GitLab

https://bugs.webkit.org/show_bug.cgi?id=69311

Reviewed by Darin Adler.

Source/JavaScriptCore: 

Added ClassInfo structs to each class that defined its own getCallData 
function but did not already have its own ClassInfo struct.  This is a 
necessary addition for when we switch over to looking up getCallData from 
the MethodTable in ClassInfo rather than doing the virtual call (which we 
are removing).  These new ClassInfo structs are public because we often 
use these structs in other areas of the code to uniquely identify JSC classes and 
to enforce runtime invariants based on those class identities using ASSERTs.
Also added new createStructure methods to those classes that didn't have 
them so that the new ClassInfo structs would be used when creating the Structures 
in these classes.

* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
(JSC::BooleanConstructor::createStructure):

getCallData was not marked as static in StrictModeTypeErrorFunction.  
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
(JSC::StrictModeTypeErrorFunction::createStructure):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
(JSC::ErrorConstructor::createStructure):
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
(JSC::FunctionConstructor::createStructure):
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:

Source/WebCore: 

No new tests.

Added ClassInfo structs to each class that defined its own getCallData 
function but did not already have its own ClassInfo struct.  This is a 
necessary addition for when we switch over to looking up getCallData from 
the MethodTable in ClassInfo rather than doing the virtual call (which we 
are removing).  These new ClassInfo structs are public because we often 
use these structs in other areas of the code to uniquely identify JSC classes and 
to enforce runtime invariants based on those class identities using ASSERTs.
Also added new createStructure methods to those classes that didn't have 
them so that the new ClassInfo structs would be used when creating the Structures 
in these classes.

* bridge/qt/qt_runtime.cpp:
* bridge/qt/qt_runtime.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96674 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69320

../JavaScriptCore: 

Reviewed by Darin Adler.
        
No measurable performance change.

Removed some JSValue::get* functions. get* used to be an optimization
when every value operation was a virtual function call: get* would combine
two virtual calls into one. Now, with non-virtual, inlined functions, get*
isn't faster, and may be slightly slower.

Merged getBoolean(bool&) and getBoolean() into asBoolean().

Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
asNumber().

* runtime/JSValue.h:
* runtime/JSValueInlineMethods.h:
(JSC::JSValue::asNumber):
(JSC::JSValue::asBoolean): As promised!

* runtime/NumberPrototype.cpp:
(JSC::toThisNumber):
(JSC::numberProtoFuncToExponential):
(JSC::numberProtoFuncToFixed):
(JSC::numberProtoFuncToPrecision):
(JSC::numberProtoFuncToString):
(JSC::numberProtoFuncToLocaleString):
(JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
by switching to toThisNumber().

* API/JSCallbackObjectFunctions.h:
(JSC::::toNumber):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::valueOfNumberConstant):
(JSC::DFG::Graph::valueOfBooleanConstant):
* dfg/DFGOperations.cpp:
(JSC::DFG::putByVal):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/DateInstance.h:
(JSC::DateInstance::internalNumber):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncBind):
* runtime/JSArray.cpp:
(JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().

* runtime/JSCell.cpp:
* runtime/JSCell.h: Nixed getJSNumber().

* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncParseInt):
* runtime/JSONObject.cpp:
(JSC::gap):
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::appendStringifiedValue):
* runtime/NumberObject.cpp:
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/Operations.h:
(JSC::JSValue::equalSlowCaseInline):
(JSC::JSValue::strictEqual):
(JSC::jsLess):
(JSC::jsLessEq):
(JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().

../WebCore: 

Reviewed by Darin Adler.

* bindings/js/JSDOMBinding.cpp:
(WebCore::valueToDate):
* bindings/js/JSErrorHandler.cpp:
(WebCore::JSErrorHandler::handleEvent):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent):
* bindings/js/JSSQLTransactionCustom.cpp:
(WebCore::JSSQLTransaction::executeSql):
* bindings/js/JSSQLTransactionSyncCustom.cpp:
(WebCore::JSSQLTransactionSync::executeSql):
* bindings/js/ScriptValue.cpp:
(WebCore::jsToInspectorValue):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpIfTerminal):
* bindings/objc/WebScriptObject.mm:
(+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
* bridge/jni/jsc/JNIUtilityPrivate.cpp:
(JSC::Bindings::convertValueToJValue): Updated for JSC changes.

../WebKit/mac: 

Reviewed by Darin Adler.

* WebView/WebView.mm:
(aeDescFromJSValue): Updated for JSC changes.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96673 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66859

Patch by Scott Graham <scottmg@chromium.org> on 2011-10-04
Reviewed by Darin Fisher.

.:

* configure.ac:

Source/JavaScriptCore:

* Configurations/FeatureDefines.xcconfig:

Source/WebCore:

No new tests, as no new functionality yet.

* Configurations/FeatureDefines.xcconfig:
* GNUmakefile.am:
* features.pri:

Source/WebKit/chromium:

* features.gypi:

Source/WebKit/mac:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

* Configurations/FeatureDefines.xcconfig:

Tools:

* Scripts/build-webkit:

WebKitLibraries:

* win/tools/vsprops/FeatureDefines.vsprops:
* win/tools/vsprops/FeatureDefinesCairo.vsprops:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96662 268f45cc-cd09-0410-ab3c-d52691b4dbfc

to be both speculative and non-speculative
https://bugs.webkit.org/show_bug.cgi?id=69321

Reviewed by Gavin Barraclough.
        
Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
This required moving emitBranch() to SpeculativeJIT, since it was
the main user of that field and method. Other than trvial clean-ups
in emitBranch(), the code is unchanged (and still has some disparity
between 64 and 32_64, and still lacks some obvious optimizations).

* dfg/DFGJITCodeGenerator.cpp:
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::JITCodeGenerator):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGJITCodeGenerator64.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitBranch):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitBranch):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96661 268f45cc-cd09-0410-ab3c-d52691b4dbfc

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96648 268f45cc-cd09-0410-ab3c-d52691b4dbfc

        
[CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
        
Add support for reverse iteration to ListHashSet to support being able to walk them
backwards easily.

Reviewed by Anders Carlsson.

* wtf/ListHashSet.h:
(WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
(WTF::ListHashSetReverseIterator::get):
(WTF::ListHashSetReverseIterator::operator*):
(WTF::ListHashSetReverseIterator::operator->):
(WTF::ListHashSetReverseIterator::operator++):
(WTF::ListHashSetReverseIterator::operator--):
(WTF::ListHashSetReverseIterator::operator==):
(WTF::ListHashSetReverseIterator::operator!=):
(WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
(WTF::ListHashSetReverseIterator::node):
(WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
(WTF::ListHashSetConstReverseIterator::get):
(WTF::ListHashSetConstReverseIterator::operator*):
(WTF::ListHashSetConstReverseIterator::operator->):
(WTF::ListHashSetConstReverseIterator::operator++):
(WTF::ListHashSetConstReverseIterator::operator--):
(WTF::ListHashSetConstReverseIterator::operator==):
(WTF::ListHashSetConstReverseIterator::operator!=):
(WTF::ListHashSetConstReverseIterator::node):
(WTF::::rbegin):
(WTF::::rend):
(WTF::::makeReverseIterator):
(WTF::::makeConstReverseIterator):
(WTF::::makeConstIterator):

Source/WebCore: https://bugs.webkit.org/show_bug.cgi?id=69372
        
[CSS3 Regions] Make sure overflow:visible lets content spill out of regions.

Reviewed by Anders Carlsson.

No new tests, since plenty of results changed.

* rendering/RenderFlowThread.cpp:
(WebCore::RenderFlowThread::paintIntoRegion):
(WebCore::RenderFlowThread::hitTestRegion):
(WebCore::RenderFlowThread::repaintRectangleInRegions):
(WebCore::RenderFlowThread::firstRegion):
(WebCore::RenderFlowThread::lastRegion):
* rendering/RenderFlowThread.h:
* rendering/RenderRegion.cpp:
(WebCore::RenderRegion::regionOverflowRect):
(WebCore::RenderRegion::isFirstRegion):
(WebCore::RenderRegion::isLastRegion):
(WebCore::RenderRegion::layout):
* rendering/RenderRegion.h:
(WebCore::RenderRegion::setRegionRect):
(WebCore::RenderRegion::regionRect):

LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=69372
        
[CSS3 Regions] Make sure overflow:visible lets content spill out of regions.

Reviewed by Anders Carlsson.

* platform/mac/fast/regions/content-flowed-into-regions-dynamically-removed-expected.png:
* platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png:
* platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png:
* platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png:
* platform/mac/fast/regions/percentage-margins-variable-width-regions-expected.png:
* platform/mac/fast/regions/webkit-flow-double-pagination-float-push-expected.png:
* platform/mac/fast/regions/webkit-flow-float-unable-to-push-expected.png:
* platform/mac/fast/regions/webkit-flow-floats-inside-regions-bounds-expected.png:
* platform/mac/fast/regions/webkit-flow-inlines-dynamic-expected.png:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96643 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69371

ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
the pretty printer on gtk, which should fix the build on that platform.

Reviewed by NOBODY, this is a build fix.

* wtf/Assertions.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96641 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/96630
https://bugs.webkit.org/show_bug.cgi?id=69368

Caused assertion failures in validateCell (Requested by
mhahnenberg on #webkit).

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-10-04

Source/JavaScriptCore:

* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:

Source/WebCore:

* bridge/qt/qt_runtime.cpp:
* bridge/qt/qt_runtime.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96637 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69311

Reviewed by Darin Adler.

Source/JavaScriptCore:

Added ClassInfo structs to each class that defined its own getCallData
function but did not already have its own ClassInfo struct.  This is a
necessary addition for when we switch over to looking up getCallData from
the MethodTable in ClassInfo rather than doing the virtual call (which we
are removing).  These new ClassInfo structs are public because we often
use these structs in other areas of the code to uniquely identify JSC classes and
to enforce runtime invariants based on those class identities using ASSERTs.

* runtime/BooleanConstructor.cpp:
* runtime/BooleanConstructor.h:

getCallData was not marked as static is StrictModeTypeErrorFunction.
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
(JSC::StrictModeTypeErrorFunction::getCallData):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorConstructor.h:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionPrototype.h:

Source/WebCore:

No new tests.

Added ClassInfo structs to each class that defined its own getCallData
function but did not already have its own ClassInfo struct.  This is a
necessary addition for when we switch over to looking up getCallData from
the MethodTable in ClassInfo rather than doing the virtual call (which we
are removing).  These new ClassInfo structs are public because we often
use these structs in other areas of the code to uniquely identify JSC classes and
to enforce runtime invariants based on those class identities using ASSERTs.

* bridge/qt/qt_runtime.cpp:
* bridge/qt/qt_runtime.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96630 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* wtf/Platform.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96629 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69156

Reviewed by Geoffrey Garen.

Added callbacks for toString and valueOf which are implicitly added to a client object's
prototype if they provide a convertToType callback when declaring their class through
the JSC API.

* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::toStringCallback):
(JSC::JSCallbackFunction::valueOfCallback):
* API/JSCallbackFunction.h:
* API/JSClassRef.cpp:
(OpaqueJSClass::prototype):
* API/tests/testapi.js:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96627 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=68959
<rdar://problem/10036688>

Reviewed by Sam Weinig.

Source/JavaScriptCore:

* wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.

Source/WebCore:

Test: fast/events/wheelevent-direction-inverted-from-device.html

* dom/WheelEvent.cpp:
(WebCore::WheelEvent::WheelEvent):
(WebCore::WheelEvent::initWheelEvent):
(WebCore::WheelEventDispatchMediator::WheelEventDispatchMediator):
* dom/WheelEvent.h:
(WebCore::WheelEvent::create):
(WebCore::WheelEvent::webkitDirectionInvertedFromDevice):
* dom/WheelEvent.idl: Added the webkitDirectionInvertedFromDevice idl attribute.
* platform/PlatformWheelEvent.h:
(WebCore::PlatformWheelEvent::PlatformWheelEvent):
(WebCore::PlatformWheelEvent::webkitDirectionInvertedFromDevice):
* platform/efl/PlatformWheelEventEfl.cpp:
(WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
* platform/gtk/PlatformWheelEventGtk.cpp:
(WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
* platform/mac/WheelEventMac.mm:
(WebCore::PlatformWheelEvent::PlatformWheelEvent): if building on Lion or later, use
[NSEvent isDirectionInvertedFromDevice].
* platform/qt/WheelEventQt.cpp:
(WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
* platform/win/WheelEventWin.cpp:
(WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
* platform/wx/MouseWheelEventWx.cpp:
(WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.

Source/WebKit2:

* Shared/WebEvent.h:
(WebKit::WebWheelEvent::directionInvertedFromDevice):
* Shared/WebEventConversion.cpp:
(WebKit::WebKit2PlatformWheelEvent::WebKit2PlatformWheelEvent):
* Shared/WebWheelEvent.cpp:
(WebKit::WebWheelEvent::WebWheelEvent):
(WebKit::WebWheelEvent::encode):
(WebKit::WebWheelEvent::decode):
* Shared/mac/WebEventFactory.mm:
(WebKit::WebEventFactory::createWebWheelEvent): get the flag from the NSEvent.
* UIProcess/WebPageProxy.cpp:
(WebKit::coalesce):

LayoutTests:

* fast/events/wheelevent-direction-inverted-from-device-expected.txt: Added.
* fast/events/wheelevent-direction-inverted-from-device.html: Added.
* platform/mac-wk2/Skipped: WKTR does not support mouse scroll events yet.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96613 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:

Reviewed by Tor Arne Vestbø.

* assembler/MacroAssemblerCodeRef.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96598 268f45cc-cd09-0410-ab3c-d52691b4dbfc

       https://bugs.webkit.org/show_bug.cgi?id=69018

       In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
       WebKit programmatically retrieve the current stack.  This is useful if you need to add more
       reporting to field crash report uploads, if you're tracking down an irreproducable bug,
       for instance.

       Reviewed by Darin Adler.

       * wtf/Assertions.cpp:
       * wtf/Assertions.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96595 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69314

Reviewed by Geoff Garen.
        
Fix 32-bit.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96569 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69314

Reviewed by Oliver Hunt.
        
1% speed-up in V8 due to 6% speed-up in V8-deltablue.

* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::storePtr):
* create_hash_table:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGIntrinsic.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::getByValLoadElimination):
(JSC::DFG::Propagator::getMethodLoadElimination):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96567 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69293

Reviewed by Oliver Hunt.

If a polymorphic access structure list has a duplicated structure, then
don't crash.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96564 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69299

Reviewed by Geoff Garen.

We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
function too frequently (regressing performance). This patch has no perf impact on sunspider.

* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::branchAdd32):
(JSC::MacroAssemblerX86::branchSub32):
    - Added branchSub32 with AbsoluteAddress.
* jit/JIT.cpp:
(JSC::JIT::emitTimeoutCheck):
    - Keep timeout count in memory on X86.
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
    - remove X86 specific code, switch bucket count back into a register.
* jit/JITStubs.cpp:
    - Stop initializing esi (it is no longer the timeoutCheck!)
* jit/JSInterfaceJIT.h:
    - change definition of esi to be the bucketCountRegister.
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
    - Add timeoutCount as a property to global data (the counter should be per-thread).



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96563 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69291

Reviewed by Oliver Hunt.
        
Nodes now have two notion of predictions: the heap prediction, which is
what came directly from value profiling, and the propagator's predictions,
which arise out of abstract interpretation. Every node has a propagator
prediction, but not every node has a heap prediction; and there is no
guarantee that a node that has both will keep them consistent as the
propagator may have additional information available to it.
        
This is performance neutral.

* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::getPrediction):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::getHeapPrediction):
(JSC::DFG::Node::predictHeap):
(JSC::DFG::Node::prediction):
(JSC::DFG::Node::predict):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::setPrediction):
(JSC::DFG::Propagator::mergePrediction):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::isPredictedNumerical):
(JSC::DFG::Propagator::logicalNotIsPure):
(JSC::DFG::Propagator::setReplacement):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96562 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/96526
https://bugs.webkit.org/show_bug.cgi?id=68587

WEB_AUDIO has numerous 64->32 bit casting warnings, causing
build breakages where -Wall is enabled.

Source/JavaScriptCore:

* Configurations/FeatureDefines.xcconfig:
* wtf/Platform.h:

Source/WebCore:

* Configurations/FeatureDefines.xcconfig:
* WebCore.xcodeproj/project.pbxproj:

Source/WebKit/mac:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

* Configurations/FeatureDefines.xcconfig:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96545 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96534 268f45cc-cd09-0410-ab3c-d52691b4dbfc

polymorphic get_by_id
https://bugs.webkit.org/show_bug.cgi?id=69235

Reviewed by Oliver Hunt.
        
This implements trivial polymorphic get_by_id. It also fixes
problems in the CSE for CheckStructure in the put_by_id
transition case.
        
Doing this required knowing whether a polymorphic get_by_id stub
was doing a direct access rather than a call of some kind.
        
Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
scaled mean of all benchmarks.

* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/Instruction.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
(JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::addStructureSet):
(JSC::DFG::Graph::addStructureTransitionData):
* dfg/DFGNode.h:
(JSC::DFG::StructureTransitionData::StructureTransitionData):
(JSC::DFG::Node::hasStructureTransitionData):
(JSC::DFG::Node::structureTransitionData):
(JSC::DFG::Node::hasStructureSet):
(JSC::DFG::Node::structureSet):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::tryBuildGetByIDProtoList):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStructureSet.h: Added.
(JSC::DFG::StructureSet::StructureSet):
(JSC::DFG::StructureSet::add):
(JSC::DFG::StructureSet::addAll):
(JSC::DFG::StructureSet::remove):
(JSC::DFG::StructureSet::contains):
(JSC::DFG::StructureSet::isSubsetOf):
(JSC::DFG::StructureSet::isSupersetOf):
(JSC::DFG::StructureSet::size):
(JSC::DFG::StructureSet::at):
(JSC::DFG::StructureSet::operator[]):
(JSC::DFG::StructureSet::last):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::getPolymorphicAccessStructureListSlot):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96527 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=68587

Reviewed by Simon Fraser.

Source/JavaScriptCore:

* Configurations/FeatureDefines.xcconfig:
* wtf/Platform.h:

Source/WebCore:

No new tests; existing webaudio/ layout tests cover this.

* Configurations/FeatureDefines.xcconfig:
* WebCore.xcodeproj/project.pbxproj: Add a build step which copies audio resources to
    the WebCore.framework bundle.

Source/WebKit/mac:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

* Configurations/FeatureDefines.xcconfig:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69243

Reviewed by Martin Robinson.

Source/JavaScriptCore:

* GNUmakefile.list.am:

Source/WebCore:

* GNUmakefile.am:
* GNUmakefile.list.am:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69162

Use QString::toHtmlEscaped in the Qt5 case.

Source/JavaScriptCore:

Patch by Pierre Rossi <pierre.rossi@gmail.com> on 2011-10-03
Reviewed by Andreas Kling.

* JavaScriptCore.pri:
* wtf/qt/UtilsQt.h: Added.
(escapeHtml):
* wtf/wtf.pri:

Source/WebCore:

Patch by Pierre Rossi <pierre.rossi@gmail.com> on 2011-10-03
Reviewed by Andreas Kling.

No new tests needed.

* WebCore.pro: adjust the include path accordingly
in the v8 case.

Source/WebKit/qt:

Patch by Pierre Rossi <pierre.rossi@gmail.com> on 2011-10-03
Reviewed by Andreas.

* Api/qwebpage.cpp:
(QWebPage::javaScriptAlert):
(QWebPage::javaScriptConfirm):
(QWebPage::javaScriptPrompt):
* WebCoreSupport/ChromeClientQt.cpp:
(WebCore::ChromeClientQt::setToolTip):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96503 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66378

Reviewed by Zoltan Herczeg.

Use the appropriate libdispatch API for our use case.
Throw away the hard coded limit of parallel threads
and use dispatch_apply with the default priority normal
queue istead of using our own custom serial queue (which
was a misuse of the API). Enabling PARALLEL_JOBS is now
a 60% win (2.63x as fast) on the methanol benchmark
(https://gitorious.org/methanol) with an SVG centric test set
while the old implementation was almost identical (less than 5% win).

* wtf/ParallelJobsLibdispatch.h:
(WTF::ParallelEnvironment::ParallelEnvironment):
(WTF::ParallelEnvironment::execute):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96492 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=68990

Reviewed by Geoffrey Garen.

Changing signed char to int in r96354 solved the
problem. However transitionCount still returns
with a signed char and should be changed to int.

* runtime/Structure.h:
(JSC::Structure::transitionCount):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96483 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69233

Reviewed by Oliver Hunt.
        
0.7% speed-up on SunSpider.

* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::getByValLoadElimination):
(JSC::DFG::Propagator::getMethodLoadElimination):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::getPropertyStorageLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96482 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Reviewed by Darin Adler.
        
Fix a regression introduced in r72140. A return was added to the backtracking loop for
backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
This is incorrect. The additional return should only trigger to force an early return if
an error has occured.

Source/JavaScriptCore: 

* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::matchParentheses):
    - Simplify some nested if else logic.
(JSC::Yarr::Interpreter::backtrackParentheses):
    - Simplify some nested if else logic.
    - Only return early from backtrackParentheses on success/error, not on failure.

LayoutTests: 

* fast/regex/parentheses-expected.txt:
* fast/regex/script-tests/parentheses.js:
    - Added test cases from bug.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96479 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69218

Reviewed by Sam Weinig.

../JavaScriptCore: 

* heap/Heap.h:
(JSC::Heap::handleHeap):
* runtime/JSGlobalData.h: Removed these helper functions, since they
just created indirection.

* heap/StrongInlines.h: Added. Broke out a header for inline functions
to resolve circular dependencies created by inlining. I'm told this is
the future for JavaScriptCore.

* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.

* API/JSCallbackObjectFunctions.h:
(JSC::::init):
* runtime/WeakGCMap.h:
(JSC::WeakGCMap::add):
(JSC::WeakGCMap::set):
* runtime/StructureTransitionTable.h:
(JSC::StructureTransitionTable::setSingleTransition):
* heap/Local.h:
(JSC::::Local):
* heap/Strong.h:
(JSC::::Strong):
(JSC::::set):
* heap/Weak.h:
(JSC::Weak::Weak):
(JSC::Weak::set): Allocate handles directly instead of going through a
chain of forwarding functions.

* bytecompiler/BytecodeGenerator.cpp:
* runtime/JSGlobalData.cpp:
* runtime/LiteralParser.cpp:
* runtime/RegExpCache.cpp: Updated for header changes.

../JavaScriptGlue: 

* JSRun.cpp:
* JSValueWrapper.cpp:

../WebCore: 

* ForwardingHeaders/heap/StrongInlines.h: Added.
* bindings/js/JSCallbackData.h:
* bindings/js/JSDOMWindowShell.cpp:
* bindings/js/ScheduledAction.h:
* bindings/js/ScriptCachedFrameData.cpp:
* bindings/js/ScriptController.cpp:
* bindings/js/ScriptState.cpp:
* bindings/js/ScriptValue.h:
* bindings/js/WorkerScriptController.cpp:
* bridge/runtime_root.cpp:

../WebKit2: 

* WebProcess/Plugins/Netscape/NPJSObject.cpp:
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96465 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69201

Reviewed by Oliver Hunt.
        
This makes it possible to change tiered compilation heuristics in
one place (Heuristics.cpp) without recompiling the whole project.
        
It also makes it possible to enable setting heuristics using
environment variables. This is off by default. When turned on, it
makes tuning the system much easier.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::shouldOptimizeNow):
* bytecode/CodeBlock.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
* runtime/Heuristics.cpp: Added.
(JSC::Heuristics::parse):
(JSC::Heuristics::setHeuristic):
(JSC::Heuristics::initializeHeuristics):
* runtime/Heuristics.h: Added.
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96463 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69215

Reviewed by Geoff Garen.

Adds a GetStringLength node to the DFG so that we can support
string.length inline.

* dfg/DFGNode.h:
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isKnownString):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/JSString.h:
(JSC::JSString::offsetOfLength):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96461 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69205

Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-10-01
Reviewed by Gavin Barraclough.

If there are unboxed integers and cells in register file (e.g. by SetLocal),
they must be reboxed before exiting from the speculative DFG JIT execution.
This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).

* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::ValueSource::dump):
(JSC::DFG::ValueRecovery::dump):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::ValueSource::forPrediction):
(JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/96421
https://bugs.webkit.org/show_bug.cgi?id=69206

It broke Qt-WK2 build (Requested by ossy on #webkit).

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-10-01

Source/JavaScriptCore:

* JavaScriptCore.pri:
* wtf/qt/UtilsQt.h: Removed.
* wtf/wtf.pri:

Source/WebCore:

* WebCore.pro:

Source/WebKit/qt:

* Api/qwebpage.cpp:
(QWebPage::javaScriptAlert):
(QWebPage::javaScriptConfirm):
(QWebPage::javaScriptPrompt):
* WebCoreSupport/ChromeClientQt.cpp:
(WebCore::ChromeClientQt::setToolTip):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96455 268f45cc-cd09-0410-ab3c-d52691b4dbfc

        Attempt to fix the Apple Windows and WinCairo Debug builds after
        <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
        ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
        corresponding function, JSValue::toStrictThisObject(), was removed.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96453 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69126

Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-09-30
Reviewed by Gavin Barraclough.

The setupResults routine has the bug of reversing the source and destination.
Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.

* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::setupTwoStubArgs):
(JSC::DFG::setupResults):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96451 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69203

Rubber stamped by Sam Weinig

These are no longer used.

../JavaScriptCore: 

* JavaScriptCore.exp:
* runtime/JSActivation.cpp:
* runtime/JSActivation.h:
* runtime/JSObject.cpp:
* runtime/JSObject.h:
* runtime/JSStaticScopeObject.cpp:
* runtime/JSStaticScopeObject.h:
* runtime/JSValue.h:
* runtime/StrictEvalActivation.cpp:
* runtime/StrictEvalActivation.h:

../WebCore: 

* bindings/js/JSDOMWindowBase.cpp:
* bindings/js/JSDOMWindowBase.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69114

Reviewed by Oliver Hunt.

This adds new nodes along with optimizations for those nodes:
        
GetPropertyStorage: CheckStructure used to do both the structure
check and retrieve the storage pointer. Now CheckStructure just
checks the structure, and GetPropertyStorage retrieves the
storage pointer.
        
PutStructure: Changes the structure, and has the expected store
to load optimization with CheckStructure.
        
PutByOffset: Directly sets the value. Has store to load
optimization with GetByOffset.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasStructure):
(JSC::DFG::Node::hasStorageAccessData):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::impureCSE):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::getPropertyStorageLoadElimination):
(JSC::DFG::Propagator::eliminate):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69188

Reviewed by Oliver Hunt.

0 is not the empty value on 32_64.
Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
* runtime/ErrorPrototype.cpp:
(JSC::errorProtoFuncToString):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncToString):
* runtime/StringRecursionChecker.cpp:
(JSC::StringRecursionChecker::throwStackOverflowError):
(JSC::StringRecursionChecker::emptyString):
* runtime/StringRecursionChecker.h:
(JSC::StringRecursionChecker::performCheck):
(JSC::StringRecursionChecker::earlyReturnValue):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=69174

Reviewed by Sam Weinig.

if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
the JSVALUE64 JIT will currently compare all 64bits in the register, but in
these cases the DataFormat is always a JS boxed integer. In these cases we
can just compare the low 32bits anyway - no need to check the tag.
This allows the code to be unified with the JSVALUE32_64 JIT.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96436 268f45cc-cd09-0410-ab3c-d52691b4dbfc