1. 04 Oct, 2011 14 commits
    • mhahnenberg@apple.com's avatar
      Add static ClassInfo structs to classes that override JSCell::getCallData · 77d198e8
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69311
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      Added ClassInfo structs to each class that defined its own getCallData 
      function but did not already have its own ClassInfo struct.  This is a 
      necessary addition for when we switch over to looking up getCallData from 
      the MethodTable in ClassInfo rather than doing the virtual call (which we 
      are removing).  These new ClassInfo structs are public because we often 
      use these structs in other areas of the code to uniquely identify JSC classes and 
      to enforce runtime invariants based on those class identities using ASSERTs.
      Also added new createStructure methods to those classes that didn't have 
      them so that the new ClassInfo structs would be used when creating the Structures 
      in these classes.
      
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      
      getCallData was not marked as static in StrictModeTypeErrorFunction.  
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
      (JSC::StrictModeTypeErrorFunction::getCallData):
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      * runtime/FunctionPrototype.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Added ClassInfo structs to each class that defined its own getCallData 
      function but did not already have its own ClassInfo struct.  This is a 
      necessary addition for when we switch over to looking up getCallData from 
      the MethodTable in ClassInfo rather than doing the virtual call (which we 
      are removing).  These new ClassInfo structs are public because we often 
      use these structs in other areas of the code to uniquely identify JSC classes and 
      to enforce runtime invariants based on those class identities using ASSERTs.
      Also added new createStructure methods to those classes that didn't have 
      them so that the new ClassInfo structs would be used when creating the Structures 
      in these classes.
      
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96674 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      77d198e8
    • ggaren@apple.com's avatar
      Some JSValue cleanup · 7831f0c3
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69320
      
      ../JavaScriptCore: 
      
      Reviewed by Darin Adler.
              
      No measurable performance change.
      
      Removed some JSValue::get* functions. get* used to be an optimization
      when every value operation was a virtual function call: get* would combine
      two virtual calls into one. Now, with non-virtual, inlined functions, get*
      isn't faster, and may be slightly slower.
      
      Merged getBoolean(bool&) and getBoolean() into asBoolean().
      
      Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
      asNumber().
      
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::asNumber):
      (JSC::JSValue::asBoolean): As promised!
      
      * runtime/NumberPrototype.cpp:
      (JSC::toThisNumber):
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      (JSC::numberProtoFuncToLocaleString):
      (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
      by switching to toThisNumber().
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::toNumber):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueOfNumberConstant):
      (JSC::DFG::Graph::valueOfBooleanConstant):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/DateInstance.h:
      (JSC::DateInstance::internalNumber):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/JSArray.cpp:
      (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
      getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
      
      * runtime/JSCell.cpp:
      * runtime/JSCell.h: Nixed getJSNumber().
      
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncParseInt):
      * runtime/JSONObject.cpp:
      (JSC::gap):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::appendStringifiedValue):
      * runtime/NumberObject.cpp:
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/Operations.h:
      (JSC::JSValue::equalSlowCaseInline):
      (JSC::JSValue::strictEqual):
      (JSC::jsLess):
      (JSC::jsLessEq):
      (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
      getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
      
      ../WebCore: 
      
      Reviewed by Darin Adler.
      
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::valueToDate):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSSQLTransactionCustom.cpp:
      (WebCore::JSSQLTransaction::executeSql):
      * bindings/js/JSSQLTransactionSyncCustom.cpp:
      (WebCore::JSSQLTransactionSync::executeSql):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::dumpIfTerminal):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue): Updated for JSC changes.
      
      ../WebKit/mac: 
      
      Reviewed by Darin Adler.
      
      * WebView/WebView.mm:
      (aeDescFromJSValue): Updated for JSC changes.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96673 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7831f0c3
    • commit-queue@webkit.org's avatar
      Add GAMEPAD feature flag · 33a67246
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=66859
      
      Patch by Scott Graham <scottmg@chromium.org> on 2011-10-04
      Reviewed by Darin Fisher.
      
      .:
      
      * configure.ac:
      
      Source/JavaScriptCore:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore:
      
      No new tests, as no new functionality yet.
      
      * Configurations/FeatureDefines.xcconfig:
      * GNUmakefile.am:
      * features.pri:
      
      Source/WebKit/chromium:
      
      * features.gypi:
      
      Source/WebKit/mac:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Tools:
      
      * Scripts/build-webkit:
      
      WebKitLibraries:
      
      * win/tools/vsprops/FeatureDefines.vsprops:
      * win/tools/vsprops/FeatureDefinesCairo.vsprops:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96662 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      33a67246
    • fpizlo@apple.com's avatar
      JITCodeGenerator should no longer have code that tries too hard · ee099cb3
      fpizlo@apple.com authored
      to be both speculative and non-speculative
      https://bugs.webkit.org/show_bug.cgi?id=69321
      
      Reviewed by Gavin Barraclough.
              
      Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
      This required moving emitBranch() to SpeculativeJIT, since it was
      the main user of that field and method. Other than trvial clean-ups
      in emitBranch(), the code is unchanged (and still has some disparity
      between 64 and 32_64, and still lacks some obvious optimizations).
      
      * dfg/DFGJITCodeGenerator.cpp:
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
      * dfg/DFGJITCodeGenerator32_64.cpp:
      (JSC::DFG::JITCodeGenerator::fillDouble):
      (JSC::DFG::JITCodeGenerator::fillJSValue):
      * dfg/DFGJITCodeGenerator64.cpp:
      (JSC::DFG::JITCodeGenerator::fillDouble):
      (JSC::DFG::JITCodeGenerator::fillJSValue):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitBranch):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitBranch):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96661 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ee099cb3
    • hyatt@apple.com's avatar
      Fix Leopard build bustage. · 21b07d4d
      hyatt@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96648 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      21b07d4d
    • hyatt@apple.com's avatar
      Source/JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=69372 · 34c7902c
      hyatt@apple.com authored
              
      [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
              
      Add support for reverse iteration to ListHashSet to support being able to walk them
      backwards easily.
      
      Reviewed by Anders Carlsson.
      
      * wtf/ListHashSet.h:
      (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
      (WTF::ListHashSetReverseIterator::get):
      (WTF::ListHashSetReverseIterator::operator*):
      (WTF::ListHashSetReverseIterator::operator->):
      (WTF::ListHashSetReverseIterator::operator++):
      (WTF::ListHashSetReverseIterator::operator--):
      (WTF::ListHashSetReverseIterator::operator==):
      (WTF::ListHashSetReverseIterator::operator!=):
      (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
      (WTF::ListHashSetReverseIterator::node):
      (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
      (WTF::ListHashSetConstReverseIterator::get):
      (WTF::ListHashSetConstReverseIterator::operator*):
      (WTF::ListHashSetConstReverseIterator::operator->):
      (WTF::ListHashSetConstReverseIterator::operator++):
      (WTF::ListHashSetConstReverseIterator::operator--):
      (WTF::ListHashSetConstReverseIterator::operator==):
      (WTF::ListHashSetConstReverseIterator::operator!=):
      (WTF::ListHashSetConstReverseIterator::node):
      (WTF::::rbegin):
      (WTF::::rend):
      (WTF::::makeReverseIterator):
      (WTF::::makeConstReverseIterator):
      (WTF::::makeConstIterator):
      
      Source/WebCore: https://bugs.webkit.org/show_bug.cgi?id=69372
              
      [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
      
      Reviewed by Anders Carlsson.
      
      No new tests, since plenty of results changed.
      
      * rendering/RenderFlowThread.cpp:
      (WebCore::RenderFlowThread::paintIntoRegion):
      (WebCore::RenderFlowThread::hitTestRegion):
      (WebCore::RenderFlowThread::repaintRectangleInRegions):
      (WebCore::RenderFlowThread::firstRegion):
      (WebCore::RenderFlowThread::lastRegion):
      * rendering/RenderFlowThread.h:
      * rendering/RenderRegion.cpp:
      (WebCore::RenderRegion::regionOverflowRect):
      (WebCore::RenderRegion::isFirstRegion):
      (WebCore::RenderRegion::isLastRegion):
      (WebCore::RenderRegion::layout):
      * rendering/RenderRegion.h:
      (WebCore::RenderRegion::setRegionRect):
      (WebCore::RenderRegion::regionRect):
      
      LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=69372
              
      [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
      
      Reviewed by Anders Carlsson.
      
      * platform/mac/fast/regions/content-flowed-into-regions-dynamically-removed-expected.png:
      * platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png:
      * platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png:
      * platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png:
      * platform/mac/fast/regions/percentage-margins-variable-width-regions-expected.png:
      * platform/mac/fast/regions/webkit-flow-double-pagination-float-push-expected.png:
      * platform/mac/fast/regions/webkit-flow-float-unable-to-push-expected.png:
      * platform/mac/fast/regions/webkit-flow-floats-inside-regions-bounds-expected.png:
      * platform/mac/fast/regions/webkit-flow-inlines-dynamic-expected.png:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96643 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      34c7902c
    • gavinp@chromium.org's avatar
      fix gtk breakage caused by changeset 96595 · f9fb54c1
      gavinp@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=69371
      
      ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
      the pretty printer on gtk, which should fix the build on that platform.
      
      Reviewed by NOBODY, this is a build fix.
      
      * wtf/Assertions.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96641 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f9fb54c1
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r96630. · 4faffd7b
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/96630
      https://bugs.webkit.org/show_bug.cgi?id=69368
      
      Caused assertion failures in validateCell (Requested by
      mhahnenberg on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-10-04
      
      Source/JavaScriptCore:
      
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanConstructor.h:
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
      (JSC::StrictModeTypeErrorFunction::getCallData):
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorConstructor.h:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionConstructor.h:
      * runtime/FunctionPrototype.cpp:
      * runtime/FunctionPrototype.h:
      
      Source/WebCore:
      
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96637 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4faffd7b
    • mhahnenberg@apple.com's avatar
      Add static ClassInfo structs to classes that override JSCell::getCallData · dd90ed20
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69311
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore:
      
      Added ClassInfo structs to each class that defined its own getCallData
      function but did not already have its own ClassInfo struct.  This is a
      necessary addition for when we switch over to looking up getCallData from
      the MethodTable in ClassInfo rather than doing the virtual call (which we
      are removing).  These new ClassInfo structs are public because we often
      use these structs in other areas of the code to uniquely identify JSC classes and
      to enforce runtime invariants based on those class identities using ASSERTs.
      
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanConstructor.h:
      
      getCallData was not marked as static is StrictModeTypeErrorFunction.
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
      (JSC::StrictModeTypeErrorFunction::getCallData):
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorConstructor.h:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionConstructor.h:
      * runtime/FunctionPrototype.cpp:
      * runtime/FunctionPrototype.h:
      
      Source/WebCore:
      
      No new tests.
      
      Added ClassInfo structs to each class that defined its own getCallData
      function but did not already have its own ClassInfo struct.  This is a
      necessary addition for when we switch over to looking up getCallData from
      the MethodTable in ClassInfo rather than doing the virtual call (which we
      are removing).  These new ClassInfo structs are public because we often
      use these structs in other areas of the code to uniquely identify JSC classes and
      to enforce runtime invariants based on those class identities using ASSERTs.
      
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96630 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dd90ed20
    • rniwa@webkit.org's avatar
      Leopard build fix after r96613. · 54009a4c
      rniwa@webkit.org authored
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96629 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      54009a4c
    • mhahnenberg@apple.com's avatar
      Implicitly add toString and valueOf to prototype when convertToType callback is provided · ff057a67
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69156
      
      Reviewed by Geoffrey Garen.
      
      Added callbacks for toString and valueOf which are implicitly added to a client object's
      prototype if they provide a convertToType callback when declaring their class through
      the JSC API.
      
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::toStringCallback):
      (JSC::JSCallbackFunction::valueOfCallback):
      * API/JSCallbackFunction.h:
      * API/JSClassRef.cpp:
      (OpaqueJSClass::prototype):
      * API/tests/testapi.js:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96627 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ff057a67
    • jonlee@apple.com's avatar
      Extend DOM WheelEvent to differentiate between physical and logical scroll directions · 736fb651
      jonlee@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68959
      <rdar://problem/10036688>
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore:
      
      * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.
      
      Source/WebCore:
      
      Test: fast/events/wheelevent-direction-inverted-from-device.html
      
      * dom/WheelEvent.cpp:
      (WebCore::WheelEvent::WheelEvent):
      (WebCore::WheelEvent::initWheelEvent):
      (WebCore::WheelEventDispatchMediator::WheelEventDispatchMediator):
      * dom/WheelEvent.h:
      (WebCore::WheelEvent::create):
      (WebCore::WheelEvent::webkitDirectionInvertedFromDevice):
      * dom/WheelEvent.idl: Added the webkitDirectionInvertedFromDevice idl attribute.
      * platform/PlatformWheelEvent.h:
      (WebCore::PlatformWheelEvent::PlatformWheelEvent):
      (WebCore::PlatformWheelEvent::webkitDirectionInvertedFromDevice):
      * platform/efl/PlatformWheelEventEfl.cpp:
      (WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
      * platform/gtk/PlatformWheelEventGtk.cpp:
      (WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
      * platform/mac/WheelEventMac.mm:
      (WebCore::PlatformWheelEvent::PlatformWheelEvent): if building on Lion or later, use
      [NSEvent isDirectionInvertedFromDevice].
      * platform/qt/WheelEventQt.cpp:
      (WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
      * platform/win/WheelEventWin.cpp:
      (WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
      * platform/wx/MouseWheelEventWx.cpp:
      (WebCore::PlatformWheelEvent::PlatformWheelEvent): default to false.
      
      Source/WebKit2:
      
      * Shared/WebEvent.h:
      (WebKit::WebWheelEvent::directionInvertedFromDevice):
      * Shared/WebEventConversion.cpp:
      (WebKit::WebKit2PlatformWheelEvent::WebKit2PlatformWheelEvent):
      * Shared/WebWheelEvent.cpp:
      (WebKit::WebWheelEvent::WebWheelEvent):
      (WebKit::WebWheelEvent::encode):
      (WebKit::WebWheelEvent::decode):
      * Shared/mac/WebEventFactory.mm:
      (WebKit::WebEventFactory::createWebWheelEvent): get the flag from the NSEvent.
      * UIProcess/WebPageProxy.cpp:
      (WebKit::coalesce):
      
      LayoutTests:
      
      * fast/events/wheelevent-direction-inverted-from-device-expected.txt: Added.
      * fast/events/wheelevent-direction-inverted-from-device.html: Added.
      * platform/mac-wk2/Skipped: WKTR does not support mouse scroll events yet.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96613 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      736fb651
    • ossy@webkit.org's avatar
      MinGW warning fix after r96286. · eaa2073c
      ossy@webkit.org authored
      Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:
      
      Reviewed by Tor Arne Vestbø.
      
      * assembler/MacroAssemblerCodeRef.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96598 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      eaa2073c
    • gavinp@chromium.org's avatar
      add more stack dumping methods · bd3152c8
      gavinp@chromium.org authored
             https://bugs.webkit.org/show_bug.cgi?id=69018
      
             In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
             WebKit programmatically retrieve the current stack.  This is useful if you need to add more
             reporting to field crash report uploads, if you're tracking down an irreproducable bug,
             for instance.
      
             Reviewed by Darin Adler.
      
             * wtf/Assertions.cpp:
             * wtf/Assertions.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96595 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bd3152c8
  2. 03 Oct, 2011 13 commits
    • fpizlo@apple.com's avatar
      DFG should inline Array.push and Array.pop · 3cc9cbff
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69314
      
      Reviewed by Geoff Garen.
              
      Fix 32-bit.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96569 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3cc9cbff
    • fpizlo@apple.com's avatar
      DFG should inline Array.push and Array.pop · 24d24e5b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69314
      
      Reviewed by Oliver Hunt.
              
      1% speed-up in V8 due to 6% speed-up in V8-deltablue.
      
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::storePtr):
      * create_hash_table:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGIntrinsic.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasHeapPrediction):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::getByValLoadElimination):
      (JSC::DFG::Propagator::getMethodLoadElimination):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96567 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      24d24e5b
    • fpizlo@apple.com's avatar
      JSC ASSERT Opening the Web Inspector · 94551a41
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69293
      
      Reviewed by Oliver Hunt.
      
      If a polymorphic access structure list has a duplicated structure, then
      don't crash.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96564 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      94551a41
    • barraclough@apple.com's avatar
      On X86, switch bucketCount into a register, timeoutCheck into memory · 70558a37
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69299
      
      Reviewed by Geoff Garen.
      
      We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
      it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
      but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
      function too frequently (regressing performance). This patch has no perf impact on sunspider.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::branchAdd32):
      (JSC::MacroAssemblerX86::branchSub32):
          - Added branchSub32 with AbsoluteAddress.
      * jit/JIT.cpp:
      (JSC::JIT::emitTimeoutCheck):
          - Keep timeout count in memory on X86.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitValueProfilingSite):
          - remove X86 specific code, switch bucket count back into a register.
      * jit/JITStubs.cpp:
          - Stop initializing esi (it is no longer the timeoutCheck!)
      * jit/JSInterfaceJIT.h:
          - change definition of esi to be the bucketCountRegister.
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
          - Add timeoutCount as a property to global data (the counter should be per-thread).
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96563 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      70558a37
    • fpizlo@apple.com's avatar
      DFG backends don't have access to per-node predictions from the propagator · d30b1206
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69291
      
      Reviewed by Oliver Hunt.
              
      Nodes now have two notion of predictions: the heap prediction, which is
      what came directly from value profiling, and the propagator's predictions,
      which arise out of abstract interpretation. Every node has a propagator
      prediction, but not every node has a heap prediction; and there is no
      guarantee that a node that has both will keep them consistent as the
      propagator may have additional information available to it.
              
      This is performance neutral.
      
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::getPrediction):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (JSC::DFG::Node::hasHeapPrediction):
      (JSC::DFG::Node::getHeapPrediction):
      (JSC::DFG::Node::predictHeap):
      (JSC::DFG::Node::prediction):
      (JSC::DFG::Node::predict):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::Propagator):
      (JSC::DFG::Propagator::setPrediction):
      (JSC::DFG::Propagator::mergePrediction):
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::fixupNode):
      (JSC::DFG::Propagator::isPredictedNumerical):
      (JSC::DFG::Propagator::logicalNotIsPure):
      (JSC::DFG::Propagator::setReplacement):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96562 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d30b1206
    • jer.noble@apple.com's avatar
      Unreviewed, rolling out r96526. · ad9dc384
      jer.noble@apple.com authored
      http://trac.webkit.org/changeset/96526
      https://bugs.webkit.org/show_bug.cgi?id=68587
      
      WEB_AUDIO has numerous 64->32 bit casting warnings, causing
      build breakages where -Wall is enabled.
      
      Source/JavaScriptCore:
      
      * Configurations/FeatureDefines.xcconfig:
      * wtf/Platform.h:
      
      Source/WebCore:
      
      * Configurations/FeatureDefines.xcconfig:
      * WebCore.xcodeproj/project.pbxproj:
      
      Source/WebKit/mac:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      * Configurations/FeatureDefines.xcconfig:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96545 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ad9dc384
    • barraclough@apple.com's avatar
      Unreviewed build fix for DFG JIT 32_64. · 5c4f4337
      barraclough@apple.com authored
      * dfg/DFGJITCompiler32_64.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96534 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5c4f4337
    • fpizlo@apple.com's avatar
      DFG should speculate more aggressively on obvious cases on · 752f7d98
      fpizlo@apple.com authored
      polymorphic get_by_id
      https://bugs.webkit.org/show_bug.cgi?id=69235
      
      Reviewed by Oliver Hunt.
              
      This implements trivial polymorphic get_by_id. It also fixes
      problems in the CSE for CheckStructure in the put_by_id
      transition case.
              
      Doing this required knowing whether a polymorphic get_by_id stub
      was doing a direct access rather than a call of some kind.
              
      Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
      scaled mean of all benchmarks.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Instruction.h:
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::cellConstant):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addStructureSet):
      (JSC::DFG::Graph::addStructureTransitionData):
      * dfg/DFGNode.h:
      (JSC::DFG::StructureTransitionData::StructureTransitionData):
      (JSC::DFG::Node::hasStructureTransitionData):
      (JSC::DFG::Node::structureTransitionData):
      (JSC::DFG::Node::hasStructureSet):
      (JSC::DFG::Node::structureSet):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::checkStructureLoadElimination):
      (JSC::DFG::Propagator::performNodeCSE):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureSet.h: Added.
      (JSC::DFG::StructureSet::StructureSet):
      (JSC::DFG::StructureSet::add):
      (JSC::DFG::StructureSet::addAll):
      (JSC::DFG::StructureSet::remove):
      (JSC::DFG::StructureSet::contains):
      (JSC::DFG::StructureSet::isSubsetOf):
      (JSC::DFG::StructureSet::isSupersetOf):
      (JSC::DFG::StructureSet::size):
      (JSC::DFG::StructureSet::at):
      (JSC::DFG::StructureSet::operator[]):
      (JSC::DFG::StructureSet::last):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96527 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      752f7d98
    • jer.noble@apple.com's avatar
      Enable WEB_AUDIO by default in the WebKit/mac port. · c1ee1afa
      jer.noble@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68587
      
      Reviewed by Simon Fraser.
      
      Source/JavaScriptCore:
      
      * Configurations/FeatureDefines.xcconfig:
      * wtf/Platform.h:
      
      Source/WebCore:
      
      No new tests; existing webaudio/ layout tests cover this.
      
      * Configurations/FeatureDefines.xcconfig:
      * WebCore.xcodeproj/project.pbxproj: Add a build step which copies audio resources to
          the WebCore.framework bundle.
      
      Source/WebKit/mac:
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2:
      
      * Configurations/FeatureDefines.xcconfig:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96526 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c1ee1afa
    • carlosgc@webkit.org's avatar
      [GTK] Fix make distcheck build · a4dc4508
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=69243
      
      Reviewed by Martin Robinson.
      
      Source/JavaScriptCore:
      
      * GNUmakefile.list.am:
      
      Source/WebCore:
      
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96505 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4dc4508
    • ossy@webkit.org's avatar
      [Qt] Build fix: Qt::escape is deprecated in Qt5 · 362cc3f1
      ossy@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=69162
      
      Use QString::toHtmlEscaped in the Qt5 case.
      
      Source/JavaScriptCore:
      
      Patch by Pierre Rossi <pierre.rossi@gmail.com> on 2011-10-03
      Reviewed by Andreas Kling.
      
      * JavaScriptCore.pri:
      * wtf/qt/UtilsQt.h: Added.
      (escapeHtml):
      * wtf/wtf.pri:
      
      Source/WebCore:
      
      Patch by Pierre Rossi <pierre.rossi@gmail.com> on 2011-10-03
      Reviewed by Andreas Kling.
      
      No new tests needed.
      
      * WebCore.pro: adjust the include path accordingly
      in the v8 case.
      
      Source/WebKit/qt:
      
      Patch by Pierre Rossi <pierre.rossi@gmail.com> on 2011-10-03
      Reviewed by Andreas.
      
      * Api/qwebpage.cpp:
      (QWebPage::javaScriptAlert):
      (QWebPage::javaScriptConfirm):
      (QWebPage::javaScriptPrompt):
      * WebCoreSupport/ChromeClientQt.cpp:
      (WebCore::ChromeClientQt::setToolTip):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96503 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      362cc3f1
    • kbalazs@webkit.org's avatar
      libdispatch based ParallelJobs is not enough parallel · a29e08d7
      kbalazs@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=66378
      
      Reviewed by Zoltan Herczeg.
      
      Use the appropriate libdispatch API for our use case.
      Throw away the hard coded limit of parallel threads
      and use dispatch_apply with the default priority normal
      queue istead of using our own custom serial queue (which
      was a misuse of the API). Enabling PARALLEL_JOBS is now
      a 60% win (2.63x as fast) on the methanol benchmark
      (https://gitorious.org/methanol) with an SVG centric test set
      while the old implementation was almost identical (less than 5% win).
      
      * wtf/ParallelJobsLibdispatch.h:
      (WTF::ParallelEnvironment::ParallelEnvironment):
      (WTF::ParallelEnvironment::execute):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96492 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a29e08d7
    • zherczeg@webkit.org's avatar
      [Qt]REGRESSION(r95912): It made sputnik tests flakey · 39150614
      zherczeg@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68990
      
      Reviewed by Geoffrey Garen.
      
      Changing signed char to int in r96354 solved the
      problem. However transitionCount still returns
      with a signed char and should be changed to int.
      
      * runtime/Structure.h:
      (JSC::Structure::transitionCount):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96483 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      39150614
  3. 02 Oct, 2011 2 commits
    • fpizlo@apple.com's avatar
      DFG misses some obvious opportunities for common subexpression elimination · f18d7e82
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69233
      
      Reviewed by Oliver Hunt.
              
      0.7% speed-up on SunSpider.
      
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::getByValLoadElimination):
      (JSC::DFG::Propagator::getMethodLoadElimination):
      (JSC::DFG::Propagator::checkStructureLoadElimination):
      (JSC::DFG::Propagator::getByOffsetLoadElimination):
      (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
      (JSC::DFG::Propagator::performNodeCSE):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f18d7e82
    • barraclough@apple.com's avatar
      Bug 67455 - Different regular expression result · 4d838411
      barraclough@apple.com authored
      Reviewed by Darin Adler.
              
      Fix a regression introduced in r72140. A return was added to the backtracking loop for
      backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
      This is incorrect. The additional return should only trigger to force an early return if
      an error has occured.
      
      Source/JavaScriptCore: 
      
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::Interpreter::matchParentheses):
          - Simplify some nested if else logic.
      (JSC::Yarr::Interpreter::backtrackParentheses):
          - Simplify some nested if else logic.
          - Only return early from backtrackParentheses on success/error, not on failure.
      
      LayoutTests: 
      
      * fast/regex/parentheses-expected.txt:
      * fast/regex/script-tests/parentheses.js:
          - Added test cases from bug.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96479 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4d838411
  4. 01 Oct, 2011 5 commits
    • ggaren@apple.com's avatar
      Removed redundant helper functions for allocating Strong handles · 7746b2ed
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69218
      
      Reviewed by Sam Weinig.
      
      ../JavaScriptCore: 
      
      * heap/Heap.h:
      (JSC::Heap::handleHeap):
      * runtime/JSGlobalData.h: Removed these helper functions, since they
      just created indirection.
      
      * heap/StrongInlines.h: Added. Broke out a header for inline functions
      to resolve circular dependencies created by inlining. I'm told this is
      the future for JavaScriptCore.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::init):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::add):
      (JSC::WeakGCMap::set):
      * runtime/StructureTransitionTable.h:
      (JSC::StructureTransitionTable::setSingleTransition):
      * heap/Local.h:
      (JSC::::Local):
      * heap/Strong.h:
      (JSC::::Strong):
      (JSC::::set):
      * heap/Weak.h:
      (JSC::Weak::Weak):
      (JSC::Weak::set): Allocate handles directly instead of going through a
      chain of forwarding functions.
      
      * bytecompiler/BytecodeGenerator.cpp:
      * runtime/JSGlobalData.cpp:
      * runtime/LiteralParser.cpp:
      * runtime/RegExpCache.cpp: Updated for header changes.
      
      ../JavaScriptGlue: 
      
      * JSRun.cpp:
      * JSValueWrapper.cpp:
      
      ../WebCore: 
      
      * ForwardingHeaders/heap/StrongInlines.h: Added.
      * bindings/js/JSCallbackData.h:
      * bindings/js/JSDOMWindowShell.cpp:
      * bindings/js/ScheduledAction.h:
      * bindings/js/ScriptCachedFrameData.cpp:
      * bindings/js/ScriptController.cpp:
      * bindings/js/ScriptState.cpp:
      * bindings/js/ScriptValue.h:
      * bindings/js/WorkerScriptController.cpp:
      * bridge/runtime_root.cpp:
      
      ../WebKit2: 
      
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96465 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7746b2ed
    • fpizlo@apple.com's avatar
      All of JSC's heuristics should be in one place for easier tuning · 7125f98c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69201
      
      Reviewed by Oliver Hunt.
              
      This makes it possible to change tiered compilation heuristics in
      one place (Heuristics.cpp) without recompiling the whole project.
              
      It also makes it possible to enable setting heuristics using
      environment variables. This is off by default. When turned on, it
      makes tuning the system much easier.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      * runtime/Heuristics.cpp: Added.
      (JSC::Heuristics::parse):
      (JSC::Heuristics::setHeuristic):
      (JSC::Heuristics::initializeHeuristics):
      * runtime/Heuristics.h: Added.
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96463 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7125f98c
    • oliver@apple.com's avatar
      Support string length in the DFG · c1707fca
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69215
      
      Reviewed by Geoff Garen.
      
      Adds a GetStringLength node to the DFG so that we can support
      string.length inline.
      
      * dfg/DFGNode.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::fixupNode):
      (JSC::DFG::Propagator::performNodeCSE):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::isKnownString):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/JSString.h:
      (JSC::JSString::offsetOfLength):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96461 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c1707fca
    • commit-queue@webkit.org's avatar
      JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be... · 43646c30
      commit-queue@webkit.org authored
      JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
      https://bugs.webkit.org/show_bug.cgi?id=69205
      
      Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-10-01
      Reviewed by Gavin Barraclough.
      
      If there are unboxed integers and cells in register file (e.g. by SetLocal),
      they must be reboxed before exiting from the speculative DFG JIT execution.
      This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
      ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).
      
      * dfg/DFGJITCompiler32_64.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::ValueSource::dump):
      (JSC::DFG::ValueRecovery::dump):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::ValueSource::forPrediction):
      (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96458 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43646c30
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r96421. · 64f9e02c
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/96421
      https://bugs.webkit.org/show_bug.cgi?id=69206
      
      It broke Qt-WK2 build (Requested by ossy on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-10-01
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.pri:
      * wtf/qt/UtilsQt.h: Removed.
      * wtf/wtf.pri:
      
      Source/WebCore:
      
      * WebCore.pro:
      
      Source/WebKit/qt:
      
      * Api/qwebpage.cpp:
      (QWebPage::javaScriptAlert):
      (QWebPage::javaScriptConfirm):
      (QWebPage::javaScriptPrompt):
      * WebCoreSupport/ChromeClientQt.cpp:
      (WebCore::ChromeClientQt::setToolTip):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96455 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      64f9e02c
  5. 30 Sep, 2011 6 commits
    • dbates@webkit.org's avatar
      2011-09-30 Daniel Bates <dbates@webkit.org> · d710332b
      dbates@webkit.org authored
              Attempt to fix the Apple Windows and WinCairo Debug builds after
              <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).
      
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
              ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
              corresponding function, JSValue::toStrictThisObject(), was removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96453 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d710332b
    • commit-queue@webkit.org's avatar
      DFG operation results are not set correctly in JSVALUE32_64 DFG JIT · 206d9f15
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=69126
      
      Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-09-30
      Reviewed by Gavin Barraclough.
      
      The setupResults routine has the bug of reversing the source and destination.
      Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
      
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::setupTwoStubArgs):
      (JSC::DFG::setupResults):
      * dfg/DFGJITCodeGenerator32_64.cpp:
      (JSC::DFG::JITCodeGenerator::fillJSValue):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96451 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      206d9f15
    • barraclough@apple.com's avatar
      Remove toStrictThisObject, toThisString, toThisJSString · 4d5e46b5
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69203
      
      Rubber stamped by Sam Weinig
      
      These are no longer used.
      
      ../JavaScriptCore: 
      
      * JavaScriptCore.exp:
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSObject.cpp:
      * runtime/JSObject.h:
      * runtime/JSStaticScopeObject.cpp:
      * runtime/JSStaticScopeObject.h:
      * runtime/JSValue.h:
      * runtime/StrictEvalActivation.cpp:
      * runtime/StrictEvalActivation.h:
      
      ../WebCore: 
      
      * bindings/js/JSDOMWindowBase.cpp:
      * bindings/js/JSDOMWindowBase.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96446 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4d5e46b5
    • fpizlo@apple.com's avatar
      DFG does not speculate aggressively enough on put_by_id · d7113640
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69114
      
      Reviewed by Oliver Hunt.
      
      This adds new nodes along with optimizations for those nodes:
              
      GetPropertyStorage: CheckStructure used to do both the structure
      check and retrieve the storage pointer. Now CheckStructure just
      checks the structure, and GetPropertyStorage retrieves the
      storage pointer.
              
      PutStructure: Changes the structure, and has the expected store
      to load optimization with CheckStructure.
              
      PutByOffset: Directly sets the value. Has store to load
      optimization with GetByOffset.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::cellConstant):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGJITCodeGenerator.cpp:
      (JSC::DFG::JITCodeGenerator::writeBarrier):
      * dfg/DFGJITCodeGenerator.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasStructure):
      (JSC::DFG::Node::hasStorageAccessData):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::impureCSE):
      (JSC::DFG::Propagator::checkStructureLoadElimination):
      (JSC::DFG::Propagator::getByOffsetLoadElimination):
      (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
      (JSC::DFG::Propagator::eliminate):
      (JSC::DFG::Propagator::performNodeCSE):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96443 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d7113640
    • barraclough@apple.com's avatar
      StringRecursionChecker should not work in terms of EncodedJSValue · 4782ba83
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69188
      
      Reviewed by Oliver Hunt.
      
      0 is not the empty value on 32_64.
      Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncToLocaleString):
      (JSC::arrayProtoFuncJoin):
      * runtime/ErrorPrototype.cpp:
      (JSC::errorProtoFuncToString):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      * runtime/StringRecursionChecker.cpp:
      (JSC::StringRecursionChecker::throwStackOverflowError):
      (JSC::StringRecursionChecker::emptyString):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      (JSC::StringRecursionChecker::earlyReturnValue):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4782ba83
    • barraclough@apple.com's avatar
      DFG JIT, Branch on integer can always be a 32-bit compare. · 112b8596
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69174
      
      Reviewed by Sam Weinig.
      
      if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
      the JSVALUE64 JIT will currently compare all 64bits in the register, but in
      these cases the DataFormat is always a JS boxed integer. In these cases we
      can just compare the low 32bits anyway - no need to check the tag.
      This allows the code to be unified with the JSVALUE32_64 JIT.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96436 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      112b8596