1. 24 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-24 Geoffrey Garen <ggaren@apple.com> · 726ad6bd
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Let's just have one way to get the system page size, bokay?
              https://bugs.webkit.org/show_bug.cgi?id=61384
      
              * CMakeListsEfl.txt:
              * CMakeListsWinCE.txt:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
              is gone completely now, since it only existed to provide a duplicate way
              to access the system page size.
      
              * heap/MarkStack.cpp:
              (JSC::MarkStack::reset):
              * heap/MarkStack.h:
              (JSC::::MarkStackArray):
              (JSC::::shrinkAllocation): Use WTF::pageSize.
      
              * heap/MarkStackPosix.cpp:
              * heap/MarkStackSymbian.cpp:
              * heap/MarkStackWin.cpp: Removed now-empty files.
      
              * jit/ExecutableAllocator.cpp:
              (JSC::ExecutableAllocator::reprotectRegion):
              * jit/ExecutableAllocator.h:
              (JSC::ExecutableAllocator::ExecutableAllocator):
              (JSC::ExecutablePool::ExecutablePool):
              (JSC::ExecutablePool::poolAllocate):
              * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
      
              * wscript: Removed now-empty files.
      
              * wtf/PageBlock.cpp:
              (WTF::systemPageSize): Integrated questionable Symbian page size rule
              from ExecutableAllocator, because that seems like what the original
              author should have done.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87198 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      726ad6bd
  2. 19 May, 2011 2 commits
    • oliver@apple.com's avatar
      2011-05-19 Oliver Hunt <oliver@apple.com> · a3b44328
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Add guard pages to each end of the memory region used by the fixedvm allocator
              https://bugs.webkit.org/show_bug.cgi?id=61150
      
              Add mechanism to notify the OSAllocator that pages at either end of an
              allocation should be considered guard pages.  Update PageReservation,
              PageAllocation, etc to handle this.
      
              * JavaScriptCore.exp:
              * jit/ExecutableAllocatorFixedVMPool.cpp:
              (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
              * wtf/OSAllocator.h:
              * wtf/OSAllocatorPosix.cpp:
              (WTF::OSAllocator::reserveUncommitted):
              (WTF::OSAllocator::reserveAndCommit):
              * wtf/PageAllocation.h:
              (WTF::PageAllocation::PageAllocation):
              * wtf/PageAllocationAligned.h:
              (WTF::PageAllocationAligned::PageAllocationAligned):
              * wtf/PageBlock.h:
              (WTF::PageBlock::PageBlock):
              * wtf/PageReservation.h:
              (WTF::PageReservation::reserve):
              (WTF::PageReservation::reserveWithGuardPages):
                  Add a new function to make a reservation that will add guard
                  pages to the ends of an allocation.
              (WTF::PageReservation::PageReservation):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a3b44328
    • yurys@chromium.org's avatar
      2011-05-18 Yury Semikhatsky <yurys@chromium.org> · aa17fdc4
      yurys@chromium.org authored
              Reviewed by Pavel Feldman.
      
              InjectedScriptSource.js - "Don't be eval()."
              https://bugs.webkit.org/show_bug.cgi?id=60800
      
              * inspector/console/console-eval-blocked-expected.txt: Added.
              * inspector/console/console-eval-blocked.html: Added.
      2011-05-18  Yury Semikhatsky  <yurys@chromium.org>
      
              Reviewed by Pavel Feldman.
      
              InjectedScriptSource.js - "Don't be eval()."
              https://bugs.webkit.org/show_bug.cgi?id=60800
      
              Thanks to Adam Barth for providing JSC implementation!
      
              InjectedScriptHost.evaluate is used to perform script evaluations for
              inspector needs. This method is not affected by CSP and should fix inspector
              on pages with CSP restrictions.
      
              Test: inspector/console/console-eval-blocked.html
      
              * bindings/js/JSInjectedScriptHostCustom.cpp:
              (WebCore::JSInjectedScriptHost::evaluate):
              * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
              (WebCore::V8InjectedScriptHost::evaluateCallback):
              (WebCore::V8InjectedScriptHost::inspectedNodeCallback):
              * inspector/InjectedScriptHost.idl:
              * inspector/InjectedScriptSource.js:
              (.):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aa17fdc4
  3. 17 May, 2011 2 commits
    • ggaren@apple.com's avatar
      Source/JavaScriptCore: Rolling back in r86653 with build fixed. · 19fe5092
      ggaren@apple.com authored
      Reviewed by Gavin Barraclough and Oliver Hunt.
      
      Global object initialization is expensive
      https://bugs.webkit.org/show_bug.cgi?id=60933
              
      Changed a bunch of globals to allocate their properties lazily, and changed
      the global object to allocate a bunch of its globals lazily.
              
      This reduces the footprint of a global object from 287 objects with 58
      functions for 24K to 173 objects with 20 functions for 15K.
      
      Large patch, but it's all mechanical.
      
      * DerivedSources.make:
      * JavaScriptCore.exp: Build!
      
      * create_hash_table: Added a special case for fromCharCode, since it uses
      a custom "thunk generator".
      
      * heap/Heap.cpp:
      (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
      overcount objects that were owned through more than one mechanism because
      it was getting in the way of counting the results for this patch.
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectPrototypeTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable): Added new tables.
      
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::ArrayConstructor):
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::DateConstructor):
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure): Standardized these objects
      to use static tables for function properties.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h: Added new tables.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
      static table for its global functions. This required uninlining some
      things to avoid a circular header dependency. However, those things
      probably shouldn't have been inlined in the first place.
              
      Even more global object properties can be made lazy, but that requires
      more in-depth changes.
      
      * runtime/MathObject.cpp:
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::RegExpPrototype):
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::StringConstructor):
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure): Standardized these objects
      to use static tables for function properties.
      
      LayoutTests: Global object initialization is expensive
      https://bugs.webkit.org/show_bug.cgi?id=60933
              
      Reviewed by Gavin Barraclough.
      
      Added a few more expected failures, now that more code uses static hash
      tables.
              
      The fact that built-ins are not deletable, but should be, is covered by
      https://bugs.webkit.org/show_bug.cgi?id=61014
      
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.2/S15.6.2.1_A4-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.3/15.6.3.1_Boolean.prototype/S15.6.3.1_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.4/S15.6.4_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.2/S15.7.2.1_A4-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.3/15.7.3.1_Number.prototype/S15.7.3.1_A2_T1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.4/S15.7.4_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.2_Date.parse/S15.9.4.2_A1_T2-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.3_Date.UTC/S15.9.4.3_A1_T2-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86727 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19fe5092
    • commit-queue@webkit.org's avatar
      2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com> · 5a39502a
      commit-queue@webkit.org authored
              Unreviewed, rolling out r86653.
              http://trac.webkit.org/changeset/86653
              https://bugs.webkit.org/show_bug.cgi?id=60944
      
              "Caused regressions on Windows, OSX and EFL" (Requested by
              yutak on #webkit).
      
              * DerivedSources.make:
              * DerivedSources.pro:
              * GNUmakefile.am:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * create_hash_table:
              * heap/Heap.cpp:
              (JSC::TypeCounter::operator()):
              * interpreter/CallFrame.h:
              (JSC::ExecState::arrayTable):
              (JSC::ExecState::numberTable):
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              * runtime/ArrayConstructor.h:
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::getOwnPropertySlot):
              (JSC::ArrayPrototype::getOwnPropertyDescriptor):
              * runtime/ArrayPrototype.h:
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              * runtime/BooleanPrototype.h:
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              * runtime/DateConstructor.h:
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              * runtime/ErrorPrototype.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::~JSGlobalData):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::addStaticGlobals):
              (JSC::JSGlobalObject::getOwnPropertySlot):
              (JSC::JSGlobalObject::getOwnPropertyDescriptor):
              * runtime/JSGlobalObjectFunctions.cpp:
              (JSC::globalFuncJSCPrint):
              * runtime/JSGlobalObjectFunctions.h:
              * runtime/MathObject.cpp:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::getOwnPropertySlot):
              (JSC::NumberConstructor::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              * runtime/NumberPrototype.h:
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              (JSC::ObjectPrototype::put):
              (JSC::ObjectPrototype::getOwnPropertySlot):
              * runtime/ObjectPrototype.h:
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              * runtime/RegExpPrototype.h:
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              * runtime/StringConstructor.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86657 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5a39502a
  4. 16 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-16 Geoffrey Garen <ggaren@apple.com> · 836c5d91
      ggaren@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Global object initialization is expensive
              https://bugs.webkit.org/show_bug.cgi?id=60933
              
              Changed a bunch of globals to allocate their properties lazily, and changed
              the global object to allocate a bunch of its globals lazily.
              
              This reduces the footprint of a global object from 287 objects with 58
              functions for 24K to 173 objects with 20 functions for 15K.
      
              Large patch, but it's all mechanical.
      
              * DerivedSources.make:
              * JavaScriptCore.exp: Build!
      
              * create_hash_table: Added a special case for fromCharCode, since it uses
              a custom "thunk generator".
      
              * heap/Heap.cpp:
              (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
              overcount objects that were owned through more than one mechanism because
              it was getting in the way of counting the results for this patch.
      
              * interpreter/CallFrame.h:
              (JSC::ExecState::arrayConstructorTable):
              (JSC::ExecState::arrayPrototypeTable):
              (JSC::ExecState::booleanPrototypeTable):
              (JSC::ExecState::dateConstructorTable):
              (JSC::ExecState::errorPrototypeTable):
              (JSC::ExecState::globalObjectTable):
              (JSC::ExecState::numberConstructorTable):
              (JSC::ExecState::numberPrototypeTable):
              (JSC::ExecState::objectPrototypeTable):
              (JSC::ExecState::regExpPrototypeTable):
              (JSC::ExecState::stringConstructorTable): Added new tables.
      
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              (JSC::ArrayConstructor::getOwnPropertySlot):
              (JSC::ArrayConstructor::getOwnPropertyDescriptor):
              * runtime/ArrayConstructor.h:
              (JSC::ArrayConstructor::createStructure):
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::getOwnPropertySlot):
              (JSC::ArrayPrototype::getOwnPropertyDescriptor):
              * runtime/ArrayPrototype.h:
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              (JSC::BooleanPrototype::getOwnPropertySlot):
              (JSC::BooleanPrototype::getOwnPropertyDescriptor):
              * runtime/BooleanPrototype.h:
              (JSC::BooleanPrototype::createStructure):
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              (JSC::DateConstructor::getOwnPropertySlot):
              (JSC::DateConstructor::getOwnPropertyDescriptor):
              * runtime/DateConstructor.h:
              (JSC::DateConstructor::createStructure):
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              (JSC::ErrorPrototype::getOwnPropertySlot):
              (JSC::ErrorPrototype::getOwnPropertyDescriptor):
              * runtime/ErrorPrototype.h:
              (JSC::ErrorPrototype::createStructure): Standardized these objects
              to use static tables for function properties.
      
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::~JSGlobalData):
              * runtime/JSGlobalData.h: Added new tables.
      
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              (JSC::JSGlobalObject::addStaticGlobals):
              (JSC::JSGlobalObject::getOwnPropertySlot):
              (JSC::JSGlobalObject::getOwnPropertyDescriptor):
              * runtime/JSGlobalObject.h:
              * runtime/JSGlobalObjectFunctions.cpp:
              * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
              static table for its global functions. This required uninlining some
              things to avoid a circular header dependency. However, those things
              probably shouldn't have been inlined in the first place.
              
              Even more global object properties can be made lazy, but that requires
              more in-depth changes.
      
              * runtime/MathObject.cpp:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::getOwnPropertySlot):
              (JSC::NumberConstructor::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              (JSC::NumberPrototype::getOwnPropertySlot):
              (JSC::NumberPrototype::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.h:
              (JSC::NumberPrototype::createStructure):
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              (JSC::ObjectPrototype::put):
              (JSC::ObjectPrototype::getOwnPropertySlot):
              (JSC::ObjectPrototype::getOwnPropertyDescriptor):
              * runtime/ObjectPrototype.h:
              (JSC::ObjectPrototype::createStructure):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              (JSC::RegExpPrototype::getOwnPropertySlot):
              (JSC::RegExpPrototype::getOwnPropertyDescriptor):
              * runtime/RegExpPrototype.h:
              (JSC::RegExpPrototype::createStructure):
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              (JSC::StringConstructor::getOwnPropertySlot):
              (JSC::StringConstructor::getOwnPropertyDescriptor):
              * runtime/StringConstructor.h:
              (JSC::StringConstructor::createStructure): Standardized these objects
              to use static tables for function properties.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      836c5d91
  5. 14 May, 2011 2 commits
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · 4103716d
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86499 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4103716d
    • ossy@webkit.org's avatar
      Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt. · 8c10d800
      ossy@webkit.org authored
      Make GC validation more aggressive
      https://bugs.webkit.org/show_bug.cgi?id=60802
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedSpace.cpp:
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/Executable.h:
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::createStructure):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::createStructure):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      * runtime/JSArray.cpp:
      (JSC::JSArray::visitChildren):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSCell::JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::visitChildren):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::visitChildren):
      * runtime/JSString.h:
      (JSC::RopeBuilder::createStructure):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::visitChildren):
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::visitChildren):
      * runtime/ScopeChain.h:
      (JSC::ScopeChainNode::ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::createStructure):
      (JSC::JSCell::classInfo):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::get):
      (JSC::WriteBarrierBase::operator*):
      (JSC::WriteBarrierBase::operator->):
      (JSC::WriteBarrier::WriteBarrier):
      * wtf/Assertions.h:
      
      Source/WebCore:
      
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioContextCustom.cpp:
      (WebCore::JSAudioContext::visitChildren):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::visitChildren):
      (WebCore::JSDOMGlobalObject::setInjectedScript):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::visitChildren):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::JSEventListener):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      (WebCore::JSJavaScriptAudioNode::visitChildren):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/scripts/CodeGeneratorJS.pm:
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::invalidate):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::getCallData):
      (WebKit::JSNPObject::getConstructData):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8c10d800
  6. 13 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · d369c8cd
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d369c8cd
  7. 12 May, 2011 1 commit
    • zimmermann@webkit.org's avatar
      2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> · 6da15387
      zimmermann@webkit.org authored
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator.
              Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
              object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
              N strings using operator+, this leads to N-1 reallocations.
      
              Replace this with a flexible operator+ implementation, that avoids these reallocations.
              When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
              a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
              creation of the final string, until operator String() is invoked.
      
              template<typename T>
              StringAppend<String, T> operator+(const String& string1, T string2)
              {
                  return StringAppend<String, T>(string1, string2);
              }
      
              template<typename U, typename V, typename W>
              StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
              {
                  return StringAppend<U, StringAppend<V, W> >(string1, string2);
              }
      
              When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
              first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
              Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
              a StringAppend<String, StringAppend<String, String> > object.
              Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
              final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
              against too big string allocations, etc.
      
              Note that the second template, defines a recursive way to concat an arbitary number of strings
              into a single String with just one allocation.
      
              * GNUmakefile.list.am: Add StringOperators.h to build.
              * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
              * JavaScriptCore.gypi: Add StringOperators.h to build.
              * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
              * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
              * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
              * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
              * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
              (WTF::StringAppend::StringAppend):
              (WTF::StringAppend::operator String):
              (WTF::StringAppend::operator AtomicString):
              (WTF::StringAppend::writeTo):
              (WTF::StringAppend::length):
              (WTF::operator+):
              * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). 
              (WTF::emptyString): Add new shared empty string free function.
              * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessary when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * dom/XMLDocumentParserLibxml2.cpp:
              (WebCore::handleElementAttributes):
              * editing/MarkupAccumulator.cpp:
              (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
              * html/HTMLAnchorElement.cpp:
              (WebCore::HTMLAnchorElement::hash):
              (WebCore::HTMLAnchorElement::search):
              * html/ImageInputType.cpp:
              (WebCore::ImageInputType::appendFormData):
              * html/parser/HTMLTreeBuilder.cpp:
              * loader/CrossOriginAccessControl.cpp:
              (WebCore::passesAccessControlCheck):
              * page/Location.cpp:
              (WebCore::Location::search):
              (WebCore::Location::hash):
              * page/NavigatorBase.cpp:
              (WebCore::NavigatorBase::platform):
              * platform/chromium/ClipboardChromium.cpp:
              (WebCore::writeImageToDataObject):
              * platform/gtk/PasteboardHelper.cpp:
              (WebCore::PasteboardHelper::fillSelectionData):
              * platform/network/cf/ResourceHandleCFNet.cpp:
              (WebCore::encodeBasicAuthorization):
              * platform/network/cf/SocketStreamHandleCFNet.cpp:
              (WebCore::SocketStreamHandle::copyCFStreamDescription):
              * platform/network/mac/ResourceHandleMac.mm:
              (WebCore::encodeBasicAuthorization):
              * workers/WorkerLocation.cpp:
              (WebCore::WorkerLocation::search):
              (WebCore::WorkerLocation::hash):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * src/WebAccessibilityObject.cpp:
              (WebKit::WebAccessibilityObject::keyboardShortcut): Cast to String first, before trying to convert to platform dependant type.
              * src/WebHTTPLoadInfo.cpp:
              (WebKit::addHeader): Don't pass WebString to makeString, explicit cast to String first.
              * tests/IDBLevelDBCodingTest.cpp: Cast to String first, to avoid conflicting with gtests global templatified operator+.
              (IDBLevelDBCoding::TEST):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * WebView/WebFrame.mm: Explicitely cast to Strings first, so operator NSString*() can be invoked.
              (-[WebFrame _stringWithDocumentTypeStringAndMarkupString:]):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * AccessibleBase.cpp:
              (AccessibleBase::get_accKeyboardShortcut): Explicitely cast to Strings first, so operator BString() can be invoked.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86330 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6da15387
  8. 11 May, 2011 1 commit
  9. 09 May, 2011 1 commit
    • abarth@webkit.org's avatar
      2011-05-09 Adam Barth <abarth@webkit.org> · 19733325
      abarth@webkit.org authored
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              Test that the function constructor is properly blocked.
      
              * http/tests/security/contentSecurityPolicy/function-constructor-allowed-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-allowed.html: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-blocked-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-blocked.html: Added.
              * platform/chromium/test_expectations.txt:
      2011-05-09  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              When eval is disabled, we need to block the use of the function
              constructor.  However, the WebCore JSC bindings call the function
              constructor directly to create inline event listeners.  To support that
              use, this patch adds an entrypoint that bypasses the check for whether
              eval is enabled.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * runtime/FunctionConstructor.cpp:
              (JSC::constructFunction):
              (JSC::constructFunctionSkippingEvalEnabledCheck):
              * runtime/FunctionConstructor.h:
      2011-05-09  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              Tests: http/tests/security/contentSecurityPolicy/function-constructor-allowed.html
                     http/tests/security/contentSecurityPolicy/function-constructor-blocked.html
      
              * bindings/js/JSLazyEventListener.cpp:
              (WebCore::JSLazyEventListener::initializeJSFunction):
                  - Update call site to the new entrypoint.
              * bindings/v8/V8LazyEventListener.cpp:
              (WebCore::V8LazyEventListener::prepareListenerObject):
                  - Add some comments about the rediculousness of this implementation.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86100 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19733325
  10. 03 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-03 Oliver Hunt <oliver@apple.com> · 1d9763c2
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make malloc validation useful
              https://bugs.webkit.org/show_bug.cgi?id=57502
      
              Reland this patch (rolled out in 82905) without
              turning it on by default.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * wtf/FastMalloc.cpp:
              (WTF::tryFastMalloc):
              (WTF::fastMalloc):
              (WTF::tryFastCalloc):
              (WTF::fastCalloc):
              (WTF::fastFree):
              (WTF::tryFastRealloc):
              (WTF::fastRealloc):
              (WTF::fastMallocSize):
              (WTF::TCMalloc_PageHeap::isScavengerSuspended):
              (WTF::TCMalloc_PageHeap::scheduleScavenger):
              (WTF::TCMalloc_PageHeap::suspendScavenger):
              (WTF::TCMalloc_PageHeap::signalScavenger):
              (WTF::TCMallocStats::malloc):
              (WTF::TCMallocStats::free):
              (WTF::TCMallocStats::fastCalloc):
              (WTF::TCMallocStats::tryFastCalloc):
              (WTF::TCMallocStats::calloc):
              (WTF::TCMallocStats::fastRealloc):
              (WTF::TCMallocStats::tryFastRealloc):
              (WTF::TCMallocStats::realloc):
              (WTF::TCMallocStats::fastMallocSize):
              * wtf/FastMalloc.h:
              (WTF::Internal::fastMallocValidationHeader):
              (WTF::Internal::fastMallocValidationSuffix):
              (WTF::Internal::fastMallocMatchValidationType):
              (WTF::Internal::setFastMallocMatchValidationType):
              (WTF::fastMallocMatchValidateFree):
              (WTF::fastMallocValidate):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85700 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1d9763c2
  11. 02 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-02 Oliver Hunt <oliver@apple.com> · 35b2b50e
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Correct marking of interpreter data in mixed mode builds
              https://bugs.webkit.org/show_bug.cgi?id=59962
      
              We had a few places in mixed mode builds where we would not
              track data used by the interpreter for marking.  This patch
              corrects the problem and adds a number of assertions to catch
              live Structures being collected.
      
              * JavaScriptCore.exp:
              * assembler/ARMv7Assembler.h:
              (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::dump):
              * bytecode/CodeBlock.h:
              (JSC::CodeBlock::addPropertyAccessInstruction):
              (JSC::CodeBlock::addGlobalResolveInstruction):
              (JSC::CodeBlock::addStructureStubInfo):
              (JSC::CodeBlock::addGlobalResolveInfo):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::emitResolve):
              (JSC::BytecodeGenerator::emitResolveWithBase):
              (JSC::BytecodeGenerator::emitGetById):
              (JSC::BytecodeGenerator::emitPutById):
              (JSC::BytecodeGenerator::emitDirectPutById):
              * runtime/Structure.cpp:
              (JSC::Structure::materializePropertyMap):
              * runtime/Structure.h:
              (JSC::Structure::typeInfo):
              (JSC::Structure::previousID):
              (JSC::Structure::propertyStorageCapacity):
              (JSC::Structure::propertyStorageSize):
              (JSC::Structure::get):
              (JSC::Structure::materializePropertyMapIfNecessary):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85523 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      35b2b50e
  12. 29 Apr, 2011 1 commit
    • abarth@webkit.org's avatar
      2011-04-29 Adam Barth <abarth@webkit.org> · 26a40f16
      abarth@webkit.org authored
              Reviewed by Eric Seidel.
      
              CSP script-src should block eval
              https://bugs.webkit.org/show_bug.cgi?id=59850
      
              Test that both function-eval and operator-eval are correctly blocked
              and allowed according to the policy.
      
              * http/tests/security/contentSecurityPolicy/eval-allowed-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/eval-allowed.html: Added.
              * http/tests/security/contentSecurityPolicy/eval-blocked-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/eval-blocked.html: Added.
      2011-04-29  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP script-src should block eval
              https://bugs.webkit.org/show_bug.cgi?id=59850
      
              ggaren recommend a different approach to this patch, essentially
              installing a new function for function-eval and changing the AST
              representation of operator-eval to call function-eval.  However, I'm
              not sure that approach is workable because the ASTBuilder doesn't know
              about global objects, and there is added complication due to the cache.
      
              This approach is more dynamic, adding a branch in EvalExecutable to
              detect whether eval is current disabled in the lexical scope.  The spec
              is slightly unclear about whether we should return undefined or throw
              an exception.  I've asked Brandon to clarify the spec, but throwing an
              exception seems natural.
      
              * JavaScriptCore.exp:
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::compileInternal):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::disableEval):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::JSGlobalObject):
              (JSC::JSGlobalObject::isEvalEnabled):
      2011-04-29  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP script-src should block eval
              https://bugs.webkit.org/show_bug.cgi?id=59850
      
              Rather than have JavaScriptCore call back into WebCore to learn whether
              eval is enabled, we push that bit of the policy into JavaScriptCore.
      
              Tests: http/tests/security/contentSecurityPolicy/eval-allowed.html
                     http/tests/security/contentSecurityPolicy/eval-blocked.html
      
              * bindings/js/ScriptController.cpp:
              (WebCore::ScriptController::disableEval):
              * bindings/js/ScriptController.h:
              * page/ContentSecurityPolicy.cpp:
              (WebCore::ContentSecurityPolicy::didReceiveHeader):
              (WebCore::ContentSecurityPolicy::internalAllowEval):
              (WebCore::ContentSecurityPolicy::allowEval):
              * page/ContentSecurityPolicy.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85388 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      26a40f16
  13. 27 Apr, 2011 1 commit
  14. 22 Apr, 2011 2 commits
    • commit-queue@webkit.org's avatar
      2011-04-22 Sheriff Bot <webkit.review.bot@gmail.com> · 2dba4a48
      commit-queue@webkit.org authored
              Unreviewed, rolling out r84650 and r84654.
              http://trac.webkit.org/changeset/84650
              http://trac.webkit.org/changeset/84654
              https://bugs.webkit.org/show_bug.cgi?id=59218
      
              Broke Windows build (Requested by bweinstein on #webkit).
      
              * API/JSCallbackObjectFunctions.h:
              (JSC::::init):
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * heap/Handle.h:
              (JSC::HandleBase::operator!):
              (JSC::HandleBase::operator UnspecifiedBoolType*):
              (JSC::HandleTypes::getFromSlot):
              * heap/HandleHeap.cpp:
              (JSC::HandleHeap::markStrongHandles):
              (JSC::HandleHeap::markWeakHandles):
              (JSC::HandleHeap::finalizeWeakHandles):
              (JSC::HandleHeap::writeBarrier):
              (JSC::HandleHeap::protectedGlobalObjectCount):
              (JSC::HandleHeap::isValidWeakNode):
              * heap/HandleHeap.h:
              (JSC::HandleHeap::copyWeak):
              (JSC::HandleHeap::makeWeak):
              (JSC::HandleHeap::Node::slot):
              * heap/HandleStack.cpp:
              (JSC::HandleStack::mark):
              (JSC::HandleStack::grow):
              * heap/HandleStack.h:
              (JSC::HandleStack::zapTo):
              (JSC::HandleStack::push):
              * heap/Heap.cpp:
              (JSC::HandleHeap::protectedObjectTypeCounts):
              * heap/Local.h:
              (JSC::::set):
              * heap/Strong.h:
              (JSC::Strong::set):
              * heap/Weak.h:
              (JSC::Weak::set):
              * runtime/StructureTransitionTable.h:
              (JSC::StructureTransitionTable::singleTransition):
              (JSC::StructureTransitionTable::setSingleTransition):
              * runtime/WeakGCMap.h:
              (JSC::WeakGCMap::add):
              (JSC::WeakGCMap::set):
              * runtime/WriteBarrier.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84660 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2dba4a48
    • oliver@apple.com's avatar
      2011-04-22 Oliver Hunt <oliver@apple.com> · 4b66844e
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make it harder to use HandleSlot incorrectly
              https://bugs.webkit.org/show_bug.cgi?id=59205
      
              Just add a little type fudging to make it harder to
              incorrectly assign through a HandleSlot.
      
              * API/JSCallbackObjectFunctions.h:
              (JSC::::init):
              * JavaScriptCore.exp:
              * heap/Handle.h:
              (JSC::HandleBase::operator!):
              (JSC::HandleBase::operator UnspecifiedBoolType*):
              (JSC::HandleTypes::getFromSlot):
              * heap/HandleHeap.cpp:
              (JSC::HandleHeap::markStrongHandles):
              (JSC::HandleHeap::markWeakHandles):
              (JSC::HandleHeap::finalizeWeakHandles):
              (JSC::HandleHeap::writeBarrier):
              (JSC::HandleHeap::protectedGlobalObjectCount):
              (JSC::HandleHeap::isValidWeakNode):
              * heap/HandleHeap.h:
              (JSC::HandleHeap::copyWeak):
              (JSC::HandleHeap::makeWeak):
              (JSC::HandleHeap::Node::slot):
              * heap/HandleStack.cpp:
              (JSC::HandleStack::mark):
              (JSC::HandleStack::grow):
              * heap/HandleStack.h:
              (JSC::HandleStack::zapTo):
              (JSC::HandleStack::push):
              * heap/Heap.cpp:
              (JSC::HandleHeap::protectedObjectTypeCounts):
              * heap/Local.h:
              (JSC::::set):
              * heap/Strong.h:
              (JSC::Strong::set):
              * heap/Weak.h:
              (JSC::Weak::set):
              * runtime/StructureTransitionTable.h:
              (JSC::StructureTransitionTable::singleTransition):
              (JSC::StructureTransitionTable::setSingleTransition):
              * runtime/WeakGCMap.h:
              (JSC::WeakGCMap::add):
              (JSC::WeakGCMap::set):
              * runtime/WriteBarrier.h:
              (JSC::OpaqueJSValue::toJSValue):
              (JSC::OpaqueJSValue::toJSValueRef):
              (JSC::OpaqueJSValue::fromJSValue):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84650 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4b66844e
  15. 21 Apr, 2011 1 commit
    • oliver@apple.com's avatar
      2011-04-21 Oliver Hunt <oliver@apple.com> · 433d02f9
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObjectData::visitChildren):
              (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
              (JSC::JSCallbackObject::visitChildren):
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::visitStructures):
              (JSC::EvalCodeCache::visitAggregate):
              (JSC::CodeBlock::visitAggregate):
              * bytecode/CodeBlock.h:
              * bytecode/EvalCodeCache.h:
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::visitAggregate):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::visitAggregate):
              * bytecode/StructureStubInfo.h:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * debugger/DebuggerActivation.h:
              * heap/HandleHeap.cpp:
              (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
              (JSC::HandleHeap::markStrongHandles):
              (JSC::HandleHeap::markWeakHandles):
              * heap/HandleHeap.h:
              * heap/HandleStack.cpp:
              (JSC::HandleStack::mark):
              * heap/HandleStack.h:
              * heap/Heap.cpp:
              (JSC::Heap::markProtectedObjects):
              (JSC::Heap::markTempSortVectors):
              (JSC::Heap::markRoots):
              * heap/Heap.h:
              * heap/MarkStack.cpp:
              (JSC::MarkStack::visitChildren):
              (JSC::MarkStack::drain):
              * heap/MarkStack.h:
              (JSC::HeapRootVisitor::HeapRootVisitor):
              (JSC::HeapRootVisitor::mark):
              (JSC::HeapRootVisitor::visitor):
              * heap/MarkedSpace.h:
              * runtime/ArgList.cpp:
              (JSC::MarkedArgumentBuffer::markLists):
              * runtime/ArgList.h:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Arguments.h:
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::createStructure):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSActivation.h:
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSArray.h:
              (JSC::JSArray::visitDirect):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::visitChildren):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSFunction.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::visitIfNeeded):
              (JSC::JSGlobalObject::visitChildren):
              * runtime/JSGlobalObject.h:
              * runtime/JSONObject.cpp:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSObject.h:
              (JSC::JSObject::visitDirect):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::createStructure):
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSStaticScopeObject.h:
              * runtime/JSTypeInfo.h:
              (JSC::TypeInfo::TypeInfo):
              (JSC::TypeInfo::overridesVisitChildren):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/JSWrapperObject.h:
              * runtime/JSZombie.h:
              (JSC::JSZombie::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/NativeErrorConstructor.h:
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/RegExpObject.h:
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              * runtime/SmallStrings.cpp:
              (JSC::SmallStrings::visitChildren):
              * runtime/SmallStrings.h:
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::createStructure):
      2011-04-21  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * UserObjectImp.cpp:
              (UserObjectImp::visitChildren):
      2011-04-21  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioConstructor.cpp:
              (WebCore::constructAudio):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSDOMBinding.cpp:
              (WebCore::visitActiveObjectsForContext):
              (WebCore::markDOMObjectWrapper):
              * bindings/js/JSDOMBinding.h:
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              * bindings/js/JSDOMGlobalObject.h:
              * bindings/js/JSDOMImplementationCustom.cpp:
              (WebCore::JSDOMImplementation::visitChildren):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSDOMWindowShell.h:
              * bindings/js/JSDocumentCustom.cpp:
              (WebCore::JSDocument::visitChildren):
              * bindings/js/JSElementCustom.cpp:
              (WebCore::JSElement::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::markJSFunction):
              * bindings/js/JSEventListener.h:
              * bindings/js/JSHTMLCanvasElementCustom.cpp:
              (WebCore::JSHTMLCanvasElement::visitChildren):
              * bindings/js/JSHTMLLinkElementCustom.cpp:
              (WebCore::JSHTMLLinkElement::visitChildren):
              * bindings/js/JSHTMLStyleElementCustom.cpp:
              (WebCore::JSHTMLStyleElement::visitChildren):
              * bindings/js/JSImageConstructor.cpp:
              (WebCore::constructImage):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMapOwner::isReachableFromOpaqueRoots):
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNavigatorCustom.cpp:
              (WebCore::JSNavigator::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::isObservable):
              (WebCore::isReachableFromDOM):
              (WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeCustom.h:
              * bindings/js/JSNodeFilterCondition.cpp:
              (WebCore::JSNodeFilterCondition::WeakOwner::isReachableFromOpaqueRoots):
              * bindings/js/JSNodeFilterCondition.h:
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSNodeListCustom.cpp:
              (WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
              * bindings/js/JSProcessingInstructionCustom.cpp:
              (WebCore::JSProcessingInstruction::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWebKitAnimationListCustom.cpp:
              (WebCore::JSWebKitAnimationList::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
              (WebCore::JSXMLHttpRequestUpload::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/qt/qt_instance.cpp:
              (JSC::Bindings::QtRuntimeObject::visitChildren):
              (JSC::Bindings::QtInstance::markAggregate):
              * bridge/qt/qt_instance.h:
              * bridge/qt/qt_pixmapruntime.cpp:
              * bridge/qt/qt_runtime.cpp:
              (JSC::Bindings::QtRuntimeMetaMethod::visitChildren):
              * bridge/qt/qt_runtime.h:
              * dom/EventListener.h:
              (WebCore::EventListener::visitJSFunction):
              * dom/EventTarget.h:
              (WebCore::EventTarget::visitJSEventListeners):
              * dom/Node.h:
              * dom/NodeFilterCondition.h:
              (WebCore::NodeFilterCondition::visitAggregate):
              * page/DOMWindow.h:
              * workers/WorkerContext.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84556 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      433d02f9
  16. 15 Apr, 2011 4 commits
  17. 13 Apr, 2011 2 commits
    • oliver@apple.com's avatar
      2011-04-13 Oliver Hunt <oliver@apple.com> · bb8da910
      oliver@apple.com authored
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Additional structures are allocated beyond the expected threshold
              so we preflight the test to get them allocated.
      
              * fast/dom/gc-10.html:
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Turn Structure into a GC allocated object.  Most of this patch
              is the mechanical change of replacing variations on RefPtr<Structure>
              with either Structure* (for arguments and locals), WriteBarrier<Structure>
              for the few cases where Structures are held by GC allocated objects
              and Strong<Structure> for the root structure objects in GlobalData.
      
              * API/JSCallbackConstructor.cpp:
              (JSC::JSCallbackConstructor::JSCallbackConstructor):
              * API/JSCallbackConstructor.h:
              (JSC::JSCallbackConstructor::createStructure):
              * API/JSCallbackFunction.h:
              (JSC::JSCallbackFunction::createStructure):
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObject::createStructure):
              * API/JSCallbackObjectFunctions.h:
              (JSC::::JSCallbackObject):
              * API/JSContextRef.cpp:
              * JavaScriptCore.JSVALUE32_64only.exp:
              * JavaScriptCore.JSVALUE64only.exp:
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::~CodeBlock):
              (JSC::CodeBlock::markStructures):
              (JSC::CodeBlock::markAggregate):
              * bytecode/CodeBlock.h:
              (JSC::MethodCallLinkInfo::setSeen):
              (JSC::GlobalResolveInfo::GlobalResolveInfo):
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
              (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
              (JSC::PolymorphicAccessStructureList::markAggregate):
              (JSC::Instruction::Instruction):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::deref):
              (JSC::StructureStubInfo::markAggregate):
              * bytecode/StructureStubInfo.h:
              (JSC::StructureStubInfo::initGetByIdSelf):
              (JSC::StructureStubInfo::initGetByIdProto):
              (JSC::StructureStubInfo::initGetByIdChain):
              (JSC::StructureStubInfo::initPutByIdTransition):
              (JSC::StructureStubInfo::initPutByIdReplace):
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::DebuggerActivation):
              * debugger/DebuggerActivation.h:
              (JSC::DebuggerActivation::createStructure):
              * heap/Handle.h:
              * heap/MarkStack.cpp:
              (JSC::MarkStack::markChildren):
              (JSC::MarkStack::drain):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep):
              * heap/Strong.h:
              (JSC::Strong::Strong):
              (JSC::Strong::set):
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::resolveGlobal):
              (JSC::Interpreter::resolveGlobalDynamic):
              (JSC::Interpreter::tryCachePutByID):
              (JSC::Interpreter::uncachePutByID):
              (JSC::Interpreter::tryCacheGetByID):
              (JSC::Interpreter::uncacheGetByID):
              (JSC::Interpreter::privateExecute):
              * jit/JIT.h:
              * jit/JITPropertyAccess.cpp:
              (JSC::JIT::privateCompilePutByIdTransition):
              (JSC::JIT::patchMethodCallProto):
              (JSC::JIT::privateCompileGetByIdProto):
              (JSC::JIT::privateCompileGetByIdSelfList):
              (JSC::JIT::privateCompileGetByIdProtoList):
              (JSC::JIT::privateCompileGetByIdChainList):
              (JSC::JIT::privateCompileGetByIdChain):
              * jit/JITPropertyAccess32_64.cpp:
              (JSC::JIT::privateCompilePutByIdTransition):
              (JSC::JIT::patchMethodCallProto):
              (JSC::JIT::privateCompileGetByIdProto):
              (JSC::JIT::privateCompileGetByIdSelfList):
              (JSC::JIT::privateCompileGetByIdProtoList):
              (JSC::JIT::privateCompileGetByIdChainList):
              (JSC::JIT::privateCompileGetByIdChain):
              * jit/JITStubs.cpp:
              (JSC::JITThunks::tryCachePutByID):
              (JSC::JITThunks::tryCacheGetByID):
              (JSC::DEFINE_STUB_FUNCTION):
              (JSC::getPolymorphicAccessStructureListSlot):
              * jit/JSInterfaceJIT.h:
              (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
              * jsc.cpp:
              (cleanupGlobalData):
              * runtime/Arguments.h:
              (JSC::Arguments::createStructure):
              (JSC::Arguments::Arguments):
              (JSC::JSActivation::copyRegisters):
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              (JSC::constructArrayWithSizeQuirk):
              * runtime/ArrayConstructor.h:
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::ArrayPrototype):
              (JSC::arrayProtoFuncSplice):
              * runtime/ArrayPrototype.h:
              (JSC::ArrayPrototype::createStructure):
              * runtime/BatchedTransitionOptimizer.h:
              (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
              * runtime/BooleanConstructor.cpp:
              (JSC::BooleanConstructor::BooleanConstructor):
              * runtime/BooleanConstructor.h:
              * runtime/BooleanObject.cpp:
              (JSC::BooleanObject::BooleanObject):
              * runtime/BooleanObject.h:
              (JSC::BooleanObject::createStructure):
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              * runtime/BooleanPrototype.h:
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              * runtime/DateConstructor.h:
              * runtime/DateInstance.cpp:
              (JSC::DateInstance::DateInstance):
              * runtime/DateInstance.h:
              (JSC::DateInstance::createStructure):
              * runtime/DatePrototype.cpp:
              (JSC::DatePrototype::DatePrototype):
              * runtime/DatePrototype.h:
              (JSC::DatePrototype::createStructure):
              * runtime/Error.cpp:
              (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
              * runtime/ErrorConstructor.cpp:
              (JSC::ErrorConstructor::ErrorConstructor):
              * runtime/ErrorConstructor.h:
              * runtime/ErrorInstance.cpp:
              (JSC::ErrorInstance::ErrorInstance):
              (JSC::ErrorInstance::create):
              * runtime/ErrorInstance.h:
              (JSC::ErrorInstance::createStructure):
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              * runtime/ErrorPrototype.h:
              * runtime/ExceptionHelpers.cpp:
              (JSC::InterruptedExecutionError::InterruptedExecutionError):
              (JSC::TerminatedExecutionError::TerminatedExecutionError):
              * runtime/Executable.cpp:
              * runtime/Executable.h:
              (JSC::ExecutableBase::ExecutableBase):
              (JSC::ExecutableBase::createStructure):
              (JSC::NativeExecutable::createStructure):
              (JSC::NativeExecutable::NativeExecutable):
              (JSC::ScriptExecutable::ScriptExecutable):
              (JSC::EvalExecutable::createStructure):
              (JSC::ProgramExecutable::createStructure):
              (JSC::FunctionExecutable::createStructure):
              * runtime/FunctionConstructor.cpp:
              (JSC::FunctionConstructor::FunctionConstructor):
              * runtime/FunctionConstructor.h:
              * runtime/FunctionPrototype.cpp:
              (JSC::FunctionPrototype::FunctionPrototype):
              * runtime/FunctionPrototype.h:
              (JSC::FunctionPrototype::createStructure):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::GetterSetter):
              (JSC::GetterSetter::createStructure):
              * runtime/InitializeThreading.cpp:
              (JSC::initializeThreadingOnce):
              * runtime/InternalFunction.cpp:
              (JSC::InternalFunction::InternalFunction):
              * runtime/InternalFunction.h:
              (JSC::InternalFunction::createStructure):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::JSActivation):
              * runtime/JSActivation.h:
              (JSC::JSActivation::createStructure):
              * runtime/JSArray.cpp:
              (JSC::JSArray::JSArray):
              * runtime/JSArray.h:
              (JSC::JSArray::createStructure):
              * runtime/JSByteArray.cpp:
              (JSC::JSByteArray::JSByteArray):
              (JSC::JSByteArray::createStructure):
              * runtime/JSByteArray.h:
              (JSC::JSByteArray::JSByteArray):
              * runtime/JSCell.cpp:
              (JSC::isZombie):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::JSCell):
              (JSC::JSCell::JSCell::addressOfStructure):
              (JSC::JSCell::JSCell::structure):
              (JSC::JSCell::JSCell::markChildren):
              (JSC::JSCell::JSValue::isZombie):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::JSFunction):
              * runtime/JSFunction.h:
              (JSC::JSFunction::createStructure):
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::storeVPtrs):
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::clearBuiltinStructures):
              (JSC::JSGlobalData::createLeaked):
              * runtime/JSGlobalData.h:
              (JSC::allocateGlobalHandle):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              (JSC::JSGlobalObject::markChildren):
              (JSC::JSGlobalObject::copyGlobalsFrom):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::JSGlobalObject):
              (JSC::JSGlobalObject::createStructure):
              (JSC::Structure::prototypeChain):
              (JSC::Structure::isValid):
              (JSC::constructEmptyArray):
              * runtime/JSNotAnObject.h:
              (JSC::JSNotAnObject::JSNotAnObject):
              (JSC::JSNotAnObject::createStructure):
              * runtime/JSONObject.cpp:
              (JSC::JSONObject::JSONObject):
              * runtime/JSONObject.h:
              (JSC::JSONObject::createStructure):
              * runtime/JSObject.cpp:
              (JSC::JSObject::defineGetter):
              (JSC::JSObject::defineSetter):
              (JSC::JSObject::seal):
              (JSC::JSObject::freeze):
              (JSC::JSObject::preventExtensions):
              (JSC::JSObject::removeDirect):
              (JSC::JSObject::createInheritorID):
              * runtime/JSObject.h:
              (JSC::JSObject::createStructure):
              (JSC::JSObject::JSObject):
              (JSC::JSNonFinalObject::createStructure):
              (JSC::JSNonFinalObject::JSNonFinalObject):
              (JSC::JSFinalObject::create):
              (JSC::JSFinalObject::createStructure):
              (JSC::JSFinalObject::JSFinalObject):
              (JSC::constructEmptyObject):
              (JSC::createEmptyObjectStructure):
              (JSC::JSObject::~JSObject):
              (JSC::JSObject::setPrototype):
              (JSC::JSObject::setStructure):
              (JSC::JSObject::inheritorID):
              (JSC::JSObject::putDirectInternal):
              (JSC::JSObject::transitionTo):
              (JSC::JSObject::markChildrenDirect):
              * runtime/JSObjectWithGlobalObject.cpp:
              (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
              * runtime/JSObjectWithGlobalObject.h:
              (JSC::JSObjectWithGlobalObject::createStructure):
              (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
              (JSC::JSPropertyNameIterator::create):
              (JSC::JSPropertyNameIterator::get):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::createStructure):
              (JSC::JSPropertyNameIterator::setCachedStructure):
              (JSC::Structure::setEnumerationCache):
              * runtime/JSStaticScopeObject.h:
              (JSC::JSStaticScopeObject::JSStaticScopeObject):
              (JSC::JSStaticScopeObject::createStructure):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              (JSC::RopeBuilder::createStructure):
              * runtime/JSType.h:
              * runtime/JSTypeInfo.h:
              (JSC::TypeInfo::TypeInfo):
              * runtime/JSValue.h:
              * runtime/JSVariableObject.h:
              (JSC::JSVariableObject::createStructure):
              (JSC::JSVariableObject::JSVariableObject):
              (JSC::JSVariableObject::copyRegisterArray):
              * runtime/JSWrapperObject.h:
              (JSC::JSWrapperObject::createStructure):
              (JSC::JSWrapperObject::JSWrapperObject):
              * runtime/JSZombie.cpp:
              * runtime/JSZombie.h:
              (JSC::JSZombie::JSZombie):
              (JSC::JSZombie::createStructure):
              * runtime/MathObject.cpp:
              (JSC::MathObject::MathObject):
              * runtime/MathObject.h:
              (JSC::MathObject::createStructure):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::NativeErrorConstructor):
              (JSC::NativeErrorConstructor::markChildren):
              * runtime/NativeErrorConstructor.h:
              (JSC::NativeErrorConstructor::createStructure):
              * runtime/NativeErrorPrototype.cpp:
              (JSC::NativeErrorPrototype::NativeErrorPrototype):
              * runtime/NativeErrorPrototype.h:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::NumberConstructor):
              * runtime/NumberConstructor.h:
              (JSC::NumberConstructor::createStructure):
              * runtime/NumberObject.cpp:
              (JSC::NumberObject::NumberObject):
              * runtime/NumberObject.h:
              (JSC::NumberObject::createStructure):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              * runtime/NumberPrototype.h:
              * runtime/ObjectConstructor.cpp:
              (JSC::ObjectConstructor::ObjectConstructor):
              * runtime/ObjectConstructor.h:
              (JSC::ObjectConstructor::createStructure):
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              * runtime/ObjectPrototype.h:
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyTable::PropertyTable):
              * runtime/RegExpConstructor.cpp:
              (JSC::RegExpConstructor::RegExpConstructor):
              (JSC::RegExpMatchesArray::RegExpMatchesArray):
              * runtime/RegExpConstructor.h:
              (JSC::RegExpConstructor::createStructure):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::RegExpObject):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::createStructure):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              * runtime/RegExpPrototype.h:
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              (JSC::ScopeChainNode::createStructure):
              * runtime/StrictEvalActivation.cpp:
              (JSC::StrictEvalActivation::StrictEvalActivation):
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              * runtime/StringConstructor.h:
              * runtime/StringObject.cpp:
              (JSC::StringObject::StringObject):
              * runtime/StringObject.h:
              (JSC::StringObject::createStructure):
              * runtime/StringObjectThatMasqueradesAsUndefined.h:
              (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
              (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
              * runtime/StringPrototype.cpp:
              (JSC::StringPrototype::StringPrototype):
              * runtime/StringPrototype.h:
              (JSC::StringPrototype::createStructure):
              * runtime/Structure.cpp:
              (JSC::StructureTransitionTable::remove):
              (JSC::StructureTransitionTable::add):
              (JSC::Structure::Structure):
              (JSC::Structure::~Structure):
              (JSC::Structure::materializePropertyMap):
              (JSC::Structure::addPropertyTransitionToExistingStructure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::removePropertyTransition):
              (JSC::Structure::changePrototypeTransition):
              (JSC::Structure::despecifyFunctionTransition):
              (JSC::Structure::getterSetterTransition):
              (JSC::Structure::toDictionaryTransition):
              (JSC::Structure::toCacheableDictionaryTransition):
              (JSC::Structure::toUncacheableDictionaryTransition):
              (JSC::Structure::sealTransition):
              (JSC::Structure::freezeTransition):
              (JSC::Structure::preventExtensionsTransition):
              (JSC::Structure::flattenDictionaryStructure):
              (JSC::Structure::copyPropertyTable):
              (JSC::Structure::put):
              (JSC::Structure::markChildren):
              * runtime/Structure.h:
              (JSC::Structure::create):
              (JSC::Structure::setPrototypeWithoutTransition):
              (JSC::Structure::createStructure):
              (JSC::JSCell::createDummyStructure):
              (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::StructureChain):
              (JSC::StructureChain::markChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::create):
              (JSC::StructureChain::head):
              (JSC::StructureChain::createStructure):
              * runtime/StructureTransitionTable.h:
              (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
              (JSC::StructureTransitionTable::~StructureTransitionTable):
              (JSC::StructureTransitionTable::slot):
              (JSC::StructureTransitionTable::setMap):
              (JSC::StructureTransitionTable::singleTransition):
              (JSC::StructureTransitionTable::clearSingleTransition):
              (JSC::StructureTransitionTable::setSingleTransition):
              * runtime/WeakGCMap.h:
              (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
              (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
              (JSC::WeakGCMap::contains):
              (JSC::WeakGCMap::find):
              (JSC::WeakGCMap::remove):
              (JSC::WeakGCMap::add):
              (JSC::WeakGCMap::set):
              (JSC::WeakGCMap::finalize):
              * runtime/WriteBarrier.h:
              (JSC::writeBarrier):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::setWithoutWriteBarrier):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Fix up JSG to correctly mark Structure, et al.
      
              * JSRun.cpp:
              (JSGlueGlobalObject::JSGlueGlobalObject):
              * JSRun.h:
              * JSUtils.cpp:
              (JSObjectKJSValue):
              * UserObjectImp.cpp:
              (UserObjectImp::UserObjectImp):
              * UserObjectImp.h:
              (UserObjectImp::createStructure):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WebCore for Structure being a GC allocated object
      
              * WebCore.exp.in:
              * bindings/js/JSAudioConstructor.h:
              (WebCore::JSAudioConstructor::createStructure):
              * bindings/js/JSDOMBinding.cpp:
              (WebCore::cacheDOMStructure):
              * bindings/js/JSDOMBinding.h:
              (WebCore::DOMObjectWithGlobalPointer::createStructure):
              (WebCore::DOMObjectWithGlobalPointer::DOMObjectWithGlobalPointer):
              (WebCore::DOMConstructorObject::createStructure):
              (WebCore::DOMConstructorObject::DOMConstructorObject):
              (WebCore::DOMConstructorWithDocument::DOMConstructorWithDocument):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
              (WebCore::JSDOMGlobalObject::markChildren):
              * bindings/js/JSDOMGlobalObject.h:
              (WebCore::JSDOMGlobalObject::createStructure):
              * bindings/js/JSDOMWindowBase.cpp:
              (WebCore::JSDOMWindowBase::JSDOMWindowBase):
              * bindings/js/JSDOMWindowBase.h:
              (WebCore::JSDOMWindowBase::createStructure):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::JSDOMWindowShell):
              (WebCore::JSDOMWindowShell::setWindow):
              * bindings/js/JSDOMWindowShell.h:
              (WebCore::JSDOMWindowShell::createStructure):
              * bindings/js/JSDOMWrapper.h:
              (WebCore::DOMObject::DOMObject):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSImageConstructor.h:
              (WebCore::JSImageConstructor::createStructure):
              * bindings/js/JSImageDataCustom.cpp:
              (WebCore::toJS):
              * bindings/js/JSOptionConstructor.h:
              (WebCore::JSOptionConstructor::createStructure):
              * bindings/js/JSWorkerContextBase.cpp:
              (WebCore::JSWorkerContextBase::JSWorkerContextBase):
              * bindings/js/JSWorkerContextBase.h:
              (WebCore::JSWorkerContextBase::createStructure):
              * bindings/js/ScriptCachedFrameData.h:
              * bindings/js/SerializedScriptValue.h:
              * bindings/js/WorkerScriptController.cpp:
              (WebCore::WorkerScriptController::initScript):
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/c/CRuntimeObject.h:
              (JSC::Bindings::CRuntimeObject::createStructure):
              * bridge/c/c_instance.cpp:
              (JSC::Bindings::CRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaInstanceJSC.cpp:
              (JavaRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaRuntimeObject.h:
              (JSC::Bindings::JavaRuntimeObject::createStructure):
              * bridge/objc/ObjCRuntimeObject.h:
              (JSC::Bindings::ObjCRuntimeObject::createStructure):
              * bridge/objc/objc_instance.mm:
              (ObjCRuntimeMethod::createStructure):
              * bridge/objc/objc_runtime.h:
              (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
              * bridge/runtime_array.cpp:
              (JSC::RuntimeArray::RuntimeArray):
              * bridge/runtime_array.h:
              (JSC::RuntimeArray::createStructure):
              * bridge/runtime_method.cpp:
              (JSC::RuntimeMethod::RuntimeMethod):
              * bridge/runtime_method.h:
              (JSC::RuntimeMethod::createStructure):
              * bridge/runtime_object.cpp:
              (JSC::Bindings::RuntimeObject::RuntimeObject):
              * bridge/runtime_object.h:
              (JSC::Bindings::RuntimeObject::createStructure):
              * history/HistoryItem.h:
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WebKit for the world of GC allocated Structure
      
              * Plugins/Hosted/NetscapePluginInstanceProxy.h:
              * Plugins/Hosted/ProxyInstance.mm:
              (WebKit::ProxyRuntimeMethod::createStructure):
              * Plugins/Hosted/ProxyRuntimeObject.h:
              (WebKit::ProxyRuntimeObject::createStructure):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WK2 for the world of GC allocated Structure
      
              * WebProcess/Plugins/Netscape/JSNPMethod.h:
              (WebKit::JSNPMethod::createStructure):
              * WebProcess/Plugins/Netscape/JSNPObject.h:
              (WebKit::JSNPObject::createStructure):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83808 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bb8da910
    • oliver@apple.com's avatar
      2011-04-13 Oliver Hunt <oliver@apple.com> · af134a79
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Make PropertyMapEntry use a WriteBarrier for specificValue
              https://bugs.webkit.org/show_bug.cgi?id=58407
      
              Make PropertyMapEntry use a WriteBarrier for specificValue, and then
              propagate the required JSGlobalData through all the methods it ends
              up being needed.
      
              * API/JSClassRef.cpp:
              (OpaqueJSClass::prototype):
              * API/JSContextRef.cpp:
              * API/JSObjectRef.cpp:
              (JSObjectMake):
              (JSObjectSetPrototype):
              * JavaScriptCore.exp:
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::BytecodeGenerator):
              * interpreter/Interpreter.cpp:
              (JSC::appendSourceToError):
              (JSC::Interpreter::tryCacheGetByID):
              (JSC::Interpreter::privateExecute):
              * jit/JITStubs.cpp:
              (JSC::JITThunks::tryCacheGetByID):
              (JSC::DEFINE_STUB_FUNCTION):
              * runtime/BatchedTransitionOptimizer.h:
              (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
              * runtime/InternalFunction.cpp:
              (JSC::InternalFunction::name):
              (JSC::InternalFunction::displayName):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::getOwnPropertySlot):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::name):
              (JSC::JSFunction::displayName):
              (JSC::JSFunction::getOwnPropertySlot):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::putWithAttributes):
              (JSC::JSGlobalObject::reset):
              (JSC::JSGlobalObject::resetPrototype):
              * runtime/JSGlobalObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::put):
              (JSC::JSObject::deleteProperty):
              (JSC::JSObject::defineGetter):
              (JSC::JSObject::defineSetter):
              (JSC::JSObject::lookupGetter):
              (JSC::JSObject::lookupSetter):
              (JSC::JSObject::getPropertySpecificValue):
              (JSC::JSObject::getOwnPropertyNames):
              (JSC::JSObject::seal):
              (JSC::JSObject::freeze):
              (JSC::JSObject::preventExtensions):
              (JSC::JSObject::removeDirect):
              (JSC::JSObject::getOwnPropertyDescriptor):
              (JSC::JSObject::defineOwnProperty):
              * runtime/JSObject.h:
              (JSC::JSObject::getDirect):
              (JSC::JSObject::getDirectLocation):
              (JSC::JSObject::isSealed):
              (JSC::JSObject::isFrozen):
              (JSC::JSObject::setPrototypeWithCycleCheck):
              (JSC::JSObject::setPrototype):
              (JSC::JSObject::inlineGetOwnPropertySlot):
              (JSC::JSObject::putDirectInternal):
              (JSC::JSObject::putDirectWithoutTransition):
              (JSC::JSObject::putDirectFunctionWithoutTransition):
              * runtime/Lookup.cpp:
              (JSC::setUpStaticFunctionSlot):
              * runtime/ObjectConstructor.cpp:
              (JSC::objectConstructorCreate):
              (JSC::objectConstructorSeal):
              (JSC::objectConstructorFreeze):
              (JSC::objectConstructorPreventExtensions):
              (JSC::objectConstructorIsSealed):
              (JSC::objectConstructorIsFrozen):
              * runtime/Operations.h:
              (JSC::normalizePrototypeChain):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              (JSC::PropertyTable::PropertyTable):
              (JSC::PropertyTable::copy):
              * runtime/Structure.cpp:
              (JSC::Structure::materializePropertyMap):
              (JSC::Structure::despecifyDictionaryFunction):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::removePropertyTransition):
              (JSC::Structure::changePrototypeTransition):
              (JSC::Structure::despecifyFunctionTransition):
              (JSC::Structure::getterSetterTransition):
              (JSC::Structure::toDictionaryTransition):
              (JSC::Structure::toCacheableDictionaryTransition):
              (JSC::Structure::toUncacheableDictionaryTransition):
              (JSC::Structure::sealTransition):
              (JSC::Structure::freezeTransition):
              (JSC::Structure::preventExtensionsTransition):
              (JSC::Structure::isSealed):
              (JSC::Structure::isFrozen):
              (JSC::Structure::addPropertyWithoutTransition):
              (JSC::Structure::removePropertyWithoutTransition):
              (JSC::Structure::copyPropertyTable):
              (JSC::Structure::get):
              (JSC::Structure::despecifyFunction):
              (JSC::Structure::despecifyAllFunctions):
              (JSC::Structure::put):
              (JSC::Structure::getPropertyNames):
              * runtime/Structure.h:
              (JSC::Structure::get):
              (JSC::Structure::materializePropertyMapIfNecessary):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Gavin Barraclough.
      
              Make PropertyMapEntry use a WriteBarrier for specificValue
              https://bugs.webkit.org/show_bug.cgi?id=58407
      
              Pass JSGlobalData reference on to APIs that now need them
      
              * bindings/js/JSDOMWindowShell.h:
              (WebCore::JSDOMWindowShell::setWindow):
              * bindings/js/JSHTMLDocumentCustom.cpp:
              (WebCore::JSHTMLDocument::all):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      af134a79
  18. 11 Apr, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 58198 - Clean up JSValue implementation for JSVALUE64 · c6441e68
      barraclough@apple.com authored
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64
      
      JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64,
      which should not have been here.  JSImmediate mostly contained uncalled methods,
      along with the internal implementation of the JSValue constructors split unnecessarily
      across a number of layers of function calls. These could largely be merged back
      together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified.
      
      The .cpp files were empty.
      
      Moving all these methods into JSValue.h seems to be a repro measurable regression, so
      I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag
      values as static const members of JSValue also measures as a repro regression, so I
      have made these #defines.
      
      * Android.mk:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.gypi:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
          - Removed JSImmediate.h, JSNumberCell.h.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitLoad):
          - Removed class JSImmediate.
      * dfg/DFGNonSpeculativeJIT.cpp:
      (JSC::DFG::NonSpeculativeJIT::compile):
          - Removed class JSImmediate.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
          - Removed class JSImmediate.
      * jit/JITArithmetic.cpp:
      (JSC::JIT::compileBinaryArithOpSlowCase):
          - Removed class JSImmediate.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitJumpIfJSCell):
      (JSC::JIT::emitJumpIfNotJSCell):
      (JSC::JIT::emitJumpIfImmediateInteger):
      (JSC::JIT::emitJumpIfNotImmediateInteger):
      (JSC::JIT::emitFastArithDeTagImmediate):
      (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
      (JSC::JIT::emitFastArithReTagImmediate):
      (JSC::JIT::emitTagAsBoolImmediate):
          - Removed class JSImmediate.
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_not):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      (JSC::JIT::emitSlow_op_not):
          - Removed class JSImmediate.
      * jit/JSInterfaceJIT.h:
          - Removed class JSImmediate.
      * runtime/JSCell.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * runtime/JSImmediate.cpp: Removed.
      * runtime/JSImmediate.h: Removed.
      * runtime/JSNumberCell.cpp: Removed.
      * runtime/JSNumberCell.h: Removed.
          - Removed.
      * runtime/JSObject.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * runtime/JSString.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * runtime/JSValue.h:
          - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64.
      * runtime/JSValueInlineMethods.h: Added.
      (JSC::JSValue::toInt32):
      (JSC::JSValue::toUInt32):
      (JSC::JSValue::isUInt32):
      (JSC::JSValue::asUInt32):
      (JSC::JSValue::uncheckedGetNumber):
      (JSC::JSValue::toJSNumber):
      (JSC::jsNaN):
      (JSC::JSValue::getNumber):
      (JSC::JSValue::getBoolean):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::encode):
      (JSC::JSValue::decode):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::JSValue::isUndefined):
      (JSC::JSValue::isNull):
      (JSC::JSValue::isUndefinedOrNull):
      (JSC::JSValue::isCell):
      (JSC::JSValue::isInt32):
      (JSC::JSValue::isDouble):
      (JSC::JSValue::isTrue):
      (JSC::JSValue::isFalse):
      (JSC::JSValue::tag):
      (JSC::JSValue::payload):
      (JSC::JSValue::asInt32):
      (JSC::JSValue::asDouble):
      (JSC::JSValue::asCell):
      (JSC::JSValue::isNumber):
      (JSC::JSValue::isBoolean):
      (JSC::JSValue::makeImmediate):
      (JSC::JSValue::immediateValue):
      (JSC::reinterpretDoubleToIntptr):
      (JSC::reinterpretIntptrToDouble):
          - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h.
      * runtime/Operations.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * wtf/StdLibExtras.h:
          - Export bitwise_cast.
      
      Source/WebCore: 
      
      JSNumberCell.h has been deprecated.
      
      * ForwardingHeaders/runtime/JSNumberCell.h: Removed.
      * bindings/scripts/CodeGeneratorJS.pm:
      * bridge/c/c_instance.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83459 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6441e68
  19. 10 Apr, 2011 1 commit
  20. 05 Apr, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-04-05 Geoffrey Garen <ggaren@apple.com> · 21ef0ea6
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Introduced the concept of opaque roots, in preparation for marking the DOM with them
              https://bugs.webkit.org/show_bug.cgi?id=57903
      
              * JavaScriptCore.exp: Who likes export files? I do!
      
              * collector/handles/HandleHeap.cpp:
              (JSC::isValidWeakHandle): Factored out a helper function for ASSERTs.
      
              (JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid
              weak linkage problems.
      
              (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback.
              Currently unused.
      
              (JSC::WeakHandleOwner::finalize): Switched from pure virtual to a
              default empty implementation, since not all clients necessarily want
              or need non-trivial finalizers.
      
              (JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two
              passes. The first pass marks all reachable weak handles. The second pass
              finalizes all unreachable weak handles. This must be two passes because
              we don't know the set of finalizable weak handles until we're done
              marking all weak handles.
      
              (JSC::HandleHeap::finalizeWeakHandles): Use new helper function.
      
              * collector/handles/HandleHeap.h: Ditto.
      
              * runtime/Heap.cpp: 
              (JSC::Heap::destroy):
              (JSC::Heap::markRoots):
              (JSC::Heap::reset): Split out handle marking from handle finalization.
      
              * runtime/MarkStack.cpp:
              (JSC::MarkStack::reset):
              * runtime/MarkStack.h:
              (JSC::MarkStack::addOpaqueRoot):
              (JSC::MarkStack::containsOpaqueRoot):
              (JSC::MarkStack::opaqueRootCount):
              (JSC::HeapRootMarker::markStack): New helper functions for managing the
              set of opaque roots.
      
              * runtime/WeakGCMap.h:
              (JSC::WeakGCMap::finalize): Renamed to match parent class declaration.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83011 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      21ef0ea6
  21. 04 Apr, 2011 3 commits
    • commit-queue@webkit.org's avatar
      2011-04-04 Sheriff Bot <webkit.review.bot@gmail.com> · 606d6913
      commit-queue@webkit.org authored
              Unreviewed, rolling out r82876.
              http://trac.webkit.org/changeset/82876
              https://bugs.webkit.org/show_bug.cgi?id=57816
      
              Caused a lot of test crashes (Requested by tkent on #webkit).
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * wtf/FastMalloc.cpp:
              (WTF::tryFastMalloc):
              (WTF::fastMalloc):
              (WTF::tryFastCalloc):
              (WTF::fastCalloc):
              (WTF::fastFree):
              (WTF::tryFastRealloc):
              (WTF::fastRealloc):
              (WTF::fastMallocSize):
              (WTF::TCMalloc_PageHeap::isScavengerSuspended):
              (WTF::TCMalloc_PageHeap::scheduleScavenger):
              (WTF::TCMalloc_PageHeap::suspendScavenger):
              (WTF::TCMalloc_PageHeap::signalScavenger):
              (WTF::TCMallocStats::malloc):
              (WTF::TCMallocStats::free):
              (WTF::TCMallocStats::fastCalloc):
              (WTF::TCMallocStats::tryFastCalloc):
              (WTF::TCMallocStats::calloc):
              (WTF::TCMallocStats::fastRealloc):
              (WTF::TCMallocStats::tryFastRealloc):
              (WTF::TCMallocStats::realloc):
              (WTF::TCMallocStats::fastMallocSize):
              * wtf/FastMalloc.h:
              (WTF::Internal::fastMallocMatchValidationType):
              (WTF::Internal::fastMallocMatchValidationValue):
              (WTF::Internal::setFastMallocMatchValidationType):
              (WTF::fastMallocMatchValidateFree):
              * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82905 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      606d6913
    • oliver@apple.com's avatar
      2011-04-04 Oliver Hunt <oliver@apple.com> · 0e5b03cf
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make malloc validation useful
              https://bugs.webkit.org/show_bug.cgi?id=57502
      
              This patch changes FAST_MALLOC_MATCH_VALIDATION with a general
              corruption check that tags the beginning and end of all allocations
              to check for write overflows and overwrites the contents of
              memory on free in order to (hopefully) show up use-after-free issues
              sooner.
      
              We also turn it on by default for debug builds.
      
              * JavaScriptCore.exp:
              * wtf/FastMalloc.cpp:
              (WTF::tryFastMalloc):
              (WTF::fastMalloc):
              (WTF::tryFastCalloc):
              (WTF::fastCalloc):
              (WTF::fastFree):
              (WTF::tryFastRealloc):
              (WTF::fastRealloc):
              (WTF::TCMalloc_PageHeap::isScavengerSuspended):
              (WTF::TCMalloc_PageHeap::scheduleScavenger):
              (WTF::TCMalloc_PageHeap::suspendScavenger):
              (WTF::TCMalloc_PageHeap::signalScavenger):
              (WTF::TCMallocStats::malloc):
              (WTF::TCMallocStats::free):
              (WTF::TCMallocStats::fastCalloc):
              (WTF::TCMallocStats::tryFastCalloc):
              (WTF::TCMallocStats::calloc):
              (WTF::TCMallocStats::fastRealloc):
              (WTF::TCMallocStats::tryFastRealloc):
              (WTF::TCMallocStats::realloc):
              * wtf/FastMalloc.h:
              (WTF::Internal::fastMallocValidationHeader):
              (WTF::Internal::fastMallocValidationSuffix):
              (WTF::Internal::fastMallocMatchValidationType):
              (WTF::Internal::setFastMallocMatchValidationType):
              (WTF::fastMallocMatchValidateFree):
              (WTF::fastMallocValidate):
              * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82876 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e5b03cf
    • oliver@apple.com's avatar
      2011-04-01 Oliver Hunt <oliver@apple.com> · 59144210
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make StructureChain GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=56695
      
              Make StructureChain GC allocated, and make the various owners
              mark it correctly.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::dump):
              (JSC::CodeBlock::derefStructures):
              (JSC::CodeBlock::refStructures):
              (JSC::CodeBlock::markAggregate):
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
              (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
              (JSC::PolymorphicAccessStructureList::derefStructures):
              (JSC::PolymorphicAccessStructureList::markAggregate):
              (JSC::Instruction::Instruction):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::deref):
              (JSC::StructureStubInfo::markAggregate):
              * bytecode/StructureStubInfo.h:
              (JSC::StructureStubInfo::initGetByIdChain):
              (JSC::StructureStubInfo::initPutByIdTransition):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
              * collector/handles/Handle.h:
              (JSC::HandleConverter::operator->):
              (JSC::HandleConverter::operator*):
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::privateExecute):
              * jit/JITOpcodes.cpp:
              (JSC::JIT::emit_op_jneq_ptr):
              * jit/JITOpcodes32_64.cpp:
              (JSC::JIT::emit_op_jneq_ptr):
              * jit/JITPropertyAccess.cpp:
              (JSC::JIT::privateCompileGetByIdChainList):
              * jit/JITPropertyAccess32_64.cpp:
              (JSC::JIT::privateCompileGetByIdChainList):
              * jit/JITStubs.cpp:
              (JSC::JITThunks::tryCachePutByID):
              (JSC::JITThunks::tryCacheGetByID):
              (JSC::getPolymorphicAccessStructureListSlot):
              (JSC::DEFINE_STUB_FUNCTION):
              * runtime/JSCell.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::markIfNeeded):
              * runtime/JSGlobalObject.h:
              (JSC::Structure::prototypeChain):
              * runtime/JSObject.h:
              (JSC::JSObject::putDirectInternal):
              (JSC::JSObject::markChildrenDirect):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::create):
              (JSC::JSPropertyNameIterator::get):
              (JSC::JSPropertyNameIterator::markChildren):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
              * runtime/JSZombie.cpp:
              (JSC::JSZombie::leakedZombieStructure):
              * runtime/JSZombie.h:
              * runtime/MarkStack.h:
              (JSC::MarkStack::append):
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::sweep):
              * runtime/Structure.cpp:
              (JSC::Structure::addPropertyTransition):
              * runtime/Structure.h:
              (JSC::Structure::markAggregate):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::StructureChain):
              (JSC::StructureChain::~StructureChain):
              (JSC::StructureChain::markChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::create):
              (JSC::StructureChain::createStructure):
              * runtime/WriteBarrier.h:
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
      2011-04-01  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make StructureChain GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=56695
      
              Update for new Structure marking function
      
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::markChildren):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82849 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      59144210
  22. 28 Mar, 2011 1 commit
    • oliver@apple.com's avatar
      2011-03-28 Oliver Hunt <oliver@apple.com> · 3b6dc575
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              instanceof Array test fails when using iframes
              https://bugs.webkit.org/show_bug.cgi?id=17250
      
              Add test cases for correct behaviour
      
              * fast/js/js-constructors-use-correct-global-expected.txt: Added.
              * fast/js/js-constructors-use-correct-global.html: Added.
              * fast/js/resources/js-constructors-use-correct-global.js: Added.
      2011-03-28  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              instanceof Array test fails when using iframes
              https://bugs.webkit.org/show_bug.cgi?id=17250
      
              This is a problem with all built in constructors, the use of
              lexicalGlobalObject rather than the constructors own
              global object reference means that a builtin will always use
              the prototype from the lexical global object rather than that
              of the constructors origin.
      
              * API/JSObjectRef.cpp:
              (JSObjectMakeFunction):
              (JSObjectMakeRegExp):
              * JavaScriptCore.exp:
              * runtime/ArrayConstructor.cpp:
              (JSC::constructArrayWithSizeQuirk):
              * runtime/BooleanConstructor.cpp:
              (JSC::constructBoolean):
              (JSC::constructBooleanFromImmediateBoolean):
              * runtime/BooleanConstructor.h:
              * runtime/DateConstructor.cpp:
              (JSC::constructDate):
              * runtime/DateInstance.cpp:
              * runtime/DateInstance.h:
              * runtime/ErrorConstructor.cpp:
              (JSC::constructWithErrorConstructor):
              (JSC::callErrorConstructor):
              * runtime/FunctionConstructor.cpp:
              (JSC::constructWithFunctionConstructor):
              (JSC::callFunctionConstructor):
              (JSC::constructFunction):
              * runtime/FunctionConstructor.h:
              * runtime/JSCell.cpp:
              (JSC::JSCell::getOwnPropertySlot):
              (JSC::JSCell::put):
              (JSC::JSCell::deleteProperty):
              (JSC::JSCell::toThisObject):
              (JSC::JSCell::toObject):
              * runtime/JSCell.h:
              (JSC::JSCell::JSValue::toObject):
              * runtime/JSNotAnObject.cpp:
              (JSC::JSNotAnObject::toObject):
              * runtime/JSNotAnObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::toObject):
              * runtime/JSObject.h:
              * runtime/JSString.cpp:
              (JSC::StringObject::create):
              (JSC::JSString::toObject):
              (JSC::JSString::toThisObject):
              * runtime/JSString.h:
              * runtime/JSValue.cpp:
              (JSC::JSValue::toObjectSlowCase):
              (JSC::JSValue::toThisObjectSlowCase):
              (JSC::JSValue::synthesizeObject):
              * runtime/JSValue.h:
              * runtime/NumberConstructor.cpp:
              (JSC::constructWithNumberConstructor):
              * runtime/NumberObject.cpp:
              (JSC::constructNumber):
              * runtime/NumberObject.h:
              * runtime/ObjectConstructor.cpp:
              (JSC::constructObject):
              (JSC::constructWithObjectConstructor):
              (JSC::callObjectConstructor):
              * runtime/RegExpConstructor.cpp:
              (JSC::constructRegExp):
              (JSC::constructWithRegExpConstructor):
              (JSC::callRegExpConstructor):
              * runtime/RegExpConstructor.h:
              * runtime/StringConstructor.cpp:
              (JSC::constructWithStringConstructor):
              * runtime/StringObject.h:
      2011-03-25  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              instanceof Array test fails when using iframes
              https://bugs.webkit.org/show_bug.cgi?id=17250
      
              Up date for new toObject api
      
              * UserObjectImp.cpp:
              (UserObjectImp::toPrimitive):
              (UserObjectImp::toBoolean):
              (UserObjectImp::toNumber):
              (UserObjectImp::toString):
      2011-03-28  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              instanceof Array test fails when using iframes
              https://bugs.webkit.org/show_bug.cgi?id=17250
      
              Update for new function and date apis
      
              Test: fast/js/js-constructors-use-correct-global.html
      
              * WebCore.xcodeproj/project.pbxproj:
              * bindings/js/JSDOMBinding.cpp:
              (WebCore::jsDateOrNull):
              * bindings/js/JSLazyEventListener.cpp:
              (WebCore::JSLazyEventListener::initializeJSFunction):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82173 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3b6dc575
  23. 25 Mar, 2011 2 commits
    • ddkilzer@apple.com's avatar
      Remove duplicate entry from JavaScriptCore.exp · fede50dd
      ddkilzer@apple.com authored
      JSC::createStackOverflowError(JSC::ExecState*) was originally
      exported in r60057, then duplicated in r60392.
      
      * JavaScriptCore.exp: Removed duplicate entry.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81969 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fede50dd
    • zimmermann@webkit.org's avatar
      2011-03-24 Nikolas Zimmermann <nzimmermann@rim.com> · 2fd3903b
      zimmermann@webkit.org authored
              Reviewed by Darin Adler.
      
              Introduce WTF HexNumber.h
              https://bugs.webkit.org/show_bug.cgi?id=56099
      
              Introduce a set of functions that ease converting from a bye or a number to a hex string,
              replacing several of these conversions and String::format("%x") usages all over WebCore.
      
              * GNUmakefile.am: Add HexNumber.h to build.
              * JavaScriptCore.exp: Export StringBuilder::reserveCapacity.
              * JavaScriptCore.gypi: Add HexNumber.h to build.
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity.
              * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build.
              * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
              * wtf/CMakeLists.txt: Ditto.
              * wtf/HexNumber.h: Added.
              (WTF::Internal::hexDigitsForMode): Internal helper.
              (WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination.
              (WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..'
              (WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination.
      2011-03-24  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              Introduce WTF HexNumber.h
              https://bugs.webkit.org/show_bug.cgi?id=56099
      
              Introduce a set of functions that ease converting from a bye or a number to a hex string,
              replacing several of these conversions and String::format("%x") usages all over WebCore.
      
              * ForwardingHeaders/wtf/HexNumber.h: Added.
              * css/CSSOMUtils.cpp:
              (WebCore::serializeCharacterAsCodePoint):
              * css/CSSParser.cpp:
              (WebCore::quoteCSSString):
              * inspector/InspectorResourceAgent.cpp:
              (WebCore::createReadableStringFromBinary):
              * platform/FileSystem.cpp:
              (WebCore::encodeForFileName):
              * platform/KURL.cpp:
              (WebCore::appendEscapedChar):
              * platform/UUID.cpp:
              (WebCore::createCanonicalUUIDString):
              * platform/graphics/Color.cpp:
              (WebCore::Color::serialized):
              * platform/network/FormDataBuilder.cpp:
              (WebCore::FormDataBuilder::encodeStringAsFormData):
              * rendering/RenderTreeAsText.cpp:
              (WebCore::quoteAndEscapeNonPrintables):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81943 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2fd3903b
  24. 24 Mar, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-03-24 Geoffrey Garen <ggaren@apple.com> · e5695425
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Ensure that all compilation takes place within a dynamic global object scope
              https://bugs.webkit.org/show_bug.cgi?id=57054
              <rdar://problem/9083011>        
      
              Otherwise, entry to the global object scope might throw away the code
              we just compiled, causing a crash.
      
              * JavaScriptCore.exp: Updated for signature change.
      
              * debugger/Debugger.cpp:
              (JSC::evaluateInGlobalCallFrame):
              * debugger/DebuggerCallFrame.cpp:
              (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls
              here because (a) they took place outside a dynamic global object scope
              and (b) they were redundant.
      
              * interpreter/CachedCall.h:
              (JSC::CachedCall::CachedCall): Updated for signature change.
      
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::execute):
              (JSC::Interpreter::executeCall):
              (JSC::Interpreter::executeConstruct): Declare our dynamic global object
              scope earlier, to ensure that compilation takes place within it.
      
              * runtime/Completion.cpp:
              (JSC::evaluate): Removed explicit compilation calls here because (a)
              they took place outside a dynamic global object scope and (b) they were
              redundant.
      
              * runtime/Executable.h:
              (JSC::EvalExecutable::compile):
              (JSC::ProgramExecutable::compile):
              (JSC::FunctionExecutable::compileForCall):
              (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to
              verify our new invariant that all compilation takes place within a
              dynamic global object scope.
      
              * runtime/JSGlobalObject.cpp:
              (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
              * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope
              to require a JSGlobalData instead of an ExecState* since it is often
              easier to provide the former, and the latter was not necessary.
      2011-03-24  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Ensure that all compilation takes place within a dynamic global object scope
              https://bugs.webkit.org/show_bug.cgi?id=57054
      
              * WebView/WebScriptDebugDelegate.mm:
              (-[WebScriptCallFrame evaluateWebScript:]): Updated for signature change.
      2011-03-24  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Ensure that all compilation takes place within a dynamic global object scope
              https://bugs.webkit.org/show_bug.cgi?id=57054
      
              * bindings/js/JSErrorHandler.cpp:
              (WebCore::JSErrorHandler::handleEvent):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::handleEvent): Updated for signature change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81904 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e5695425
  25. 16 Mar, 2011 1 commit
    • oliver@apple.com's avatar
      2011-03-15 Oliver Hunt <oliver@apple.com> · 90cf7d51
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make Structure creation require a JSGlobalData
              https://bugs.webkit.org/show_bug.cgi?id=56438
      
              Mechanical change to make Structure::create require JSGlobalData&, and
              require all users to provide the globalData.
      
              * API/JSCallbackConstructor.h:
              (JSC::JSCallbackConstructor::createStructure):
              * API/JSCallbackFunction.h:
              (JSC::JSCallbackFunction::createStructure):
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObject::createStructure):
              * API/JSContextRef.cpp:
              * JavaScriptCore.exp:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::DebuggerActivation):
              * debugger/DebuggerActivation.h:
              (JSC::DebuggerActivation::createStructure):
              * jit/JITStubs.cpp:
              (JSC::DEFINE_STUB_FUNCTION):
              * jsc.cpp:
              (GlobalObject::GlobalObject):
              (functionRun):
              (jscmain):
              * runtime/Arguments.h:
              (JSC::Arguments::createStructure):
              * runtime/ArrayPrototype.h:
              (JSC::ArrayPrototype::createStructure):
              * runtime/BooleanObject.h:
              (JSC::BooleanObject::createStructure):
              * runtime/DateInstance.h:
              (JSC::DateInstance::createStructure):
              * runtime/DatePrototype.h:
              (JSC::DatePrototype::createStructure):
              * runtime/ErrorInstance.h:
              (JSC::ErrorInstance::createStructure):
              * runtime/Executable.h:
              (JSC::ExecutableBase::createStructure):
              (JSC::EvalExecutable::createStructure):
              (JSC::ProgramExecutable::createStructure):
              (JSC::FunctionExecutable::createStructure):
              * runtime/FunctionPrototype.h:
              (JSC::FunctionPrototype::createStructure):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::createStructure):
              * runtime/InternalFunction.h:
              (JSC::InternalFunction::createStructure):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              * runtime/JSActivation.h:
              (JSC::JSActivation::createStructure):
              * runtime/JSArray.cpp:
              (JSC::JSArray::JSArray):
              * runtime/JSArray.h:
              (JSC::JSArray::createStructure):
              * runtime/JSByteArray.cpp:
              (JSC::JSByteArray::createStructure):
              * runtime/JSByteArray.h:
              (JSC::JSByteArray::JSByteArray):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::createDummyStructure):
              * runtime/JSFunction.h:
              (JSC::JSFunction::createStructure):
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::storeVPtrs):
              (JSC::JSGlobalData::JSGlobalData):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::JSGlobalObject):
              (JSC::JSGlobalObject::createStructure):
              * runtime/JSNotAnObject.h:
              (JSC::JSNotAnObject::createStructure):
              * runtime/JSONObject.h:
              (JSC::JSONObject::createStructure):
              * runtime/JSObject.cpp:
              (JSC::JSObject::createInheritorID):
              * runtime/JSObject.h:
              (JSC::JSObject::createStructure):
              (JSC::JSNonFinalObject::createStructure):
              (JSC::JSFinalObject::createStructure):
              (JSC::createEmptyObjectStructure):
              (JSC::JSObject::inheritorID):
              * runtime/JSObjectWithGlobalObject.h:
              (JSC::JSObjectWithGlobalObject::createStructure):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::createStructure):
              * runtime/JSStaticScopeObject.h:
              (JSC::JSStaticScopeObject::createStructure):
              * runtime/JSString.h:
              (JSC::RopeBuilder::createStructure):
              * runtime/JSVariableObject.h:
              (JSC::JSVariableObject::createStructure):
              * runtime/JSWrapperObject.h:
              (JSC::JSWrapperObject::createStructure):
              * runtime/JSZombie.h:
              (JSC::JSZombie::createStructure):
              * runtime/MathObject.h:
              (JSC::MathObject::createStructure):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::NativeErrorConstructor):
              * runtime/NativeErrorConstructor.h:
              (JSC::NativeErrorConstructor::createStructure):
              * runtime/NumberConstructor.h:
              (JSC::NumberConstructor::createStructure):
              * runtime/NumberObject.h:
              (JSC::NumberObject::createStructure):
              * runtime/ObjectConstructor.h:
              (JSC::ObjectConstructor::createStructure):
              * runtime/RegExpConstructor.h:
              (JSC::RegExpConstructor::createStructure):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::createStructure):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::createStructure):
              * runtime/StringObject.h:
              (JSC::StringObject::createStructure):
              * runtime/StringObjectThatMasqueradesAsUndefined.h:
              (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
              * runtime/StringPrototype.h:
              (JSC::StringPrototype::createStructure):
              * runtime/Structure.h:
              (JSC::Structure::create):
      2011-03-15  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make Structure creation require a JSGlobalData
              https://bugs.webkit.org/show_bug.cgi?id=56438
      
              Mechanical change to make all structure creation pass a JSGlobalData&.
      
              * JSRun.cpp:
              (JSGlueGlobalObject::JSGlueGlobalObject):
              (JSRun::JSRun):
              * JSRun.h:
              * JSUtils.cpp:
              (getThreadGlobalObject):
              * UserObjectImp.h:
              (UserObjectImp::createStructure):
      2011-03-15  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make Structure creation require a JSGlobalData
              https://bugs.webkit.org/show_bug.cgi?id=56438
      
              Mechanical change to make all structure creation use GlobalData
      
              * bindings/js/JSAudioConstructor.cpp:
              (WebCore::JSAudioConstructor::JSAudioConstructor):
              * bindings/js/JSAudioConstructor.h:
              (WebCore::JSAudioConstructor::createStructure):
              * bindings/js/JSDOMBinding.h:
              (WebCore::DOMObjectWithGlobalPointer::createStructure):
              (WebCore::DOMConstructorObject::createStructure):
              (WebCore::getDOMStructure):
              * bindings/js/JSDOMGlobalObject.h:
              (WebCore::JSDOMGlobalObject::createStructure):
              * bindings/js/JSDOMWindowBase.h:
              (WebCore::JSDOMWindowBase::createStructure):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::JSDOMWindowShell):
              (WebCore::JSDOMWindowShell::setWindow):
              * bindings/js/JSDOMWindowShell.h:
              (WebCore::JSDOMWindowShell::createStructure):
              * bindings/js/JSImageConstructor.cpp:
              (WebCore::JSImageConstructor::JSImageConstructor):
              * bindings/js/JSImageConstructor.h:
              (WebCore::JSImageConstructor::createStructure):
              * bindings/js/JSImageDataCustom.cpp:
              (WebCore::toJS):
              * bindings/js/JSOptionConstructor.cpp:
              (WebCore::JSOptionConstructor::JSOptionConstructor):
              * bindings/js/JSOptionConstructor.h:
              (WebCore::JSOptionConstructor::createStructure):
              * bindings/js/JSWorkerContextBase.h:
              (WebCore::JSWorkerContextBase::createStructure):
              * bindings/js/WorkerScriptController.cpp:
              (WebCore::WorkerScriptController::initScript):
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/c/CRuntimeObject.h:
              (JSC::Bindings::CRuntimeObject::createStructure):
              * bridge/c/c_instance.cpp:
              (JSC::Bindings::CRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaInstanceJSC.cpp:
              (JavaRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaRuntimeObject.h:
              (JSC::Bindings::JavaRuntimeObject::createStructure):
              * bridge/objc/ObjCRuntimeObject.h:
              (JSC::Bindings::ObjCRuntimeObject::createStructure):
              * bridge/objc/objc_instance.mm:
              (ObjCRuntimeMethod::createStructure):
              * bridge/objc/objc_runtime.h:
              (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
              * bridge/runtime_array.h:
              (JSC::RuntimeArray::createStructure):
              * bridge/runtime_method.h:
              (JSC::RuntimeMethod::createStructure):
              * bridge/runtime_object.h:
              (JSC::Bindings::RuntimeObject::createStructure):
      2011-03-15  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make Structure creation require a JSGlobalData
              https://bugs.webkit.org/show_bug.cgi?id=56438
      
              Mechanical change to make all Structure creation use a JSGlobalData&
      
              * Plugins/Hosted/ProxyInstance.mm:
              (WebKit::ProxyRuntimeMethod::createStructure):
              * Plugins/Hosted/ProxyRuntimeObject.h:
              (WebKit::ProxyRuntimeObject::createStructure):
      2011-03-15  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make Structure creation require a JSGlobalData
              https://bugs.webkit.org/show_bug.cgi?id=56438
      
              Mechanical change to make all Structure creation use a JSGlobalData&.
      
              * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
              (WebKit::JSNPMethod::JSNPMethod):
              * WebProcess/Plugins/Netscape/JSNPMethod.h:
              (WebKit::JSNPMethod::createStructure):
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::JSNPObject):
              * WebProcess/Plugins/Netscape/JSNPObject.h:
              (WebKit::JSNPObject::createStructure):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81272 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      90cf7d51
  26. 13 Mar, 2011 1 commit
    • ggaren@apple.com's avatar
      A few Heap-related renames (sans file moves, which should come next) · 123f685d
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=56283
              
      Reviewed by Sam Weinig.
      
      ConservativeSet => ConservativeRoots. "Set" was misleading, since items
      are not uniqued. Also, "Roots" is more specific about what's in the set.
              
      MachineStackMarker => MachineThreads. "Threads" is more descriptive of
      the fact that this class maintains a set of all threads using JSC.
      "Stack" was misleading, since this class traverses stacks and registers.
      "Mark" was misleading, since this class doesn't mark anything anymore.
              
      registerThread => addCurrentThread. "Current" is more specific.
      unregisterThread => removeCurrentThread. "Current" is more specific.
              
      "currentThreadRegistrar" => threadSpecific. The only point of this data
      structure is to register a thread-specific destructor with a pointer to
      this.
              
      "mark...Conservatively" => "gather". "Mark" is not true, since these
      functions don't mark anything. "Conservatively" is redundant, since they
      take "ConservativeRoots" as an argument.
      
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      * JavaScriptCore.exp:
      * runtime/ConservativeSet.cpp:
      (JSC::ConservativeRoots::grow):
      (JSC::ConservativeRoots::add):
      * runtime/ConservativeSet.h:
      (JSC::ConservativeRoots::ConservativeRoots):
      (JSC::ConservativeRoots::~ConservativeRoots):
      (JSC::ConservativeRoots::size):
      (JSC::ConservativeRoots::roots):
      * runtime/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::markRoots):
      * runtime/Heap.h:
      (JSC::Heap::machineThreads):
      * runtime/JSGlobalData.h:
      (JSC::JSGlobalData::makeUsableFromMultipleThreads):
      * runtime/MachineStackMarker.cpp:
      (JSC::MachineThreads::MachineThreads):
      (JSC::MachineThreads::~MachineThreads):
      (JSC::MachineThreads::makeUsableFromMultipleThreads):
      (JSC::MachineThreads::addCurrentThread):
      (JSC::MachineThreads::removeThread):
      (JSC::MachineThreads::removeCurrentThread):
      (JSC::MachineThreads::gatherFromCurrentThreadInternal):
      (JSC::MachineThreads::gatherFromCurrentThread):
      (JSC::MachineThreads::gatherFromOtherThread):
      (JSC::MachineThreads::gatherConservativeRoots):
      * runtime/MachineStackMarker.h:
      * runtime/MarkStack.h:
      (JSC::MarkStack::append):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@80995 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      123f685d
  27. 11 Mar, 2011 1 commit
    • eric.carlson@apple.com's avatar
      2011-03-11 Eric Carlson <eric.carlson@apple.com> · 16c0d7dc
      eric.carlson@apple.com authored
              Reviewed by Sam Weinig.
      
              <rdar://problem/8955589> Adopt AVFoundation media back end on Lion.
      
              No new tests, existing media tests cover this.
      
              * WebCore.xcodeproj/project.pbxproj:
              * platform/graphics/MediaPlayer.cpp:
              (WebCore::installedMediaEngines): Register MediaPlayerPrivateAVFoundationObjC.
              (WebCore::bestMediaEngineForTypeAndCodecs): Kill some whitespace.
              (WebCore::MediaPlayer::loadWithNextMediaEngine): Ditto.
              (WebCore::MediaPlayer::inMediaDocument): Ditto.
              * platform/graphics/MediaPlayer.h:
      
              * platform/graphics/avfoundation: Added.
              * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: Added.
              * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h: Added.
      
              * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.h: Added.
              * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.mm: Added.
      
      2011-03-11  Eric Carlson  <eric.carlson@apple.com>
      
              Reviewed by Sam Weinig.
      
              <rdar://problem/8955589> Adopt AVFoundation media back end on Lion.
      
              No new tests, existing media tests cover this.
      
              * JavaScriptCore.exp: Export cancelCallOnMainThread
              * wtf/Platform.h: Define WTF_USE_AVFOUNDATION.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@80874 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      16c0d7dc
  28. 10 Mar, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-03-10 Geoffrey Garen <ggaren@apple.com> · 58274d20
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Rolled back in 80277 and 80280 with event handler layout test failures fixed.
              https://bugs.webkit.org/show_bug.cgi?id=55653        
      
              The failures were caused by a last minute typo: assigning to currentEvent
              instead of m_currentEvent.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * bytecompiler/BytecodeGenerator.cpp:
              * jit/JITOpcodes.cpp:
              * jit/JITOpcodes32_64.cpp:
              * runtime/Arguments.h:
              * runtime/JSActivation.cpp:
              * runtime/JSActivation.h:
              * runtime/JSCell.h:
              * runtime/JSGlobalObject.cpp:
              * runtime/JSGlobalObject.h:
              * runtime/JSObject.cpp:
              * runtime/JSStaticScopeObject.cpp:
              * runtime/JSStaticScopeObject.h:
              * runtime/JSVariableObject.h:
              * runtime/MarkedSpace.cpp:
              * runtime/MarkedSpace.h:
      2011-03-10  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Rolled back in 80277 and 80280 with event handler layout test failures fixed.
              https://bugs.webkit.org/show_bug.cgi?id=55653        
      
              The failures were caused by a last minute typo: assigning to currentEvent
              instead of m_currentEvent.
      
              * JSRun.cpp:
              * JSRun.h:
      2011-03-10  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Rolled back in 80277 and 80280 with event handler layout test failures fixed.
              https://bugs.webkit.org/show_bug.cgi?id=55653
      
              The failures were caused by a last minute typo: assigning to currentEvent
              instead of m_currentEvent.
      
              * WebCore.xcodeproj/project.pbxproj:
              * bindings/js/JSDOMGlobalObject.cpp:
              * bindings/js/JSDOMGlobalObject.h:
              * bindings/js/JSDOMWindowBase.cpp:
              * bindings/js/JSDOMWindowBase.h:
              * bindings/js/JSDOMWindowCustom.h:
              * bindings/js/JSWorkerContextBase.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@80742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      58274d20
  29. 09 Mar, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 56041 - RexExp constructor should only accept flags "gim" · 1281293b
      barraclough@apple.com authored
      We also should be passing the flags around as a bitfield rather than a string,
      and should not have redundant, incompatible code for converting the string to a bitfield!
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.exp:
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
          - Need to parse flags string to enum.
      * runtime/RegExp.cpp:
      (JSC::regExpFlags):
      (JSC::RegExp::RegExp):
      (JSC::RegExp::create):
          - Add method to parse flags string to enum, change constructor/create args to take enum.
      * runtime/RegExp.h:
      (JSC::RegExp::global):
      (JSC::RegExp::ignoreCase):
      (JSC::RegExp::multiline):
          - Change to use new enum values.
      * runtime/RegExpCache.cpp:
      (JSC::RegExpCache::lookupOrCreate):
      (JSC::RegExpCache::create):
      * runtime/RegExpCache.h:
          - Changed to use regExpFlags enum instead of int/const UString&.
      * runtime/RegExpConstructor.cpp:
      (JSC::constructRegExp):
          - Add use new enum parsing, check for error.
      * runtime/RegExpKey.h:
      (JSC::RegExpKey::RegExpKey):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::RegExpPrototype):
          - Pass NoFlags value instead of empty string.
      (JSC::regExpProtoFuncCompile):
          - Add use new enum parsing, check for error.
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
          - Pass NoFlags value instead of empty string.
      
      Source/WebCore: 
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::readTerminal):
          - Need to parse flags string back to enum.
      
      LayoutTests: 
      
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T2-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T4-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T5-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T6-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T7-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T8-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.4/S15.10.4.1_A5_T9-expected.txt:
          - Check in passing results!
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@80667 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1281293b