mozilla/strict/script-tests/13.1.js:
      * js/regress/destructuring-arguments-expected.txt: Added.
      * js/regress/destructuring-arguments-length-expected.txt: Added.
      * js/regress/destructuring-arguments-length.html: Added.
      * js/regress/destructuring-arguments.html: Added.
      * js/regress/destructuring-swap-expected.txt: Added.
      * js/regress/destructuring-swap.html: Added.
      * js/regress/script-tests/destructuring-arguments-length.js: Added.
      (foo):
      * js/regress/script-tests/destructuring-arguments.js: Added.
      (foo):
      * js/regress/script-tests/destructuring-swap.js: Added.
      (foo):
      * js/script-tests/destructuring-assignment.js: Added.
      (testDestructuring):
      (testDeconstructArgs):
      (testDeconstructArgLength):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156464 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aeca5dcd
  5. 24 Sep, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      op_get_callee shouldn't use value profiling · 5f2e70b5
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121821
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      Currently it's one of the two opcodes that uses m_singletonValue, which is unnecessary. 
      Our current plan is to remove m_singletonValue so that GenGC can have a simpler story 
      for handling CodeBlocks/FunctionExecutables during nursery collections.
      
      Instead of using a ValueProfile op_get_callee now has a simple inline cache of the most 
      recent JSFunction that we saw.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitCreateThis):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_get_callee):
      (JSC::JIT::emitSlow_op_get_callee):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_get_callee):
      (JSC::JIT::emitSlow_op_get_callee):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      
      LayoutTests: 
      
      Added two tests to make sure we didn't regress the performance of op_get_callee.
      
      * js/regress/get_callee_monomorphic-expected.txt: Added.
      * js/regress/get_callee_monomorphic.html: Added.
      * js/regress/get_callee_polymorphic-expected.txt: Added.
      * js/regress/get_callee_polymorphic.html: Added.
      * js/regress/script-tests/get_callee_monomorphic.js: Added.
      * js/regress/script-tests/get_callee_polymorphic.js: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156376 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5f2e70b5
  6. 21 Sep, 2013 3 commits
    • fpizlo@apple.com's avatar
      Interpreter::unwind() has no need for the bytecodeOffset · f825bf66
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121755
      
      Reviewed by Oliver Hunt.
              
      It was only using the bytecodeOffset for some debugger stuff, but the debugger could
      just get the bytecodeOffset the same way the rest of the machinery does: by using the
      CallFrame's location.
              
      It turns out that a lot of really ugly code was in place just to supply this
      bytecodeOffset. This patch kills most of that code, and allows us to kill even more
      code in a future patch - though most likely that killage will involve further
      refactorings as well, see https://bugs.webkit.org/show_bug.cgi?id=121734.
      
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::bytecodeOffset):
      (JSC::CallFrame::codeOrigin):
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::unwind):
      * interpreter/Interpreter.h:
      * jit/JITExceptions.cpp:
      (JSC::genericUnwind):
      * jit/JITExceptions.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::cti_vm_handle_exception):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::doThrow):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPathsExceptions.cpp:
      (JSC::CommonSlowPaths::interpreterThrowInCaller):
      * runtime/CommonSlowPathsExceptions.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156242 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f825bf66
    • darin@apple.com's avatar
      Add ExecState::uncheckedArgument and use where possible to shrink a bit · d9b22137
      darin@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121750
      
      Reviewed by Andreas Kling.
      
      Source/JavaScriptCore:
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::uncheckedArgument): Added. Like argument, but with an
      assertion rather than a runtime check.
      
      * API/APICallbackFunction.h:
      (JSC::APICallbackFunction::call): Use uncheckedArgument because we are
      already in a loop over arguments, so don't need a range check.
      * API/JSCallbackConstructor.cpp:
      (JSC::constructJSCallback): Ditto.
      * API/JSCallbackObjectFunctions.h:
      (JSC::JSCallbackObject::construct): Ditto.
      (JSC::JSCallbackObject::call): Ditto.
      * jsc.cpp:
      (functionPrint): Ditto.
      (functionRun): Ditto.
      (functionSetSamplingFlags): Ditto.
      (functionClearSamplingFlags): Ditto.
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncConcat): Ditto.
      (JSC::arrayProtoFuncPush): Use uncheckedArgument because there is already
      code that explicitly checks argumentCount.
      (JSC::arrayProtoFuncSplice): Ditto.
      (JSC::arrayProtoFuncUnShift): Ditto.
      (JSC::arrayProtoFuncReduce): Ditto.
      (JSC::arrayProtoFuncReduceRight): Ditto.
      (JSC::arrayProtoFuncLastIndexOf): Ditto.
      * runtime/DatePrototype.cpp:
      (JSC::fillStructuresUsingTimeArgs): Ditto.
      (JSC::fillStructuresUsingDateArgs): Ditto.
      * runtime/JSArrayBufferConstructor.cpp:
      (JSC::constructArrayBuffer): Ditto.
      * runtime/JSArrayBufferPrototype.cpp:
      (JSC::arrayBufferProtoFuncSlice): Ditto.
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall): Ditto.
      (JSC::boundFunctionConstruct): Ditto.
      * runtime/JSDataViewPrototype.cpp:
      (JSC::getData): Ditto.
      (JSC::setData): Ditto.
      * runtime/JSGenericTypedArrayViewConstructorInlines.h:
      (JSC::constructGenericTypedArrayView): Ditto.
      * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
      (JSC::genericTypedArrayViewProtoFuncSet): Ditto.
      (JSC::genericTypedArrayViewProtoFuncSubarray): Ditto.
      * runtime/JSONObject.cpp:
      (JSC::JSONProtoFuncParse): Ditto.
      (JSC::JSONProtoFuncStringify): Ditto.
      * runtime/JSPromiseConstructor.cpp:
      (JSC::constructPromise): Ditto.
      (JSC::JSPromiseConstructorFuncFulfill): Ditto.
      (JSC::JSPromiseConstructorFuncResolve): Ditto.
      (JSC::JSPromiseConstructorFuncReject): Ditto.
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax): Ditto.
      (JSC::mathProtoFuncMin): Ditto.
      
      * runtime/NameConstructor.cpp:
      (JSC::constructPrivateName): Removed unneeded check of argumentCout
      that simply repeats what argument already does.
      * runtime/NativeErrorConstructor.cpp:
      (JSC::Interpreter::constructWithNativeErrorConstructor): Ditto.
      (JSC::Interpreter::callNativeErrorConstructor): Ditto.
      
      * runtime/NumberConstructor.cpp:
      (JSC::constructWithNumberConstructor): Use uncheckedArgument since
      there is already code that explicitly checks argument count.
      (JSC::callNumberConstructor): Ditto.
      
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorCreate): Small refactoring to not call argument(0)
      three times.
      
      * runtime/SetConstructor.cpp:
      (JSC::constructSet): Use uncheckedArgument since we are already in a loop
      over arguments.
      
      * runtime/StringConstructor.cpp:
      (JSC::stringFromCharCodeSlowCase): In a loop.
      (JSC::stringFromCharCode): Already checked count.
      (JSC::constructWithStringConstructor): Ditto.
      (JSC::callStringConstructor): Ditto.
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncConcat): Already checked count.
      * runtime/TestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles): Ditto.
      (JSC::setNeverInline): Ditto.
      
      Source/WebCore:
      
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::probablySupportsContext): Already checked count.
      (WebCore::JSHTMLCanvasElement::toDataURL): Ditto.
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::documentWrite): In a loop.
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::JSInjectedScriptHost::inspectedObject): Already checked count.
      (WebCore::JSInjectedScriptHost::internalConstructorName): Ditto.
      (WebCore::JSInjectedScriptHost::isHTMLAllCollection): Ditto.
      (WebCore::JSInjectedScriptHost::type): Ditto.
      (WebCore::JSInjectedScriptHost::functionDetails): Ditto.
      (WebCore::JSInjectedScriptHost::getEventListeners): Ditto.
      (WebCore::JSInjectedScriptHost::inspect): Ditto.
      (WebCore::JSInjectedScriptHost::databaseId): Ditto.
      (WebCore::JSInjectedScriptHost::storageId): Ditto.
      * bindings/js/JSSQLTransactionSyncCustom.cpp:
      (WebCore::JSSQLTransactionSync::executeSql): Ditto.
      * bindings/js/JSSVGLengthCustom.cpp:
      (WebCore::JSSVGLength::convertToSpecifiedUnits): Ditto.
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorkerConstructor::constructJSSharedWorker): Ditto.
      
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::getObjectParameter): Already checked count.
      (WebCore::JSWebGLRenderingContext::getAttachedShaders): Removed tortured code
      to triply do the checking that the toWebGLProgram function already does, including
      spurious exception checking in code that can't create an exception. Also count is
      already checked.
      (WebCore::JSWebGLRenderingContext::getExtension): More of the same.
      (WebCore::JSWebGLRenderingContext::getFramebufferAttachmentParameter): Ditto.
      (WebCore::JSWebGLRenderingContext::getParameter): Ditto.
      (WebCore::JSWebGLRenderingContext::getProgramParameter): Ditto.
      (WebCore::JSWebGLRenderingContext::getShaderParameter): Ditto.
      (WebCore::JSWebGLRenderingContext::getUniform): Ditto.
      (WebCore::dataFunctionf): Ditto.
      (WebCore::dataFunctioni): Ditto.
      (WebCore::dataFunctionMatrix): Ditto.
      
      * bindings/js/JSWorkerGlobalScopeCustom.cpp:
      (WebCore::JSWorkerGlobalScope::importScripts): In a loop.
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open): Already checked. Also removed some unneeded
      argument count checks.
      (WebCore::JSXMLHttpRequest::send): Removed unneeded special case for 0 argument
      count that does the same thing as the undefined case, since asking for an
      argument past the count yields undefined.
      
      * bindings/js/JSXSLTProcessorCustom.cpp:
      (WebCore::JSXSLTProcessor::setParameter): Already checked.
      (WebCore::JSXSLTProcessor::getParameter): Already checked.
      (WebCore::JSXSLTProcessor::removeParameter): Already checked.
      
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::ScheduledAction): In a loop.
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptArguments): Ditto.
      
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateParametersCheck): Removed some excess argumentCount checks.
      Used uncheckedArgument in a few places. More needs to be done, especially for
      overloaded functions.
      
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::invokeMethod): In a loop.
      (JSC::Bindings::CInstance::invokeDefaultMethod): Ditto.
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::invokeObjcMethod): Ditto.
      (ObjcInstance::invokeDefaultMethod): Ditto.
      
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      * bindings/scripts/test/JS/JSTestObj.cpp:
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      Updated.
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod): In a loop.
      (WebKit::JSNPObject::callObject): Ditto.
      (WebKit::JSNPObject::callConstructor): Ditto.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156240 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d9b22137
    • fpizlo@apple.com's avatar
      Get rid of IsInlinedCodeTag and its associated methods since it's unused · 71309443
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121737
      
      Source/JavaScriptCore: 
      
      Reviewed by Sam Weinig.
              
      This was meant to be easy, but I kept wondering if it was safe to remove the
      inline call frame check in Arguments::tearOff(). The check was clearly dead
      since the bit wasn't being set anywhere.
              
      It turns out that the unwindCallFrame() function was relying on tearOff()
      doing the right thing for inlined code, but it wasn't even passing it an
      inline call frame. I fixed this by having unwindCallFrame() inlining check,
      while also making sure that the code uses the right operand index for the
      arguments register.
      
      * interpreter/CallFrame.h:
      * interpreter/CallFrameInlines.h:
      * interpreter/Interpreter.cpp:
      (JSC::unwindCallFrame):
      * interpreter/StackVisitor.cpp:
      (JSC::StackVisitor::Frame::r):
      * interpreter/StackVisitor.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      
      LayoutTests: 
      
      Reviewed by Sam Weinig.
      
      * js/dfg-inline-arguments-capture-throw-exception-expected.txt: Added.
      * js/dfg-inline-arguments-capture-throw-exception.html: Added.
      * js/script-tests/dfg-inline-arguments-capture-throw-exception.js: Added.
      (foo):
      (bar):
      (makeF):
      (recurse):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156229 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      71309443
  7. 20 Sep, 2013 3 commits
    • mhahnenberg@apple.com's avatar
      (un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole · 40fcdef2
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121717
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      This bug caused the array to become corrupted. We now check for holes before we start moving things,
      and start moving things only once we've determined that there are none.
      
      * runtime/JSArray.cpp:
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      
      LayoutTests:
      
      Added test to make sure that splicing an array with holes works correctly.
      
      * js/array-splice-with-holes-expected.txt: Added.
      * js/array-splice-with-holes.html: Added.
      * js/script-tests/array-splice-with-holes.js: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156214 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      40fcdef2
    • fpizlo@apple.com's avatar
      Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them · cd8eb2c1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121637
      
      Rubber stamped by Michael Saboff.
              
      Also moved GPRInfo/FPRInfo into jit/. Rolling back in after fixing JIT-only build
      and tests.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAssemblyHelpers.cpp: Removed.
      * dfg/DFGAssemblyHelpers.h: Removed.
      * dfg/DFGBinarySwitch.h:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCCallHelpers.h: Removed.
      * dfg/DFGDisassembler.cpp:
      * dfg/DFGFPRInfo.h: Removed.
      * dfg/DFGGPRInfo.h: Removed.
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompilerCommon.h:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGRegisterSet.h:
      * dfg/DFGRepatch.cpp:
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGThunks.cpp:
      * dfg/DFGVariableEvent.cpp:
      * ftl/FTLCArgumentGetter.h:
      (JSC::FTL::CArgumentGetter::CArgumentGetter):
      (JSC::FTL::CArgumentGetter::loadNext8):
      (JSC::FTL::CArgumentGetter::loadNext32):
      (JSC::FTL::CArgumentGetter::loadNext64):
      (JSC::FTL::CArgumentGetter::loadNextPtr):
      (JSC::FTL::CArgumentGetter::loadNextDouble):
      * ftl/FTLCompile.cpp:
      * ftl/FTLExitThunkGenerator.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLThunks.cpp:
      * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
      * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
      (JSC::AssemblyHelpers::AssemblyHelpers):
      (JSC::AssemblyHelpers::debugCall):
      * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
      * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
      (WTF::printInternal):
      * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
      (WTF::printInternal):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::JSInterfaceJIT):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::linkForGenerator):
      (JSC::virtualForGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::arityFixup):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      (JSC::imulThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      * runtime/JSCJSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156184 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd8eb2c1
    • allan.jensen@digia.com's avatar
      Inline method exported · b941b0d1
      allan.jensen@digia.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121664
      
      Reviewed by Darin Adler.
      
      WatchDog::didFire() is marked as an exported symbol eventhough it is
      defined inline. This breaks the build on MinGW since it results in dllimport
      being declared on a definition.
      
      * runtime/Watchdog.h:
      (JSC::Watchdog::didFire):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156169 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b941b0d1
  8. 19 Sep, 2013 3 commits
    • bfulgham@apple.com's avatar
      Unreviewed, rolling out r156120. · 63eba56c
      bfulgham@apple.com authored
      http://trac.webkit.org/changeset/156120
      https://bugs.webkit.org/show_bug.cgi?id=121651
      
      Broke windows runtime and all tests (Requested by bfulgham on
      #webkit).
      
      Patch by Commit Queue <commit-queue@webkit.org> on 2013-09-19
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAssemblyHelpers.cpp: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.cpp.
      (JSC::DFG::AssemblyHelpers::executableFor):
      (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
      (JSC::DFG::AssemblyHelpers::setSamplingFlag):
      (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
      (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
      (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
      (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
      * dfg/DFGAssemblyHelpers.h: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.h.
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::codeBlock):
      (JSC::DFG::AssemblyHelpers::vm):
      (JSC::DFG::AssemblyHelpers::assembler):
      (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
      (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
      (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
      (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
      (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
      (JSC::DFG::AssemblyHelpers::branchIfNotCell):
      (JSC::DFG::AssemblyHelpers::addressFor):
      (JSC::DFG::AssemblyHelpers::tagFor):
      (JSC::DFG::AssemblyHelpers::payloadFor):
      (JSC::DFG::AssemblyHelpers::branchIfNotObject):
      (JSC::DFG::AssemblyHelpers::selectScratchGPR):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
      (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
      (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
      (JSC::DFG::AssemblyHelpers::boxDouble):
      (JSC::DFG::AssemblyHelpers::unboxDouble):
      (JSC::DFG::AssemblyHelpers::boxInt52):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      (JSC::DFG::AssemblyHelpers::emitCount):
      (JSC::DFG::AssemblyHelpers::globalObjectFor):
      (JSC::DFG::AssemblyHelpers::strictModeFor):
      (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
      (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
      (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
      (JSC::DFG::AssemblyHelpers::symbolTableFor):
      (JSC::DFG::AssemblyHelpers::offsetOfLocals):
      (JSC::DFG::AssemblyHelpers::offsetOfArgumentsIncludingThis):
      * dfg/DFGBinarySwitch.h:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCCallHelpers.h: Renamed from Source/JavaScriptCore/jit/CCallHelpers.h.
      (JSC::DFG::CCallHelpers::CCallHelpers):
      (JSC::DFG::CCallHelpers::resetCallArguments):
      (JSC::DFG::CCallHelpers::addCallArgument):
      (JSC::DFG::CCallHelpers::setupArguments):
      (JSC::DFG::CCallHelpers::setupArgumentsExecState):
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (JSC::DFG::CCallHelpers::setupTwoStubArgs):
      (JSC::DFG::CCallHelpers::setupStubArguments):
      (JSC::DFG::CCallHelpers::setupResults):
      * dfg/DFGDisassembler.cpp:
      * dfg/DFGFPRInfo.h: Renamed from Source/JavaScriptCore/jit/FPRInfo.h.
      (JSC::DFG::FPRInfo::toRegister):
      (JSC::DFG::FPRInfo::toIndex):
      (JSC::DFG::FPRInfo::toArgumentRegister):
      (JSC::DFG::FPRInfo::debugName):
      * dfg/DFGGPRInfo.h: Renamed from Source/JavaScriptCore/jit/GPRInfo.h.
      (JSC::DFG::JSValueRegs::JSValueRegs):
      (JSC::DFG::JSValueRegs::payloadOnly):
      (JSC::DFG::JSValueRegs::operator!):
      (JSC::DFG::JSValueRegs::gpr):
      (JSC::DFG::JSValueRegs::payloadGPR):
      (JSC::DFG::JSValueSource::JSValueSource):
      (JSC::DFG::JSValueSource::unboxedCell):
      (JSC::DFG::JSValueSource::operator!):
      (JSC::DFG::JSValueSource::isAddress):
      (JSC::DFG::JSValueSource::offset):
      (JSC::DFG::JSValueSource::base):
      (JSC::DFG::JSValueSource::gpr):
      (JSC::DFG::JSValueSource::asAddress):
      (JSC::DFG::JSValueSource::notAddress):
      (JSC::DFG::JSValueRegs::tagGPR):
      (JSC::DFG::JSValueSource::tagGPR):
      (JSC::DFG::JSValueSource::payloadGPR):
      (JSC::DFG::JSValueSource::hasKnownTag):
      (JSC::DFG::JSValueSource::tag):
      (JSC::DFG::GPRInfo::toRegister):
      (JSC::DFG::GPRInfo::toIndex):
      (JSC::DFG::GPRInfo::debugName):
      (JSC::DFG::GPRInfo::toArgumentRegister):
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompilerCommon.h:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGRegisterSet.h:
      * dfg/DFGRepatch.cpp:
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGThunks.cpp:
      * dfg/DFGVariableEvent.cpp:
      * ftl/FTLCArgumentGetter.h:
      (JSC::FTL::CArgumentGetter::CArgumentGetter):
      (JSC::FTL::CArgumentGetter::loadNext8):
      (JSC::FTL::CArgumentGetter::loadNext32):
      (JSC::FTL::CArgumentGetter::loadNext64):
      (JSC::FTL::CArgumentGetter::loadNextPtr):
      (JSC::FTL::CArgumentGetter::loadNextDouble):
      * ftl/FTLCompile.cpp:
      * ftl/FTLExitThunkGenerator.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLThunks.cpp:
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
      (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::linkForGenerator):
      (JSC::virtualForGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::arityFixup):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      (JSC::imulThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      * runtime/JSCJSValue.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      63eba56c
    • fpizlo@apple.com's avatar
      Unreviewed, fix Windows build. ScratchBuffer should always be available regardless of · 994f4bf8
      fpizlo@apple.com authored
      ENABLE_DFG_JIT.
      
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156123 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      994f4bf8
    • fpizlo@apple.com's avatar
      Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them · 620acab5
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121637
      
      Rubber stamped by Michael Saboff.
              
      Also moved GPRInfo/FPRInfo into jit/.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAssemblyHelpers.cpp: Removed.
      * dfg/DFGAssemblyHelpers.h: Removed.
      * dfg/DFGBinarySwitch.h:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCCallHelpers.h: Removed.
      * dfg/DFGDisassembler.cpp:
      * dfg/DFGFPRInfo.h: Removed.
      * dfg/DFGGPRInfo.h: Removed.
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompilerCommon.h:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGRegisterSet.h:
      * dfg/DFGRepatch.cpp:
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGThunks.cpp:
      * dfg/DFGVariableEvent.cpp:
      * ftl/FTLCArgumentGetter.h:
      (JSC::FTL::CArgumentGetter::CArgumentGetter):
      (JSC::FTL::CArgumentGetter::loadNext8):
      (JSC::FTL::CArgumentGetter::loadNext32):
      (JSC::FTL::CArgumentGetter::loadNext64):
      (JSC::FTL::CArgumentGetter::loadNextPtr):
      (JSC::FTL::CArgumentGetter::loadNextDouble):
      * ftl/FTLCompile.cpp:
      * ftl/FTLExitThunkGenerator.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLThunks.cpp:
      * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
      * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
      (JSC::AssemblyHelpers::AssemblyHelpers):
      (JSC::AssemblyHelpers::debugCall):
      * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
      * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
      (WTF::printInternal):
      * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
      (WTF::printInternal):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::JSInterfaceJIT):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::linkForGenerator):
      (JSC::virtualForGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::arityFixup):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      (JSC::imulThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      * runtime/JSCJSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156120 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      620acab5
  9. 18 Sep, 2013 6 commits
    • weinig@apple.com's avatar
      Replace use of OwnArrayPtr<Foo> with std::unique_ptr<Foo[]> in JavaScriptCore · 5c4dbc40
      weinig@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121583
      
      Reviewed by Anders Carlsson.
      
      * API/JSStringRefCF.cpp:
      (JSStringCreateWithCFString):
      * API/JSStringRefQt.cpp:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dumpDisassembly):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      (JSC::Arguments::isTornOff):
      (JSC::Arguments::allocateSlowArguments):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSSegmentedVariableObject.h:
      * runtime/JSVariableObject.h:
      * runtime/PropertyNameArray.h:
      * runtime/RegExp.cpp:
      * runtime/StructureChain.h:
      (JSC::StructureChain::finishCreation):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::setSlowArguments):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156079 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5c4dbc40
    • fpizlo@apple.com's avatar
      Give 'jsc' commandline an option to disable deleting the VM. · fd3d7775
      fpizlo@apple.com authored
      Reviewed by Mark Hahnenberg.
      
      * jsc.cpp:
      (jscmain):
      * runtime/Options.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156064 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fd3d7775
    • andersca@apple.com's avatar
      RefPtrHashMap should work with move only types · 1895f48b
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121564
      
      Reviewed by Andreas Kling.
      
      Source/JavaScriptCore:
      
      * runtime/VM.cpp:
      (JSC::VM::addSourceProviderCache):
      
      Source/WebCore:
      
      * bridge/IdentifierRep.cpp:
      (WebCore::IdentifierRep::get):
      * page/PageGroup.cpp:
      (WebCore::PageGroup::transientLocalStorage):
      
      Source/WebKit/mac:
      
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyInstance::methodNamed):
      (WebKit::ProxyInstance::fieldNamed):
      
      Source/WebKit2:
      
      * UIProcess/Storage/StorageManager.cpp:
      (WebKit::StorageManager::LocalStorageNamespace::getOrCreateStorageArea):
      (WebKit::StorageManager::SessionStorageNamespace::getOrCreateStorageArea):
      * WebProcess/Storage/StorageNamespaceImpl.cpp:
      (WebKit::StorageNamespaceImpl::storageArea):
      
      Source/WTF:
      
      Add the same rvalue references and std::forward calls that already exist in HashMap.
      
      * wtf/RefPtrHashMap.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1895f48b
    • fpizlo@apple.com's avatar
      DFG should support Int52 for local variables · 6921b29b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121064
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
      programs that have local int32 overflows but where a larger int representation can
      prevent us from having to convert all the way up to double.
              
      It's a small speed-up for now. But we're just supporting Int52 for a handful of
      operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
      the groundwork for adding Int52 to JSValue, which will probably be a bigger
      speed-up.
              
      The basic approach is:
              
      - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
        or HeapTop - i.e. it doesn't arise from JSValues.
              
      - DFG treats Int52 as being part of its FullTop and will treat it as being a
        subtype of double unless instructed otherwise.
              
      - Prediction propagator creates Int52s whenever we have a node going doubly but due
        to large values rather than fractional values, and that node is known to be able
        to produce Int52 natively in the DFG backend.
              
      - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
        to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
        input.
              
      - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
        are left-shifted by 16 (great for overflow checks) and ones that are
        sign-extended. Both backends know how to convert between Int52s and the other
        representations.
      
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::rshift64):
      (JSC::MacroAssemblerX86_64::mul64):
      (JSC::MacroAssemblerX86_64::branchMul64):
      (JSC::MacroAssemblerX86_64::branchNeg64):
      (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::imulq_rr):
      (JSC::X86Assembler::cvtsi2sdq_rr):
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      * bytecode/ExitKind.h:
      * bytecode/OperandsInlines.h:
      (JSC::::dumpInContext):
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromValue):
      * bytecode/SpeculatedType.h:
      (JSC::isInt32SpeculationForArithmetic):
      (JSC::isInt52Speculation):
      (JSC::isMachineIntSpeculationForArithmetic):
      (JSC::isInt52AsDoubleSpeculation):
      (JSC::isBytecodeRealNumberSpeculation):
      (JSC::isFullRealNumberSpeculation):
      (JSC::isBytecodeNumberSpeculation):
      (JSC::isFullNumberSpeculation):
      (JSC::isBytecodeNumberSpeculationExpectingDefined):
      (JSC::isFullNumberSpeculationExpectingDefined):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
      (JSC::ValueRecovery::inGPR):
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::isAlreadyInJSStack):
      (JSC::ValueRecovery::gpr):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAbstractInterpreter.h:
      (JSC::DFG::AbstractInterpreter::needsTypeCheck):
      (JSC::DFG::AbstractInterpreter::filterByType):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::checkConsistency):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::couldBeType):
      (JSC::DFG::AbstractValue::isType):
      (JSC::DFG::AbstractValue::checkConsistency):
      (JSC::DFG::AbstractValue::validateType):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::boxInt52):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGCommon.h:
      (JSC::DFG::enableInt52):
      * dfg/DFGDCEPhase.cpp:
      (JSC::DFG::DCEPhase::fixupBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      (JSC::DFG::FixupPhase::fixEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
      * dfg/DFGFlushFormat.cpp:
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h:
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::initInt52):
      (JSC::DFG::GenerationInfo::initStrictInt52):
      (JSC::DFG::GenerationInfo::isFormat):
      (JSC::DFG::GenerationInfo::isInt52):
      (JSC::DFG::GenerationInfo::isStrictInt52):
      (JSC::DFG::GenerationInfo::fillInt52):
      (JSC::DFG::GenerationInfo::fillStrictInt52):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addShouldSpeculateMachineInt):
      (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
      (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGMinifiedNode.h:
      (JSC::DFG::belongsInMinifiedGraph):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      (JSC::DFG::Node::canSpeculateInt52):
      * dfg/DFGNodeFlags.h:
      (JSC::DFG::nodeCanSpeculateInt52):
      * dfg/DFGNodeType.h:
      (JSC::DFG::permitsOSRBackwardRewiring):
      (JSC::DFG::forwardRewiringSelectionScore):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      (JSC::DFG::safeToExecute):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::speculateMachineInt):
      (JSC::DFG::SpeculativeJIT::speculateNumber):
      (JSC::DFG::SpeculativeJIT::speculateRealNumber):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::int52Result):
      (JSC::DFG::SpeculativeJIT::strictInt52Result):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
      (JSC::DFG::SpeculativeJIT::generationInfo):
      (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::edge):
      (JSC::DFG::SpeculateInt52Operand::node):
      (JSC::DFG::SpeculateInt52Operand::gpr):
      (JSC::DFG::SpeculateInt52Operand::use):
      (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::edge):
      (JSC::DFG::SpeculateStrictInt52Operand::node):
      (JSC::DFG::SpeculateStrictInt52Operand::gpr):
      (JSC::DFG::SpeculateStrictInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
      (JSC::DFG::SpeculateWhicheverInt52Operand::node):
      (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
      (JSC::DFG::SpeculateWhicheverInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::format):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::boxInt52):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileInt52Compare):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isNumerical):
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::ValueSource::forFlushFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::flushFormat):
      * ftl/FTLCArgumentGetter.cpp:
      (JSC::FTL::CArgumentGetter::loadNextAndBox):
      * ftl/FTLCArgumentGetter.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      * ftl/FTLExitValue.h:
      (JSC::FTL::ExitValue::inJSStackAsInt52):
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
      (JSC::FTL::LowerDFGToLLVM::compilePhi):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileAdd):
      (JSC::FTL::LowerDFGToLLVM::compileArithSub):
      (JSC::FTL::LowerDFGToLLVM::compileArithMul):
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
      (JSC::FTL::LowerDFGToLLVM::lowInt32):
      (JSC::FTL::LowerDFGToLLVM::lowInt52):
      (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
      (JSC::FTL::LowerDFGToLLVM::opposite):
      (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
      (JSC::FTL::LowerDFGToLLVM::lowCell):
      (JSC::FTL::LowerDFGToLLVM::lowBoolean):
      (JSC::FTL::LowerDFGToLLVM::lowDouble):
      (JSC::FTL::LowerDFGToLLVM::lowJSValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
      (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
      (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::setInt52):
      (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::addWithOverflow64):
      (JSC::FTL::Output::subWithOverflow64):
      (JSC::FTL::Output::mulWithOverflow64):
      * ftl/FTLValueFormat.cpp:
      (WTF::printInternal):
      * ftl/FTLValueFormat.h:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      * interpreter/Register.h:
      (JSC::Register::unboxedInt52):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::isMachineInt):
      (JSC::JSValue::asMachineInt):
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
      
      * wtf/PrintStream.h:
      (WTF::ValueIgnoringContext::ValueIgnoringContext):
      (WTF::ValueIgnoringContext::dump):
      (WTF::ignoringContext):
      
      Tools: 
      
      Reviewed by Oliver Hunt.
      
      * Scripts/run-jsc-stress-tests:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * js/dfg-int-overflow-large-constants-in-a-line-expected.txt:
      * js/regress/large-int-captured-expected.txt: Added.
      * js/regress/large-int-captured.html: Added.
      * js/regress/large-int-expected.txt: Added.
      * js/regress/large-int-neg-expected.txt: Added.
      * js/regress/large-int-neg.html: Added.
      * js/regress/large-int.html: Added.
      * js/regress/marsaglia-larger-ints-expected.txt: Added.
      * js/regress/marsaglia-larger-ints.html: Added.
      * js/regress/script-tests/large-int-captured.js: Added.
      (.bar):
      (foo):
      * js/regress/script-tests/large-int-neg.js: Added.
      (foo):
      * js/regress/script-tests/large-int.js: Added.
      (foo):
      * js/regress/script-tests/marsaglia-larger-ints.js: Added.
      (uint):
      (marsaglia):
      * js/script-tests/dfg-int-overflow-large-constants-in-a-line.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156047 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6921b29b
    • msaboff@apple.com's avatar
      REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms · 98791905
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121376
      
      Reviewed by Oliver Hunt.
      
      Fix stack grow() call for stack growing down.  This should catch running out of stack space before
      we try to move the frame down due to arity mismatch.
      
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156046 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      98791905
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r156019 and r156020. · 92c67000
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/156019
      http://trac.webkit.org/changeset/156020
      https://bugs.webkit.org/show_bug.cgi?id=121540
      
      Broke tests (Requested by ap on #webkit).
      
      Source/JavaScriptCore:
      
      * assembler/MacroAssemblerX86_64.h:
      * assembler/X86Assembler.h:
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      * bytecode/ExitKind.h:
      * bytecode/OperandsInlines.h:
      (JSC::::dumpInContext):
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromValue):
      * bytecode/SpeculatedType.h:
      (JSC::isInt32SpeculationForArithmetic):
      (JSC::isInt48Speculation):
      (JSC::isMachineIntSpeculationForArithmetic):
      (JSC::isInt48AsDoubleSpeculation):
      (JSC::isRealNumberSpeculation):
      (JSC::isNumberSpeculation):
      (JSC::isNumberSpeculationExpectingDefined):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::inGPR):
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::isAlreadyInJSStack):
      (JSC::ValueRecovery::gpr):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAbstractInterpreter.h:
      (JSC::DFG::AbstractInterpreter::needsTypeCheck):
      (JSC::DFG::AbstractInterpreter::filterByType):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::checkConsistency):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::validateType):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::unboxDouble):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::canonicalize):
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGCommon.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      (JSC::DFG::FixupPhase::fixEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
      * dfg/DFGFlushFormat.cpp:
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h:
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::initInt32):
      (JSC::DFG::GenerationInfo::fillInt32):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addShouldSpeculateMachineInt):
      (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
      (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGMinifiedNode.h:
      (JSC::DFG::belongsInMinifiedGraph):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      (JSC::DFG::Node::canSpeculateInt48):
      * dfg/DFGNodeFlags.h:
      (JSC::DFG::nodeCanSpeculateInt48):
      * dfg/DFGNodeType.h:
      (JSC::DFG::forwardRewiringSelectionScore):
      * dfg/DFGOSRExitCompiler.cpp:
      (JSC::DFG::shortOperandsDump):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      (JSC::DFG::safeToExecute):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::speculateNumber):
      (JSC::DFG::SpeculativeJIT::speculateRealNumber):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::boxDouble):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::int32Result):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isNumerical):
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::ValueSource::forFlushFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::flushFormat):
      * ftl/FTLCArgumentGetter.cpp:
      (JSC::FTL::CArgumentGetter::loadNextAndBox):
      * ftl/FTLCArgumentGetter.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      * ftl/FTLExitValue.h:
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
      (JSC::FTL::LowerDFGToLLVM::compilePhi):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileAdd):
      (JSC::FTL::LowerDFGToLLVM::compileArithSub):
      (JSC::FTL::LowerDFGToLLVM::compileArithMul):
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
      (JSC::FTL::LowerDFGToLLVM::lowInt32):
      (JSC::FTL::LowerDFGToLLVM::lowCell):
      (JSC::FTL::LowerDFGToLLVM::lowBoolean):
      (JSC::FTL::LowerDFGToLLVM::lowDouble):
      (JSC::FTL::LowerDFGToLLVM::lowJSValue):
      (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::setInt32):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::mulWithOverflow32):
      * ftl/FTLValueFormat.cpp:
      (WTF::printInternal):
      * ftl/FTLValueFormat.h:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      * interpreter/Register.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      
      Source/WTF:
      
      * wtf/PrintStream.h:
      
      Tools:
      
      * Scripts/run-jsc-stress-tests:
      
      LayoutTests:
      
      * js/regress/large-int-captured-expected.txt: Removed.
      * js/regress/large-int-captured.html: Removed.
      * js/regress/large-int-expected.txt: Removed.
      * js/regress/large-int-neg-expected.txt: Removed.
      * js/regress/large-int-neg.html: Removed.
      * js/regress/large-int.html: Removed.
      * js/regress/marsaglia-larger-ints-expected.txt: Removed.
      * js/regress/marsaglia-larger-ints.html: Removed.
      * js/regress/script-tests/large-int-captured.js: Removed.
      * js/regress/script-tests/large-int-neg.js: Removed.
      * js/regress/script-tests/large-int.js: Removed.
      * js/regress/script-tests/marsaglia-larger-ints.js: Removed.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156029 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      92c67000
  10. 17 Sep, 2013 4 commits
    • fpizlo@apple.com's avatar
      Unreviewed, fix 32-bit build. · 25e0bdc5
      fpizlo@apple.com authored
      * runtime/JSCJSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156020 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      25e0bdc5
    • fpizlo@apple.com's avatar
      DFG should support Int52 for local variables · 4c466ec6
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121064
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
      programs that have local int32 overflows but where a larger int representation can
      prevent us from having to convert all the way up to double.
              
      It's a small speed-up for now. But we're just supporting Int52 for a handful of
      operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
      the groundwork for adding Int52 to JSValue, which will probably be a bigger
      speed-up.
              
      The basic approach is:
              
      - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
        or HeapTop - i.e. it doesn't arise from JSValues.
              
      - DFG treats Int52 as being part of its FullTop and will treat it as being a
        subtype of double unless instructed otherwise.
              
      - Prediction propagator creates Int52s whenever we have a node going doubly but due
        to large values rather than fractional values, and that node is known to be able
        to produce Int52 natively in the DFG backend.
              
      - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
        to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
        input.
              
      - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
        are left-shifted by 16 (great for overflow checks) and ones that are
        sign-extended. Both backends know how to convert between Int52s and the other
        representations.
      
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::rshift64):
      (JSC::MacroAssemblerX86_64::mul64):
      (JSC::MacroAssemblerX86_64::branchMul64):
      (JSC::MacroAssemblerX86_64::branchNeg64):
      (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::imulq_rr):
      (JSC::X86Assembler::cvtsi2sdq_rr):
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * bytecode/OperandsInlines.h:
      (JSC::::dumpInContext):
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromValue):
      * bytecode/SpeculatedType.h:
      (JSC::isInt32SpeculationForArithmetic):
      (JSC::isMachineIntSpeculationForArithmetic):
      (JSC::isBytecodeRealNumberSpeculation):
      (JSC::isFullRealNumberSpeculation):
      (JSC::isBytecodeNumberSpeculation):
      (JSC::isFullNumberSpeculation):
      (JSC::isBytecodeNumberSpeculationExpectingDefined):
      (JSC::isFullNumberSpeculationExpectingDefined):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
      (JSC::ValueRecovery::inGPR):
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::isAlreadyInJSStack):
      (JSC::ValueRecovery::gpr):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAbstractInterpreter.h:
      (JSC::DFG::AbstractInterpreter::needsTypeCheck):
      (JSC::DFG::AbstractInterpreter::filterByType):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::checkConsistency):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::couldBeType):
      (JSC::DFG::AbstractValue::isType):
      (JSC::DFG::AbstractValue::checkConsistency):
      (JSC::DFG::AbstractValue::validateType):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::boxInt52):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGCommon.h:
      (JSC::DFG::enableInt52):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      (JSC::DFG::FixupPhase::fixEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
      * dfg/DFGFlushFormat.cpp:
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h:
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::initInt52):
      (JSC::DFG::GenerationInfo::initStrictInt52):
      (JSC::DFG::GenerationInfo::isFormat):
      (JSC::DFG::GenerationInfo::isInt52):
      (JSC::DFG::GenerationInfo::isStrictInt52):
      (JSC::DFG::GenerationInfo::fillInt52):
      (JSC::DFG::GenerationInfo::fillStrictInt52):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addShouldSpeculateMachineInt):
      (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
      (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGMinifiedNode.h:
      (JSC::DFG::belongsInMinifiedGraph):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      * dfg/DFGNodeFlags.h:
      * dfg/DFGNodeType.h:
      (JSC::DFG::forwardRewiringSelectionScore):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      (JSC::DFG::safeToExecute):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::speculateMachineInt):
      (JSC::DFG::SpeculativeJIT::speculateNumber):
      (JSC::DFG::SpeculativeJIT::speculateRealNumber):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::int52Result):
      (JSC::DFG::SpeculativeJIT::strictInt52Result):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
      (JSC::DFG::SpeculativeJIT::generationInfo):
      (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::edge):
      (JSC::DFG::SpeculateInt52Operand::node):
      (JSC::DFG::SpeculateInt52Operand::gpr):
      (JSC::DFG::SpeculateInt52Operand::use):
      (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::edge):
      (JSC::DFG::SpeculateStrictInt52Operand::node):
      (JSC::DFG::SpeculateStrictInt52Operand::gpr):
      (JSC::DFG::SpeculateStrictInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
      (JSC::DFG::SpeculateWhicheverInt52Operand::node):
      (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
      (JSC::DFG::SpeculateWhicheverInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::format):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::boxInt52):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileInt52Compare):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isNumerical):
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::ValueSource::forFlushFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::flushFormat):
      * ftl/FTLCArgumentGetter.cpp:
      (JSC::FTL::CArgumentGetter::loadNextAndBox):
      * ftl/FTLCArgumentGetter.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      * ftl/FTLExitValue.h:
      (JSC::FTL::ExitValue::inJSStackAsInt52):
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
      (JSC::FTL::LowerDFGToLLVM::compilePhi):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileAdd):
      (JSC::FTL::LowerDFGToLLVM::compileArithSub):
      (JSC::FTL::LowerDFGToLLVM::compileArithMul):
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
      (JSC::FTL::LowerDFGToLLVM::lowInt32):
      (JSC::FTL::LowerDFGToLLVM::lowInt52):
      (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
      (JSC::FTL::LowerDFGToLLVM::opposite):
      (JSC::FTL::LowerDFGToLLVM::Int52s::operator[]):
      (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
      (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52s):
      (JSC::FTL::LowerDFGToLLVM::lowOpposingInt52s):
      (JSC::FTL::LowerDFGToLLVM::lowCell):
      (JSC::FTL::LowerDFGToLLVM::lowBoolean):
      (JSC::FTL::LowerDFGToLLVM::lowDouble):
      (JSC::FTL::LowerDFGToLLVM::lowJSValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
      (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
      (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::setInt52):
      (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::addWithOverflow64):
      (JSC::FTL::Output::subWithOverflow64):
      (JSC::FTL::Output::mulWithOverflow64):
      * ftl/FTLValueFormat.cpp:
      (WTF::printInternal):
      * ftl/FTLValueFormat.h:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      * interpreter/Register.h:
      (JSC::Register::unboxedInt52):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::isMachineInt):
      (JSC::JSValue::asMachineInt):
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
      
      * wtf/PrintStream.h:
      (WTF::ValueIgnoringContext::ValueIgnoringContext):
      (WTF::ValueIgnoringContext::dump):
      (WTF::ignoringContext):
      
      Tools: 
      
      Reviewed by Oliver Hunt.
      
      * Scripts/run-jsc-stress-tests:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * js/regress/large-int-captured-expected.txt: Added.
      * js/regress/large-int-captured.html: Added.
      * js/regress/large-int-expected.txt: Added.
      * js/regress/large-int-neg-expected.txt: Added.
      * js/regress/large-int-neg.html: Added.
      * js/regress/large-int.html: Added.
      * js/regress/marsaglia-larger-ints-expected.txt: Added.
      * js/regress/marsaglia-larger-ints.html: Added.
      * js/regress/script-tests/large-int-captured.js: Added.
      (.bar):
      (foo):
      * js/regress/script-tests/large-int-neg.js: Added.
      (foo):
      * js/regress/script-tests/large-int.js: Added.
      (foo):
      * js/regress/script-tests/marsaglia-larger-ints.js: Added.
      (uint):
      (marsaglia):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156019 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4c466ec6
    • fpizlo@apple.com's avatar
      Use CheckStructure for checking the types of typed arrays whenever possible · b94b97ec
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121514
      
      Reviewed by Oliver Hunt.
      
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::computeUpdatedPrediction):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::fromObserved):
      (JSC::DFG::ArrayMode::refine):
      (JSC::DFG::ArrayMode::originalArrayStructure):
      (JSC::DFG::arrayClassToString):
      * dfg/DFGArrayMode.h:
      (JSC::DFG::ArrayMode::ArrayMode):
      (JSC::DFG::ArrayMode::arrayModesWithIndexingShape):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::isOriginalTypedArrayStructure):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156017 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b94b97ec
    • akling@apple.com's avatar
      Pack create_hash_table tables better. · 9b26e5d3
      akling@apple.com authored
      <https://webkit.org/b/121517>
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore:
      
      Reduces JavaScriptCore binary size by 4648 bytes.
      
      * create_hash_table:
      * runtime/Lookup.h:
      
          Reorder HashTableValue members to avoid unnecessary padding.
      
      Source/WebCore:
      
      Reduces WebCore binary size by 72744 bytes.
      
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHashTable):
      
          Updated for new HashTableValue member order.
      
      * bindings/scripts/test/JS/*:
      
          Rebaselined bindings tests.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156009 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9b26e5d3