1. 04 Oct, 2011 4 commits
    • mhahnenberg@apple.com's avatar
      Add static ClassInfo structs to classes that override JSCell::getCallData · 77d198e8
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69311
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      Added ClassInfo structs to each class that defined its own getCallData 
      function but did not already have its own ClassInfo struct.  This is a 
      necessary addition for when we switch over to looking up getCallData from 
      the MethodTable in ClassInfo rather than doing the virtual call (which we 
      are removing).  These new ClassInfo structs are public because we often 
      use these structs in other areas of the code to uniquely identify JSC classes and 
      to enforce runtime invariants based on those class identities using ASSERTs.
      Also added new createStructure methods to those classes that didn't have 
      them so that the new ClassInfo structs would be used when creating the Structures 
      in these classes.
      
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      
      getCallData was not marked as static in StrictModeTypeErrorFunction.  
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
      (JSC::StrictModeTypeErrorFunction::getCallData):
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      * runtime/FunctionPrototype.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Added ClassInfo structs to each class that defined its own getCallData 
      function but did not already have its own ClassInfo struct.  This is a 
      necessary addition for when we switch over to looking up getCallData from 
      the MethodTable in ClassInfo rather than doing the virtual call (which we 
      are removing).  These new ClassInfo structs are public because we often 
      use these structs in other areas of the code to uniquely identify JSC classes and 
      to enforce runtime invariants based on those class identities using ASSERTs.
      Also added new createStructure methods to those classes that didn't have 
      them so that the new ClassInfo structs would be used when creating the Structures 
      in these classes.
      
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96674 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      77d198e8
    • ggaren@apple.com's avatar
      Some JSValue cleanup · 7831f0c3
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69320
      
      ../JavaScriptCore: 
      
      Reviewed by Darin Adler.
              
      No measurable performance change.
      
      Removed some JSValue::get* functions. get* used to be an optimization
      when every value operation was a virtual function call: get* would combine
      two virtual calls into one. Now, with non-virtual, inlined functions, get*
      isn't faster, and may be slightly slower.
      
      Merged getBoolean(bool&) and getBoolean() into asBoolean().
      
      Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
      asNumber().
      
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::asNumber):
      (JSC::JSValue::asBoolean): As promised!
      
      * runtime/NumberPrototype.cpp:
      (JSC::toThisNumber):
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      (JSC::numberProtoFuncToLocaleString):
      (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
      by switching to toThisNumber().
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::toNumber):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueOfNumberConstant):
      (JSC::DFG::Graph::valueOfBooleanConstant):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/DateInstance.h:
      (JSC::DateInstance::internalNumber):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/JSArray.cpp:
      (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
      getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
      
      * runtime/JSCell.cpp:
      * runtime/JSCell.h: Nixed getJSNumber().
      
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncParseInt):
      * runtime/JSONObject.cpp:
      (JSC::gap):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::appendStringifiedValue):
      * runtime/NumberObject.cpp:
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/Operations.h:
      (JSC::JSValue::equalSlowCaseInline):
      (JSC::JSValue::strictEqual):
      (JSC::jsLess):
      (JSC::jsLessEq):
      (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
      getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
      
      ../WebCore: 
      
      Reviewed by Darin Adler.
      
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::valueToDate):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSSQLTransactionCustom.cpp:
      (WebCore::JSSQLTransaction::executeSql):
      * bindings/js/JSSQLTransactionSyncCustom.cpp:
      (WebCore::JSSQLTransactionSync::executeSql):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::dumpIfTerminal):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue): Updated for JSC changes.
      
      ../WebKit/mac: 
      
      Reviewed by Darin Adler.
      
      * WebView/WebView.mm:
      (aeDescFromJSValue): Updated for JSC changes.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96673 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7831f0c3
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r96630. · 4faffd7b
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/96630
      https://bugs.webkit.org/show_bug.cgi?id=69368
      
      Caused assertion failures in validateCell (Requested by
      mhahnenberg on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-10-04
      
      Source/JavaScriptCore:
      
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanConstructor.h:
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
      (JSC::StrictModeTypeErrorFunction::getCallData):
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorConstructor.h:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionConstructor.h:
      * runtime/FunctionPrototype.cpp:
      * runtime/FunctionPrototype.h:
      
      Source/WebCore:
      
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96637 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4faffd7b
    • mhahnenberg@apple.com's avatar
      Add static ClassInfo structs to classes that override JSCell::getCallData · dd90ed20
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69311
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore:
      
      Added ClassInfo structs to each class that defined its own getCallData
      function but did not already have its own ClassInfo struct.  This is a
      necessary addition for when we switch over to looking up getCallData from
      the MethodTable in ClassInfo rather than doing the virtual call (which we
      are removing).  These new ClassInfo structs are public because we often
      use these structs in other areas of the code to uniquely identify JSC classes and
      to enforce runtime invariants based on those class identities using ASSERTs.
      
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanConstructor.h:
      
      getCallData was not marked as static is StrictModeTypeErrorFunction.
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
      (JSC::StrictModeTypeErrorFunction::getCallData):
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorConstructor.h:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionConstructor.h:
      * runtime/FunctionPrototype.cpp:
      * runtime/FunctionPrototype.h:
      
      Source/WebCore:
      
      No new tests.
      
      Added ClassInfo structs to each class that defined its own getCallData
      function but did not already have its own ClassInfo struct.  This is a
      necessary addition for when we switch over to looking up getCallData from
      the MethodTable in ClassInfo rather than doing the virtual call (which we
      are removing).  These new ClassInfo structs are public because we often
      use these structs in other areas of the code to uniquely identify JSC classes and
      to enforce runtime invariants based on those class identities using ASSERTs.
      
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96630 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dd90ed20
  2. 03 Oct, 2011 2 commits
    • barraclough@apple.com's avatar
      On X86, switch bucketCount into a register, timeoutCheck into memory · 70558a37
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69299
      
      Reviewed by Geoff Garen.
      
      We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
      it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
      but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
      function too frequently (regressing performance). This patch has no perf impact on sunspider.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::branchAdd32):
      (JSC::MacroAssemblerX86::branchSub32):
          - Added branchSub32 with AbsoluteAddress.
      * jit/JIT.cpp:
      (JSC::JIT::emitTimeoutCheck):
          - Keep timeout count in memory on X86.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitValueProfilingSite):
          - remove X86 specific code, switch bucket count back into a register.
      * jit/JITStubs.cpp:
          - Stop initializing esi (it is no longer the timeoutCheck!)
      * jit/JSInterfaceJIT.h:
          - change definition of esi to be the bucketCountRegister.
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
          - Add timeoutCount as a property to global data (the counter should be per-thread).
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96563 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      70558a37
    • zherczeg@webkit.org's avatar
      [Qt]REGRESSION(r95912): It made sputnik tests flakey · 39150614
      zherczeg@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=68990
      
      Reviewed by Geoffrey Garen.
      
      Changing signed char to int in r96354 solved the
      problem. However transitionCount still returns
      with a signed char and should be changed to int.
      
      * runtime/Structure.h:
      (JSC::Structure::transitionCount):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96483 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      39150614
  3. 01 Oct, 2011 3 commits
    • ggaren@apple.com's avatar
      Removed redundant helper functions for allocating Strong handles · 7746b2ed
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69218
      
      Reviewed by Sam Weinig.
      
      ../JavaScriptCore: 
      
      * heap/Heap.h:
      (JSC::Heap::handleHeap):
      * runtime/JSGlobalData.h: Removed these helper functions, since they
      just created indirection.
      
      * heap/StrongInlines.h: Added. Broke out a header for inline functions
      to resolve circular dependencies created by inlining. I'm told this is
      the future for JavaScriptCore.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::init):
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::add):
      (JSC::WeakGCMap::set):
      * runtime/StructureTransitionTable.h:
      (JSC::StructureTransitionTable::setSingleTransition):
      * heap/Local.h:
      (JSC::::Local):
      * heap/Strong.h:
      (JSC::::Strong):
      (JSC::::set):
      * heap/Weak.h:
      (JSC::Weak::Weak):
      (JSC::Weak::set): Allocate handles directly instead of going through a
      chain of forwarding functions.
      
      * bytecompiler/BytecodeGenerator.cpp:
      * runtime/JSGlobalData.cpp:
      * runtime/LiteralParser.cpp:
      * runtime/RegExpCache.cpp: Updated for header changes.
      
      ../JavaScriptGlue: 
      
      * JSRun.cpp:
      * JSValueWrapper.cpp:
      
      ../WebCore: 
      
      * ForwardingHeaders/heap/StrongInlines.h: Added.
      * bindings/js/JSCallbackData.h:
      * bindings/js/JSDOMWindowShell.cpp:
      * bindings/js/ScheduledAction.h:
      * bindings/js/ScriptCachedFrameData.cpp:
      * bindings/js/ScriptController.cpp:
      * bindings/js/ScriptState.cpp:
      * bindings/js/ScriptValue.h:
      * bindings/js/WorkerScriptController.cpp:
      * bridge/runtime_root.cpp:
      
      ../WebKit2: 
      
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96465 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7746b2ed
    • fpizlo@apple.com's avatar
      All of JSC's heuristics should be in one place for easier tuning · 7125f98c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69201
      
      Reviewed by Oliver Hunt.
              
      This makes it possible to change tiered compilation heuristics in
      one place (Heuristics.cpp) without recompiling the whole project.
              
      It also makes it possible to enable setting heuristics using
      environment variables. This is off by default. When turned on, it
      makes tuning the system much easier.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      * runtime/Heuristics.cpp: Added.
      (JSC::Heuristics::parse):
      (JSC::Heuristics::setHeuristic):
      (JSC::Heuristics::initializeHeuristics):
      * runtime/Heuristics.h: Added.
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96463 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7125f98c
    • oliver@apple.com's avatar
      Support string length in the DFG · c1707fca
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69215
      
      Reviewed by Geoff Garen.
      
      Adds a GetStringLength node to the DFG so that we can support
      string.length inline.
      
      * dfg/DFGNode.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::fixupNode):
      (JSC::DFG::Propagator::performNodeCSE):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::isKnownString):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/JSString.h:
      (JSC::JSString::offsetOfLength):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96461 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c1707fca
  4. 30 Sep, 2011 3 commits
  5. 29 Sep, 2011 3 commits
    • mhahnenberg@apple.com's avatar
      De-virtualize JSCell::toObject · b6e2ac66
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68937
      
      Reviewed by Darin Adler.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      
      De-virtualized JSCell::toObject and changed its implementation to manually check the
      cases for JSString and JSObject rather than leaving it up to the virtual method call.
      * runtime/JSCell.cpp:
      (JSC::JSCell::toObject):
      * runtime/JSCell.h:
      
      Removed JSNotAnObject::toObject because the case for JSObject works for it.
      Also removed JSObject::toObject because it was essentially the identity function,
      which is not necessary since toObject is no longer virtual.
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSObject.cpp:
      * runtime/JSObject.h:
      
      De-virtualized JSObject::toObject and JSString::toObject.
      * runtime/JSString.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96381 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b6e2ac66
    • fpizlo@apple.com's avatar
      Structure transitions involving many (> 64) properties sometimes cause structure corruption · 01347913
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69102
      
      Reviewed by Darin Adler.
              
      Made m_offset an int instead of a signed char. Changed the code to ensure that transitions
      don't lead to the dictionary kind being forgotten.
              
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      * runtime/Structure.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96354 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      01347913
    • mhahnenberg@apple.com's avatar
      De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods · 8687da90
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68839
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Removed the remaining visitChildrenVirtual methods.  This patch completes the process of
      de-virtualizing visitChildren.
      
      * API/JSCallbackObject.h:
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/Executable.cpp:
      * runtime/Executable.h:
      * runtime/GetterSetter.cpp:
      * runtime/GetterSetter.h:
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      * runtime/JSArray.h:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.cpp:
      * runtime/JSPropertyNameIterator.cpp:
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSStaticScopeObject.cpp:
      * runtime/JSStaticScopeObject.h:
      * runtime/JSValue.h:
      * runtime/NativeErrorConstructor.cpp:
      * runtime/NativeErrorConstructor.h:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpObject.h:
      * runtime/Structure.cpp:
      * runtime/Structure.h:
      * runtime/StructureChain.cpp:
      * runtime/StructureChain.h:
      
      Inlined the method table access and call to the visitChildren function (the only call sites
      to visitChildren are here).
      * heap/MarkStack.cpp:
      (JSC::SlotVisitor::visitChildren):
      
      Changed the field name for the visitChildren function pointer to visitChildren (from
      visitChildrenFunctionPtr) to make call sites less verbose.
      * runtime/ClassInfo.h:
      
      Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but
      overrides visitChildren, so it needs to have its own ClassInfo.
      * runtime/JSBoundFunction.cpp:
      * runtime/JSBoundFunction.h:
      
      Had to move className up to make sure that the virtual destructor in JSObject wasn't
      the first non-inline virtual method in JSObject (as per the comment in the file).
      Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
      to mitigate the cost of an extra method call.
      
      Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make
      call sites more concise.  Implementation is inline in JSObject.h.
      * runtime/JSObject.h:
      (JSC::JSCell::methodTable):
      * runtime/JSCell.h:
      
      Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to
      appease the vtable gods.  It refused to compile if there were no virtual methods in
      both of these classes due to the presence of a weak vtable pointer.
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::~JSWrapperObject):
      * runtime/JSWrapperObject.h:
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::~ScopeChainNode):
      * runtime/ScopeChain.h:
      
      Source/JavaScriptGlue:
      
      Removed the remaining visitChildrenVirtual methods.  This patch completes the process of
      de-virtualizing visitChildren.
      
      * UserObjectImp.cpp:
      * UserObjectImp.h:
      
      Source/WebCore:
      
      No new tests.
      
      Removed the remaining visitChildrenVirtual methods.  This patch completes the process of
      de-virtualizing visitChildren.
      
      * WebCore.exp.in:
      * bindings/js/JSAttrCustom.cpp:
      * bindings/js/JSAudioContextCustom.cpp:
      * bindings/js/JSCSSRuleCustom.cpp:
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::~JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::finishCreation):
      * bindings/js/JSDOMGlobalObject.h:
      * bindings/js/JSDOMWindowCustom.cpp:
      * bindings/js/JSDOMWindowShell.cpp:
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      * bindings/js/JSMessageChannelCustom.cpp:
      * bindings/js/JSMessagePortCustom.cpp:
      * bindings/js/JSNamedNodeMapCustom.cpp:
      * bindings/js/JSNodeCustom.cpp:
      * bindings/js/JSNodeFilterCustom.cpp:
      * bindings/js/JSNodeIteratorCustom.cpp:
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      * bindings/js/JSSharedWorkerCustom.cpp:
      * bindings/js/JSStyleSheetCustom.cpp:
      * bindings/js/JSTreeWalkerCustom.cpp:
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      * bindings/js/JSWorkerContextCustom.cpp:
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      * bindings/js/JSXPathResultCustom.cpp:
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/qt/qt_instance.cpp:
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96346 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8687da90
  6. 28 Sep, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=64679 · 80032cc2
      barraclough@apple.com authored
      Fix bugs in Array.prototype this handling.
      
      Reviewed by Oliver Hunt.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      (JSC::arrayProtoFuncIndexOf):
      (JSC::arrayProtoFuncLastIndexOf):
          - These methods should throw if this value is undefined.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      80032cc2
  7. 27 Sep, 2011 4 commits
    • mhahnenberg@apple.com's avatar
      Source/JavaScriptCore: Add static version of JSCell::getCallData · 2413eb86
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68741
      
      Reviewed by Darin Adler.
      
      In this patch we just extract the bodies of the virtual getCallData methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of getCallData into our own method table stored in 
      ClassInfo.  We need to convert the methods to static methods because static methods 
      can be represented as function pointers rather than pointers to member functions, and
      function pointers are smaller and faster to call than pointers to member functions.
      
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::getCallDataVirtual):
      (JSC::JSCallbackFunction::getCallData):
      * API/JSCallbackFunction.h:
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getCallDataVirtual):
      (JSC::::getCallData):
      * API/JSObjectRef.cpp:
      (JSObjectIsFunction):
      (JSObjectCallAsFunction):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::getCallDataVirtual):
      (JSC::ArrayConstructor::getCallData):
      * runtime/ArrayConstructor.h:
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::getCallDataVirtual):
      (JSC::BooleanConstructor::getCallData):
      * runtime/BooleanConstructor.h:
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::getCallDataVirtual):
      (JSC::DateConstructor::getCallData):
      * runtime/DateConstructor.h:
      * runtime/Error.cpp:
      (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
      (JSC::StrictModeTypeErrorFunction::getCallData):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::getCallDataVirtual):
      (JSC::ErrorConstructor::getCallData):
      * runtime/ErrorConstructor.h:
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::getCallDataVirtual):
      (JSC::FunctionConstructor::getCallData):
      * runtime/FunctionConstructor.h:
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::getCallDataVirtual):
      (JSC::FunctionPrototype::getCallData):
      * runtime/FunctionPrototype.h:
      * runtime/InternalFunction.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getCallDataVirtual):
      (JSC::JSCell::getCallData):
      * runtime/JSCell.h:
      (JSC::getCallData):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getCallDataVirtual):
      (JSC::JSFunction::getCallData):
      * runtime/JSFunction.h:
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::toJSON):
      (JSC::Stringifier::appendStringifiedValue):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::getCallDataVirtual):
      (JSC::NativeErrorConstructor::getCallData):
      * runtime/NativeErrorConstructor.h:
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::getCallDataVirtual):
      (JSC::NumberConstructor::getCallData):
      * runtime/NumberConstructor.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::getCallDataVirtual):
      (JSC::ObjectConstructor::getCallData):
      * runtime/ObjectConstructor.h:
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC::jsIsObjectType):
      (JSC::jsIsFunctionType):
      * runtime/PropertySlot.cpp:
      (JSC::PropertySlot::functionGetter):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::getCallDataVirtual):
      (JSC::RegExpConstructor::getCallData):
      * runtime/RegExpConstructor.h:
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::getCallDataVirtual):
      (JSC::StringConstructor::getCallData):
      * runtime/StringConstructor.h:
      
      Source/JavaScriptGlue: Add static version of JSCell::getCallData
      https://bugs.webkit.org/show_bug.cgi?id=68741
      
      Reviewed by Darin Adler.
      
      In this patch we just extract the bodies of the virtual getCallData methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of getCallData into our own method table stored in 
      ClassInfo.  We need to convert the methods to static methods because static methods 
      can be represented as function pointers rather than pointers to member functions, and
      function pointers are smaller and faster to call than pointers to member functions.
      
      * JSValueWrapper.cpp:
      (JSValueWrapper::JSObjectCallFunction):
      * UserObjectImp.cpp:
      (UserObjectImp::getCallDataVirtual):
      (UserObjectImp::getCallData):
      * UserObjectImp.h:
      
      Source/WebCore: Add static version of JSCell::visitChildren
      https://bugs.webkit.org/show_bug.cgi?id=68404
      
      Reviewed by Darin Adler.
      
      No new tests.
      
      In this patch we just extract the bodies of the virtual visitChildren methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of visitChildren into our own custom vtable stored in 
      ClassInfo.  We need to convert the methods to static methods in order to be 
      able to more easily store and refer to them in our custom vtable since normal 
      member methods store some implicit information in their types, making it 
      impossible to store them generically in ClassInfo.
      
      * WebCore.exp.in:
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildrenVirtual):
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioContextCustom.cpp:
      (WebCore::JSAudioContext::visitChildrenVirtual):
      (WebCore::JSAudioContext::visitChildren):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildrenVirtual):
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildrenVirtual):
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildrenVirtual):
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::visitChildrenVirtual):
      (WebCore::JSDOMGlobalObject::visitChildren):
      * bindings/js/JSDOMGlobalObject.h:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildrenVirtual):
      (WebCore::JSDOMWindow::visitChildren):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::visitChildrenVirtual):
      (WebCore::JSDOMWindowShell::visitChildren):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      (WebCore::JSJavaScriptAudioNode::visitChildrenVirtual):
      (WebCore::JSJavaScriptAudioNode::visitChildren):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildrenVirtual):
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildrenVirtual):
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::visitChildrenVirtual):
      (WebCore::JSNamedNodeMap::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::visitChildrenVirtual):
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildrenVirtual):
      (WebCore::JSNodeFilter::visitChildren):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildrenVirtual):
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildrenVirtual):
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildrenVirtual):
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildrenVirtual):
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildrenVirtual):
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildrenVirtual):
      (WebCore::JSWebGLRenderingContext::visitChildren):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::visitChildrenVirtual):
      (WebCore::JSWorkerContext::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildrenVirtual):
      (WebCore::JSXMLHttpRequest::visitChildren):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildrenVirtual):
      (WebCore::JSXPathResult::visitChildren):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObj::visitChildrenVirtual):
      (WebCore::JSTestObj::visitChildren):
      * bindings/scripts/test/JS/JSTestObj.h:
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::visitChildrenVirtual):
      (JSC::Bindings::QtRuntimeObject::visitChildren):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMetaMethod::visitChildrenVirtual):
      (JSC::Bindings::QtRuntimeMetaMethod::visitChildren):
      * bridge/qt/qt_runtime.h:
      * workers/WorkerContext.h:
      
      Source/WebKit/mac: Add static version of JSCell::getCallData
      https://bugs.webkit.org/show_bug.cgi?id=68741
      
      Reviewed by Darin Adler.
      
      In this patch we just extract the bodies of the virtual getCallData methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of getCallData into our own method table stored in 
      ClassInfo.  We need to convert the methods to static methods because static methods 
      can be represented as function pointers rather than pointers to member functions, and
      function pointers are smaller and faster to call than pointers to member functions.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::invokeDefault):
      
      Source/WebKit2: Add static version of JSCell::getCallData
      https://bugs.webkit.org/show_bug.cgi?id=68741
      
      Reviewed by Darin Adler.
      
      In this patch we just extract the bodies of the virtual getCallData methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of getCallData into our own method table stored in 
      ClassInfo.  We need to convert the methods to static methods because static methods 
      can be represented as function pointers rather than pointers to member functions, and
      function pointers are smaller and faster to call than pointers to member functions.
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::getCallDataVirtual):
      (WebKit::JSNPMethod::getCallData):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getCallDataVirtual):
      (WebKit::JSNPObject::getCallData):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96164 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2413eb86
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r96131. · 3b381c1e
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/96131
      https://bugs.webkit.org/show_bug.cgi?id=68927
      
      It made 18+ tests crash on all platform (Requested by
      Ossy_night on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-09-27
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::throwException):
      * interpreter/Interpreter.h:
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * parser/Parser.h:
      (JSC::Parser::parse):
      * runtime/CommonIdentifiers.h:
      * runtime/Error.cpp:
      (JSC::addErrorInfo):
      * runtime/Error.h:
      
      LayoutTests:
      
      * fast/js/exception-properties-expected.txt:
      * fast/js/script-tests/exception-properties.js:
      * fast/js/script-tests/stack-trace.js: Removed.
      * fast/js/stack-trace-expected.txt: Removed.
      * fast/js/stack-trace.html: Removed.
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96146 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3b381c1e
    • mhahnenberg@apple.com's avatar
      De-virtualize JSCell::getPrimitiveNumber · 061133e0
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68851
      
      Reviewed by Darin Adler.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      
      Changed JSCell::getPrimitiveNumber to manually handle the dispatch for 
      JSCells (JSObject and JSString in this case).
      * runtime/JSCell.cpp:
      (JSC::JSCell::getPrimitiveNumber):
      * runtime/JSCell.h:
      
      Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't 
      matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
      can cover the case for JSNotAnObject.
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      
      De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber 
      and changed them to be const.  Also made JSString::getPrimitiveNumber public 
      because it needs to be called from JSCell::getPrimitiveNumber and also since it's 
      no longer virtual, we want people who have a more specific pointer (JSString* 
      instead of JSCell*) to not have to pay the cost of a virtual method call.
      * runtime/JSObject.cpp:
      (JSC::JSObject::getPrimitiveNumber):
      * runtime/JSObject.h:
      * runtime/JSString.cpp:
      (JSC::JSString::getPrimitiveNumber):
      * runtime/JSString.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96143 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      061133e0
    • commit-queue@webkit.org's avatar
      Implement Error.stack · f177874f
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=66994
      
      Patch by Juan Carlos Montemayor Elosua <j.mont@me.com> on 2011-09-27
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      This patch utilizes topCallFrame to create a stack trace when
      an error is thrown. Users will also be able to use the stack()
      command in jsc to get arrays with stack trace information.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * interpreter/Interpreter.cpp:
      (JSC::getCallerLine):
      (JSC::getSourceURLFromCallFrame):
      (JSC::getStackFrameCodeType):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::throwException):
      * interpreter/Interpreter.h:
      (JSC::StackFrame::toString):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      (functionJSCStack):
      * parser/Parser.h:
      (JSC::Parser::parse):
      * runtime/CommonIdentifiers.h:
      * runtime/Error.cpp:
      (JSC::addErrorInfo):
      * runtime/Error.h:
      
      LayoutTests:
      
      Unit tests that contain both normal and special cases for stack trace
      generation.
      
      * fast/js/exception-properties-expected.txt:
      * fast/js/script-tests/exception-properties.js:
      * fast/js/script-tests/stack-trace.js: Added.
      (printStack):
      (hostThrower):
      (callbacker):
      (outer):
      (inner):
      (evaler):
      (normalOuter):
      (normalInner):
      (scripterInner):
      (scripterOuter):
      * fast/js/stack-trace-expected.txt: Added.
      * fast/js/stack-trace.html: Added.
      * platform/chromium/test_expectations.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96131 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f177874f
  8. 26 Sep, 2011 2 commits
    • mhahnenberg@apple.com's avatar
      Make JSCell::toBoolean non-virtual · f2fa8ff1
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67727
      
      Reviewed by Geoffrey Garen.
      
      JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
      before it was simply virtual and would crash if its implementation was called).
      Its descendants in JSObject and JSString have also been made non-virtual.  JSCell now
      explicitly covers all cases of toBoolean, so having a virtual implementation of
      JSCell::toBoolean is no longer necessary.  This is part of a larger process of un-virtualizing JSCell.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSObject.h:
      * runtime/JSString.h:
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96045 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f2fa8ff1
    • mhahnenberg@apple.com's avatar
      Add custom vtable struct to ClassInfo struct · 3e084662
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68567
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      Declared/defined the MethodTable struct and added it to the ClassInfo struct.
      Also defined the CREATE_METHOD_TABLE macro to generate these method tables
      succinctly where they need to be defined.
      
      Also added to it the first function to use this macro, visitChildren.
      
      This is part of the process of getting rid of all C++ virtual methods in JSCell.
      Eventually all virtual functions in JSCell that can't easily be converted to
      non-virtual functions will be put into this custom vtable structure.
      * runtime/ClassInfo.h:
      
      Added the CREATE_METHOD_TABLE macro call as the last argument to each of the
      ClassInfo structs declared in these classes.  This saves us from having to visit
      each s_info definition in the future when we add more methods to the MethodTable.
      * API/JSCallbackConstructor.cpp:
      * API/JSCallbackFunction.cpp:
      * API/JSCallbackObject.cpp:
      * JavaScriptCore.exp:
      * runtime/Arguments.cpp:
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayPrototype.cpp:
      * runtime/BooleanObject.cpp:
      * runtime/BooleanPrototype.cpp:
      * runtime/DateConstructor.cpp:
      * runtime/DateInstance.cpp:
      * runtime/DatePrototype.cpp:
      * runtime/ErrorInstance.cpp:
      * runtime/ErrorPrototype.cpp:
      * runtime/ExceptionHelpers.cpp:
      * runtime/Executable.cpp:
      * runtime/GetterSetter.cpp:
      * runtime/InternalFunction.cpp:
      * runtime/JSAPIValueWrapper.cpp:
      * runtime/JSActivation.cpp:
      * runtime/JSArray.cpp:
      * runtime/JSByteArray.cpp:
      * runtime/JSFunction.cpp:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSONObject.cpp:
      * runtime/JSObject.cpp:
      * runtime/JSPropertyNameIterator.cpp:
      * runtime/JSString.cpp:
      * runtime/MathObject.cpp:
      * runtime/NativeErrorConstructor.cpp:
      * runtime/NumberConstructor.cpp:
      * runtime/NumberObject.cpp:
      * runtime/NumberPrototype.cpp:
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      * runtime/RegExp.cpp:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpPrototype.cpp:
      * runtime/ScopeChain.cpp:
      * runtime/StringConstructor.cpp:
      * runtime/StringObject.cpp:
      * runtime/StringPrototype.cpp:
      * runtime/Structure.cpp:
      * runtime/StructureChain.cpp:
      
      Had to make visitChildren and visitChildrenVirtual protected instead of private
      because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
      visitChildren function pointer in their vtable since they don't provide their own
      implementation. Same for RegExpObject.
      * runtime/JSWrapperObject.h:
      * runtime/RegExpObject.h:
      
      Source/JavaScriptGlue:
      
      Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
      specified class in its ClassInfo.  Also added to it the first function to use
      this macro, visitChildren.  This is part of the process of getting rid of all
      C++ virtual methods in JSCell.  Eventually all virtual functions in JSCell
      that can't easily be converted to non-virtual functions will be put into
      this custom vtable structure.
      
      * UserObjectImp.cpp:
      
      Source/WebCore:
      
      No new tests.
      
      Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
      specified class in its ClassInfo.  Also added to it the first function to use
      this macro, visitChildren.  This is part of the process of getting rid of all
      C++ virtual methods in JSCell.  Eventually all virtual functions in JSCell
      that can't easily be converted to non-virtual functions will be put into
      this custom vtable structure.
      
      * bindings/js/JSAudioConstructor.cpp:
      * bindings/js/JSDOMGlobalObject.cpp:
      * bindings/js/JSDOMWindowBase.cpp:
      * bindings/js/JSDOMWindowShell.cpp:
      * bindings/js/JSImageConstructor.cpp:
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSOptionConstructor.cpp:
      * bindings/js/JSWorkerContextBase.cpp:
      
      Changed the bindings generator to add the call to the CREATE_METHOD_TABLE macro where
      necessary.
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateImplementation):
      (GenerateConstructorDefinition):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      * bindings/scripts/test/JS/JSTestObj.cpp:
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      * bridge/c/CRuntimeObject.cpp:
      * bridge/c/c_instance.cpp:
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      * bridge/jni/jsc/JavaRuntimeObject.cpp:
      * bridge/objc/ObjCRuntimeObject.mm:
      * bridge/objc/objc_instance.mm:
      * bridge/objc/objc_runtime.mm:
      * bridge/qt/qt_instance.cpp:
      * bridge/qt/qt_pixmapruntime.cpp:
      * bridge/qt/qt_runtime.cpp:
      * bridge/runtime_array.cpp:
      * bridge/runtime_method.cpp:
      * bridge/runtime_object.cpp:
      
      Source/WebKit/mac:
      
      Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
      specified class in its ClassInfo.  Also added to it the first function to use
      this macro, visitChildren.  This is part of the process of getting rid of all
      C++ virtual methods in JSCell.  Eventually all virtual functions in JSCell
      that can't easily be converted to non-virtual functions will be put into
      this custom vtable structure.
      
      * Plugins/Hosted/ProxyInstance.mm:
      * Plugins/Hosted/ProxyRuntimeObject.mm:
      
      Source/WebKit2:
      
      Added CREATE_METHOD_TABLE macro to generate the custom vtable for the
      specified class in its ClassInfo.  Also added to it the first function to use
      this macro, visitChildren.  This is part of the process of getting rid of all
      C++ virtual methods in JSCell.  Eventually all virtual functions in JSCell
      that can't easily be converted to non-virtual functions will be put into
      this custom vtable structure.
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95936 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3e084662
  9. 24 Sep, 2011 2 commits
    • ggaren@apple.com's avatar
      Some Windows build fixage. · feddf01d
      ggaren@apple.com authored
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweep):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::isLive): Show the compiler that all control paths
      return a value. There, there, compiler. Everything's going to be OK.
      
      * runtime/JSCell.h:
      (JSC::JSCell::setVPtr): Oops! Unrename this function.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95914 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      feddf01d
    • ggaren@apple.com's avatar
      Allocate new objects unmarked · b94f6ba6
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68764
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This is a pre-requisite to using the mark bit to determine object age.
      
      ~2% v8 speedup, mostly due to a 12% v8-splay speedup.
      
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::isLive):
      (JSC::MarkedBlock::isLiveCell): These two functions are the reason for
      this patch. They can now determine object liveness without relying on
      newly allocated objects having their mark bits set. Each MarkedBlock
      now has a state variable that tells us how to determine whether its
      cells are live. (This new state variable supercedes the old one about
      destructor state. The rest of this patch is just refactoring to support
      the invariants of this new state variable without introducing a
      performance regression.)
      
      (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
      state when a block becomes fully allocated.
      
      (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
      this function because, logically, clearing all mark bits is the first
      step in saying "mark bits now exactly reflect object liveness".
      
      (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
      that this function only tells you about the mark bits, so it's only
      meaningful if you've put the mark bits into a meaningful state before
      calling it.
      
      (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
      instead of testing mark bits, since mark bits are not always the right
      way to find out if an object is live anymore. (New objects are live, but
      not marked.)
      
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::recycle):
      (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
      initialization when recycling an old block -- into the MarkedBlock
      constructor, for simplicity.
      
      (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
      a zapped cell before running a destructor, and always zap after
      running a destructor. This does not seem to be expensive, and the
      alternative just creates a too-confusing matrix of possible cell states
      ((zombie undestructed cell + zombie destructed cell + zapped destructed
      cell) * 5! permutations for progressing through block states = "Oh my!").
      
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
      optimization to use template specialization to constant fold lots of
      branches and elide certain operations entirely during a sweep. Merged
      four or five functions that were logically about sweeping into this one
      function pair, so there's only one way to do things now, it's
      automatically correct, and it's always fast.
      
      (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
      about exactly what it does, and to honor the new block state system.
      
      * heap/AllocationSpace.cpp:
      (JSC::AllocationSpace::allocateBlock): Updated for rename.
      
      (JSC::AllocationSpace::freeBlocks): Updated for changed interface.
      
      (JSC::TakeIfUnmarked::TakeIfUnmarked):
      (JSC::TakeIfUnmarked::operator()):
      (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
      to clarify that this functor only tests the mark bits, so it's only
      valid if you've put the mark bits into a meaningful state before
      calling it.
              
      (JSC::AllocationSpace::shrink): Updated for rename.
      
      * heap/AllocationSpace.h:
      (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
      little more specific about what we're making canonical.
      
      (JSC::AllocationSpace::forEachCell): Updated for rename.
      
      (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
      liveness data before iterating blocks -- clients that want iterated
      blocks to have valid cell lieveness data should make this call for
      themselves. (And not all clients want it.)
      
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
      obsolete comment.
      
      * heap/Heap.cpp:
      (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
      because clearMarks() now does that implicitly.
      
      (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
      tear-down tests cell liveness when running destructors.
      
      (JSC::Heap::markRoots):
      (JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
      and into collect, since it strictly depends on root marking, and does
      not contribute to root marking.
      
      (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
      specific about what we're making canonical.
      
      * heap/Heap.h:
      (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
      data before iterating protected cells, since we know they're all live,
      and don't need to test for it.
      
      * heap/Local.h:
      (JSC::::set): Can't make the same ASSERT we used to because we just don't
      have the mark bits for it anymore. Perhaps we can bring this ASSERT back
      in a weaker form in the future.
      
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::addBlock):
      (JSC::MarkedSpace::removeBlock): Updated for interface change.
      (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
      specific about what we're making canonical.
      
      * heap/MarkedSpace.h:
      (JSC::MarkedSpace::allocate):
      (JSC::MarkedSpace::SizeClass::SizeClass):
      (JSC::MarkedSpace::SizeClass::resetAllocator):
      (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
      functionality a bit. We now track only one block -- "currentBlock" --
      and rely on its internal state to know whether it has more cells to
      allocate.
      
      * heap/Weak.h:
      (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
      have the mark bits for it anymore. Perhaps we can bring this ASSERT back
      in a weaker form in the future.
      
      * runtime/JSCell.h:
      (JSC::JSCell::vptr):
      (JSC::JSCell::zap):
      (JSC::JSCell::isZapped):
      (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
      In the future, exactly how a JSCell zaps itself will change, as the
      internal representation of JSCell changes.
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
              
      Made this flaky test less flaky. (Just enough to make my patch not fail.)
      
      * fast/dom/gc-10.html: Count objects immediately after GC to get an
      exact count. Call 'reload' a few times to improve test coverage. Preload
      properties in case they're lazily instantiated, which would change
      object count numbers. Also, use the 'var' keyword like a good little
      JavaScripter.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b94f6ba6
  10. 23 Sep, 2011 4 commits
    • barraclough@apple.com's avatar
      Add JSVALUE32_64 support to DFG JIT · d910c0d8
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67460
      
      Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-09-23
      Reviewed by Gavin Barraclough.
      
      This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
      It's tested on IA32 Linux EFL port currently. It still cannot run
      all the test cases and benchmarks so should be turned off now.
              
      The major work includes:
      1) dealing with JSVALUE32_64 data format in DFG JIT;
      2) bindings between 64-bit JS Value and 32-bit registers;
      3) handling of function calls. Currently for DFG operation function
      calls we follow the X86 cdecl calling convention on Linux, and the
      implementation is in a naive way by pushing the arguments into stack
      one by one.
              
      The known issues include:
      1) some code duplicates unnecessarily, especially in Speculative JIT
      code generation, where most of the operations on SpeculataInteger /
      SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
      is needed in the future;
      2) lack of op_call and op_construct support, comparing to current
      JSVALUE64 DFG;
      3) currently integer speculations assume to be StrictInt32;
      4) lack of JSBoolean speculations;
      5) boxing and unboxing doubles could be improved;
      6) DFG X86 register description is different with the baseline JIT,
      the timeoutCheckRegister is used for general purpose usage;
      7) calls to runtime functions with primitive double parameters (e.g.
      fmod) don't work. Support needs to be added to the assembler to
      implement the mechanism of passing double parameters for X86 cdecl
      convention.
              
      And there should be many other hidden bugs which should be exposed and
      resolved in later debugging process.
      
      * CMakeListsEfl.txt:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::loadDouble):
      (JSC::MacroAssemblerX86::storeDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::movsd_rm):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGFPRInfo.h:
      (JSC::DFG::FPRInfo::debugName):
      * dfg/DFGGPRInfo.h:
      (JSC::DFG::GPRInfo::toRegister):
      (JSC::DFG::GPRInfo::toIndex):
      (JSC::DFG::GPRInfo::debugName):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::needDataFormatConversion):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::gpr):
      (JSC::DFG::GenerationInfo::tagGPR):
      (JSC::DFG::GenerationInfo::payloadGPR):
      (JSC::DFG::GenerationInfo::fpr):
      (JSC::DFG::GenerationInfo::fillJSValue):
      (JSC::DFG::GenerationInfo::fillCell):
      (JSC::DFG::GenerationInfo::fillDouble):
      * dfg/DFGJITCodeGenerator.cpp:
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::allocate):
      (JSC::DFG::JITCodeGenerator::use):
      (JSC::DFG::JITCodeGenerator::registersMatched):
      (JSC::DFG::JITCodeGenerator::silentSpillGPR):
      (JSC::DFG::JITCodeGenerator::silentFillGPR):
      (JSC::DFG::JITCodeGenerator::silentFillFPR):
      (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
      (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
      (JSC::DFG::JITCodeGenerator::boxDouble):
      (JSC::DFG::JITCodeGenerator::unboxDouble):
      (JSC::DFG::JITCodeGenerator::spill):
      (JSC::DFG::addressOfDoubleConstant):
      (JSC::DFG::integerResult):
      (JSC::DFG::jsValueResult):
      (JSC::DFG::setupResults):
      (JSC::DFG::callOperation):
      (JSC::JSValueOperand::JSValueOperand):
      (JSC::JSValueOperand::~JSValueOperand):
      (JSC::JSValueOperand::isDouble):
      (JSC::JSValueOperand::fill):
      (JSC::JSValueOperand::tagGPR):
      (JSC::JSValueOperand::payloadGPR):
      (JSC::JSValueOperand::fpr):
      (JSC::GPRTemporary::~GPRTemporary):
      (JSC::GPRTemporary::gpr):
      (JSC::GPRResult2::GPRResult2):
      * dfg/DFGJITCodeGenerator32_64.cpp: Added.
      (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
      (JSC::DFG::JITCodeGenerator::fillInteger):
      (JSC::DFG::JITCodeGenerator::fillDouble):
      (JSC::DFG::JITCodeGenerator::fillJSValue):
      (JSC::DFG::JITCodeGenerator::fillStorage):
      (JSC::DFG::JITCodeGenerator::useChildren):
      (JSC::DFG::JITCodeGenerator::isStrictInt32):
      (JSC::DFG::JITCodeGenerator::isKnownInteger):
      (JSC::DFG::JITCodeGenerator::isKnownNumeric):
      (JSC::DFG::JITCodeGenerator::isKnownCell):
      (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
      (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
      (JSC::DFG::JITCodeGenerator::isKnownBoolean):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
      (JSC::DFG::JITCodeGenerator::cachedGetById):
      (JSC::DFG::JITCodeGenerator::writeBarrier):
      (JSC::DFG::JITCodeGenerator::cachedPutById):
      (JSC::DFG::JITCodeGenerator::cachedGetMethod):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
      (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
      (JSC::DFG::JITCodeGenerator::emitBranch):
      (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
      (JSC::DFG::JITCodeGenerator::emitCall):
      (JSC::DFG::JITCodeGenerator::speculationCheck):
      (JSC::DFG::dataFormatString):
      (JSC::DFG::JITCodeGenerator::dump):
      (JSC::DFG::JITCodeGenerator::checkConsistency):
      (JSC::DFG::GPRTemporary::GPRTemporary):
      (JSC::DFG::FPRTemporary::FPRTemporary):
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::tagForGlobalVar):
      (JSC::DFG::JITCompiler::payloadForGlobalVar):
      (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
      (JSC::DFG::JITCompiler::addressOfDoubleConstant):
      (JSC::DFG::JITCompiler::boxDouble):
      (JSC::DFG::JITCompiler::unboxDouble):
      (JSC::DFG::JITCompiler::addPropertyAccess):
      (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
      * dfg/DFGJITCompiler32_64.cpp: Added.
      (JSC::DFG::JITCompiler::fillNumericToDouble):
      (JSC::DFG::JITCompiler::fillInt32ToInteger):
      (JSC::DFG::JITCompiler::fillToJS):
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      (JSC::DFG::JITCompiler::jitAssertIsInt32):
      (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
      (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
      (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
      (JSC::DFG::JITCompiler::jitAssertIsCell):
      (JSC::DFG::JITCompiler::emitCount):
      (JSC::DFG::JITCompiler::setSamplingFlag):
      (JSC::DFG::JITCompiler::clearSamplingFlag):
      * dfg/DFGJITCompilerInlineMethods.h: Added.
      (JSC::DFG::JITCompiler::emitLoadTag):
      (JSC::DFG::JITCompiler::emitLoadPayload):
      (JSC::DFG::JITCompiler::emitLoad):
      (JSC::DFG::JITCompiler::emitLoad2):
      (JSC::DFG::JITCompiler::emitLoadDouble):
      (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
      (JSC::DFG::JITCompiler::emitStore):
      (JSC::DFG::JITCompiler::emitStoreInt32):
      (JSC::DFG::JITCompiler::emitStoreCell):
      (JSC::DFG::JITCompiler::emitStoreBool):
      (JSC::DFG::JITCompiler::emitStoreDouble):
      * dfg/DFGNode.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryCachePutByID):
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::ValueRecovery::inGPR):
      (JSC::DFG::ValueRecovery::inPair):
      (JSC::DFG::ValueRecovery::tagGPR):
      (JSC::DFG::ValueRecovery::payloadGPR):
      * dfg/DFGSpeculativeJIT32_64.cpp: Added.
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::ValueSource::dump):
      (JSC::DFG::ValueRecovery::dump):
      (JSC::DFG::OSRExit::OSRExit):
      (JSC::DFG::OSRExit::dump):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::convertToDouble):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * runtime/JSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d910c0d8
    • mhahnenberg@apple.com's avatar
      De-virtualize JSCell::getJSNumber · e5e24647
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68651
      
      Reviewed by Oliver Hunt.
      
      Added a new JSType to check whether or not something is a 
      NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not 
      currently a better way to determine whether something is indeed a NumberObject.
      Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo 
      for whether the object is a NumberObject or not.  This patch is part of 
      the larger process of de-virtualizing JSCell.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getJSNumber):
      * runtime/JSCell.h:
      (JSC::JSValue::getJSNumber):
      * runtime/JSType.h:
      * runtime/JSTypeInfo.h:
      (JSC::TypeInfo::isNumberObject):
      * runtime/JSValue.h:
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::getJSNumber):
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95893 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e5e24647
    • mhahnenberg@apple.com's avatar
      Add static version of JSCell::visitChildren · 982c9ea2
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68404
      
      Reviewed by Darin Adler.
      
      .: 
      
      In this patch we just extract the bodies of the virtual visitChildren methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of visitChildren into our own custom vtable stored in 
      ClassInfo.  We need to convert the methods to static methods in order to be 
      able to more easily store and refer to them in our custom vtable since normal 
      member methods store some implicit information in their types, making it 
      impossible to store them generically in ClassInfo.
      
      * Source/autotools/symbols.filter:
      
      Source/JavaScriptCore: 
      
      In this patch we just extract the bodies of the virtual visitChildren methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of visitChildren into our own custom vtable stored in 
      ClassInfo.  We need to convert the methods to static methods in order to be 
      able to more easily store and refer to them in our custom vtable since normal 
      member methods store some implicit information in their types, making it 
      impossible to store them generically in ClassInfo.
      
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::visitChildrenVirtual):
      (JSC::JSCallbackObject::visitChildren):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildrenVirtual):
      (JSC::DebuggerActivation::visitChildren):
      * debugger/DebuggerActivation.h:
      * heap/MarkStack.cpp:
      (JSC::SlotVisitor::visitChildren):
      (JSC::SlotVisitor::drain):
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildrenVirtual):
      (JSC::Arguments::visitChildren):
      * runtime/Arguments.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildrenVirtual):
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildrenVirtual):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildrenVirtual):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/Executable.h:
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildrenVirtual):
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildrenVirtual):
      (JSC::JSActivation::visitChildren):
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::visitChildrenVirtual):
      (JSC::JSArray::visitChildren):
      * runtime/JSArray.h:
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::visitChildrenVirtual):
      (JSC::JSBoundFunction::visitChildren):
      * runtime/JSBoundFunction.h:
      * runtime/JSCell.h:
      (JSC::JSCell::visitChildrenVirtual):
      (JSC::JSCell::visitChildren):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::visitChildrenVirtual):
      (JSC::JSFunction::visitChildren):
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildrenVirtual):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildrenVirtual):
      (JSC::JSObject::visitChildren):
      * runtime/JSObject.h:
      (JSC::JSObject::visitChildrenDirect):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildrenVirtual):
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::visitChildrenVirtual):
      (JSC::JSStaticScopeObject::visitChildren):
      * runtime/JSStaticScopeObject.h:
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildrenVirtual):
      (JSC::JSWrapperObject::visitChildren):
      * runtime/JSWrapperObject.h:
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildrenVirtual):
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/NativeErrorConstructor.h:
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::visitChildrenVirtual):
      (JSC::RegExpObject::visitChildren):
      * runtime/RegExpObject.h:
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::visitChildrenVirtual):
      (JSC::ScopeChainNode::visitChildren):
      * runtime/ScopeChain.h:
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildrenVirtual):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildrenVirtual):
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      
      Source/JavaScriptGlue: 
      
      In this patch we just extract the bodies of the virtual visitChildren methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of visitChildren into our own custom vtable stored in 
      ClassInfo.  We need to convert the methods to static methods in order to be 
      able to more easily store and refer to them in our custom vtable since normal 
      member methods store some implicit information in their types, making it 
      impossible to store them generically in ClassInfo.
      
      * UserObjectImp.cpp:
      (UserObjectImp::visitChildrenVirtual):
      (UserObjectImp::visitChildren):
      * UserObjectImp.h:
      
      Source/WebCore: 
      
      No new tests.
      
      In this patch we just extract the bodies of the virtual visitChildren methods
      throughout the JSCell inheritance hierarchy out into static methods, which are 
      now called from the virtual methods.  This is an intermediate step in trying to 
      move the virtual-ness of visitChildren into our own custom vtable stored in 
      ClassInfo.  We need to convert the methods to static methods in order to be 
      able to more easily store and refer to them in our custom vtable since normal 
      member methods store some implicit information in their types, making it 
      impossible to store them generically in ClassInfo.
      
      * WebCore.exp.in:
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildrenVirtual):
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioContextCustom.cpp:
      (WebCore::JSAudioContext::visitChildrenVirtual):
      (WebCore::JSAudioContext::visitChildren):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildrenVirtual):
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildrenVirtual):
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildrenVirtual):
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::visitChildrenVirtual):
      (WebCore::JSDOMGlobalObject::visitChildren):
      * bindings/js/JSDOMGlobalObject.h:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildrenVirtual):
      (WebCore::JSDOMWindow::visitChildren):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::visitChildrenVirtual):
      (WebCore::JSDOMWindowShell::visitChildren):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      (WebCore::JSJavaScriptAudioNode::visitChildrenVirtual):
      (WebCore::JSJavaScriptAudioNode::visitChildren):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildrenVirtual):
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildrenVirtual):
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::visitChildrenVirtual):
      (WebCore::JSNamedNodeMap::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::visitChildrenVirtual):
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildrenVirtual):
      (WebCore::JSNodeFilter::visitChildren):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildrenVirtual):
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildrenVirtual):
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildrenVirtual):
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildrenVirtual):
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildrenVirtual):
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildrenVirtual):
      (WebCore::JSWebGLRenderingContext::visitChildren):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::visitChildrenVirtual):
      (WebCore::JSWorkerContext::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildrenVirtual):
      (WebCore::JSXMLHttpRequest::visitChildren):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildrenVirtual):
      (WebCore::JSXPathResult::visitChildren):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObj::visitChildrenVirtual):
      (WebCore::JSTestObj::visitChildren):
      * bindings/scripts/test/JS/JSTestObj.h:
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::visitChildrenVirtual):
      (JSC::Bindings::QtRuntimeObject::visitChildren):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMetaMethod::visitChildrenVirtual):
      (JSC::Bindings::QtRuntimeMetaMethod::visitChildren):
      * bridge/qt/qt_runtime.h:
      * workers/WorkerContext.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95849 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      982c9ea2
    • barraclough@apple.com's avatar
      Source/JavaScriptCore: GetScopedVar should have value profiling · a6805302
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68676
      
      Patch by Filip Pizlo <fpizlo@apple.com> on 2011-09-22
      Reviewed by Oliver Hunt.
              
      Added GetScopedVar value profiling and predictin propagation.
      Added GetScopeChain to CSE.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::predict):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasPrediction):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::getScopeChainLoadElimination):
      (JSC::DFG::Propagator::performNodeCSE):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_scoped_var):
      
      LayoutTests: [Qt] Unreviewed gardening, update expected file after r95745.
      
      Patch by Csaba Osztrogonác <ossy@webkit.org> on 2011-09-22
      
      * platform/qt/editing/deleting/merge-whitespace-pre-expected.png:
      * platform/qt/editing/deleting/merge-whitespace-pre-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95787 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a6805302
  11. 22 Sep, 2011 5 commits
    • fpizlo@apple.com's avatar
      PPC build fix, part 3. · d1a05171
      fpizlo@apple.com authored
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::compileForConstructInternal):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95779 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d1a05171
    • fpizlo@apple.com's avatar
      Another PPC build fix. · d6549184
      fpizlo@apple.com authored
      * runtime/Executable.cpp:
      * runtime/Executable.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95772 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d6549184
    • barraclough@apple.com's avatar
      Function.prototype.bind.length shoudl be 1. · 31ca2376
      barraclough@apple.com authored
      Rubber stamped by Olier Hunt.
      
      Source/JavaScriptCore: 
      
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::addFunctionProperties):
      
      LayoutTests: 
      
      * fast/js/function-bind-expected.txt:
      * fast/js/script-tests/function-bind.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95764 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      31ca2376
    • fpizlo@apple.com's avatar
      DFG JIT does not support to_primitive or strcat · 90e5f0ea
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68582
      
      Reviewed by Darin Adler.
              
      This adds functional support for to_primitive and strcat. It focuses
      on minimizing the amount of code emitted on to_primitive (if we know
      that it is a primitive or can speculate cheaply, then we omit the
      slow path) and on keeping the implementation of strcat simple while
      leveraging whatever optimizations we have already. In particular,
      unlike the Call and Construct nodes which require extending the size
      of the DFG's callee registers, StrCat takes advantage of the fact
      that no JS code can run while StrCat is in progress and uses a
      scratch buffer, rather than the register file, to store the list of
      values to concatenate. This was done mainly to keep the code simple,
      but there are probably other benefits to keeping call frame sizes
      down. Essentially, this patch ensures that the presence of an
      op_strcat does not mess up any other optimizations we might do while
      ensuring that if you do execute it, it'll work about as well as you'd
      expect.
              
      When combined with the previous patch for integer division, this is a
      14% speed-up on Kraken. Without it, it would have been a 2% loss.
      
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::callOperation):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGNode.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::performNodeCSE):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC::JSGlobalData::scratchBufferForSize):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95758 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      90e5f0ea
    • barraclough@apple.com's avatar
      Implement Function.prototype.bind · 22215665
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=26382
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      This patch provides a basic functional implementation
      for Function.bind. It should (hopefully!) be fully
      functionally correct, and the bound functions can be
      called to quickly (since they are a subclass of
      JSFunction, not InternalFunction), but we'll probably
      want to follow up with some optimization work to keep
      bound calls in JIT code.
      
      * JavaScriptCore.JSVALUE32_64only.exp:
      * JavaScriptCore.JSVALUE64only.exp:
      * JavaScriptCore.exp:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * jit/JITStubs.cpp:
      (JSC::JITThunks::hostFunctionStub):
      * jit/JITStubs.h:
      * jsc.cpp:
      (GlobalObject::addFunction):
      * runtime/CommonIdentifiers.h:
      * runtime/ConstructData.h:
      * runtime/Executable.h:
      (JSC::NativeExecutable::NativeExecutable):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      * runtime/JSBoundFunction.cpp: Added.
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::hasInstance):
      (JSC::JSBoundFunction::getOwnPropertySlot):
      (JSC::JSBoundFunction::getOwnPropertyDescriptor):
      (JSC::JSBoundFunction::JSBoundFunction):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSBoundFunction.h: Added.
      (JSC::JSBoundFunction::targetFunction):
      (JSC::JSBoundFunction::boundThis):
      (JSC::JSBoundFunction::boundArgs):
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::finishCreation):
      (JSC::createDescriptorForThrowingProperty):
      (JSC::JSFunction::getOwnPropertySlot):
      * runtime/JSFunction.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::getHostFunction):
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::boundFunctionStructure):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      
      Source/WebCore: 
      
      Test: fast/js/function-bind.html
      
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::objectToStringFunctionGetter):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::nonCachingStaticFunctionGetter):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::nonCachingStaticBackFunctionGetter):
      (WebCore::nonCachingStaticForwardFunctionGetter):
      (WebCore::nonCachingStaticGoFunctionGetter):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::nonCachingStaticReplaceFunctionGetter):
      (WebCore::nonCachingStaticReloadFunctionGetter):
      (WebCore::nonCachingStaticAssignFunctionGetter):
          - Function::create no longer requires functionStructure() to be passed.
      
      LayoutTests: 
      
      We now pass Function.bind tests.
      
      * fast/js/Object-getOwnPropertyNames-expected.txt:
      * fast/js/basic-strict-mode-expected.txt:
      * fast/js/function-bind-expected.txt: Added.
      * fast/js/function-bind.html: Added.
      * fast/js/mozilla/strict/15.3.4.5-expected.txt:
      * fast/js/script-tests/function-bind.js: Added.
      * ietestcenter/Javascript/15.2.3.3-4-38-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-0-1-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-0-2-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-13.b-1-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-13.b-2-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-13.b-3-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-13.b-4-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-13.b-5-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-15-1-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-15-2-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-16-1-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-1-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-2-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-3-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-4-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-5-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-6-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-7-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-8-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-2-9-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-8-1-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-8-2-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-9-1-expected.txt:
      * ietestcenter/Javascript/15.3.4.5-9-2-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      22215665
  12. 21 Sep, 2011 3 commits
    • fpizlo@apple.com's avatar
      DFG should support continuous optimization · 706f5f34
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68329
      
      Reviewed by Geoffrey Garen.
              
      This adds the ability to reoptimize a code block if speculation
      failures happen frequently. 6% speed-up on Kraken, 1% slow-down
      on V8, neutral on SunSpider.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/WTF/WTF.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::CodeBlock::shouldOptimizeNow):
      (JSC::CodeBlock::dumpValueProfiles):
      * bytecode/CodeBlock.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getStrongPrediction):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileBody):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      (JSC::DFG::getOSREntryDataBytecodeIndex):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::ConservativeRoots):
      (JSC::ConservativeRoots::~ConservativeRoots):
      (JSC::DummyMarkHook::mark):
      (JSC::ConservativeRoots::genericAddPointer):
      (JSC::ConservativeRoots::genericAddSpan):
      (JSC::ConservativeRoots::add):
      * heap/ConservativeRoots.h:
      * heap/Heap.cpp:
      (JSC::Heap::addJettisonCodeBlock):
      (JSC::Heap::markRoots):
      * heap/Heap.h:
      * heap/JettisonedCodeBlocks.cpp: Added.
      (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks):
      (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks):
      (JSC::JettisonedCodeBlocks::addCodeBlock):
      (JSC::JettisonedCodeBlocks::clearMarks):
      (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks):
      (JSC::JettisonedCodeBlocks::traceCodeBlocks):
      * heap/JettisonedCodeBlocks.h: Added.
      (JSC::JettisonedCodeBlocks::mark):
      * interpreter/RegisterFile.cpp:
      (JSC::RegisterFile::gatherConservativeRoots):
      * interpreter/RegisterFile.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC::EvalExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::jettisonOptimizedCode):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * wtf/BitVector.h: Added.
      (WTF::BitVector::BitVector):
      (WTF::BitVector::~BitVector):
      (WTF::BitVector::operator=):
      (WTF::BitVector::size):
      (WTF::BitVector::ensureSize):
      (WTF::BitVector::resize):
      (WTF::BitVector::clearAll):
      (WTF::BitVector::get):
      (WTF::BitVector::set):
      (WTF::BitVector::clear):
      (WTF::BitVector::bitsInPointer):
      (WTF::BitVector::maxInlineBits):
      (WTF::BitVector::byteCount):
      (WTF::BitVector::makeInlineBits):
      (WTF::BitVector::OutOfLineBits::numBits):
      (WTF::BitVector::OutOfLineBits::numWords):
      (WTF::BitVector::OutOfLineBits::bits):
      (WTF::BitVector::OutOfLineBits::create):
      (WTF::BitVector::OutOfLineBits::destroy):
      (WTF::BitVector::OutOfLineBits::OutOfLineBits):
      (WTF::BitVector::isInline):
      (WTF::BitVector::outOfLineBits):
      (WTF::BitVector::resizeOutOfLine):
      (WTF::BitVector::bits):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95681 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      706f5f34
    • fpizlo@apple.com's avatar
      DFG does not support compiling functions as constructors · bb159ec2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68500
      
      Reviewed by Oliver Hunt.
              
      This adds support for compiling constructors to the DFG. It's a
      1% speed-up on V8, mostly due to a 6% speed-up on early-boyer.
      It's also a 13% win on access-binary-trees, but it's neutral in
      the SunSpider and Kraken averages.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::mightCompileFunctionForConstruct):
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGNode.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::performNodeCSE):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95672 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bb159ec2
    • barraclough@apple.com's avatar
      Replace jsFunctionVPtr compares with a type check on the Structure. · b38285cd
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68557
      
      Reviewed by Oliver Hunt.
      
      This will permit calls to still optimize to subclasses of JSFunction
      that have the correct type (but a different C++ vptr).
      
      This patch stops passing the globalData into numerous functions.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::isFunctionConstant):
      (JSC::DFG::Graph::valueOfFunctionConstant):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::isFunctionConstant):
      (JSC::DFG::JITCompiler::valueOfFunctionConstant):
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.h:
      * jit/JITCall.cpp:
      (JSC::JIT::compileOpCallVarargs):
      (JSC::JIT::compileOpCallSlowCase):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileOpCallVarargs):
      (JSC::JIT::compileOpCallSlowCase):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitJumpIfNotType):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.h:
      (JSC::isHostFunction):
      * runtime/JSFunction.h:
      (JSC::JSFunction::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putWithAttributes):
      * runtime/JSObject.h:
      (JSC::getJSFunction):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectWithoutTransition):
      * runtime/JSType.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95666 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b38285cd
  13. 20 Sep, 2011 2 commits
    • oliver@apple.com's avatar
      Refactor Heap allocation logic into separate AllocationSpace class · 44d8954c
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68409
      
      Reviewed by Gavin Barraclough.
      
      ../../../../Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore:
      
      This patch hoists direct manipulation of the MarkedSpace and related
      data out of Heap and into a separate class.  This will allow us to
      have multiple allocation spaces in future, so easing the way towards
      having GC'd backing stores for objects.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.gypi:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      * heap/AllocationSpace.cpp: Added.
      (JSC::AllocationSpace::tryAllocate):
      (JSC::AllocationSpace::allocateSlowCase):
      (JSC::AllocationSpace::allocateBlock):
      (JSC::AllocationSpace::freeBlocks):
      (JSC::TakeIfEmpty::TakeIfEmpty):
      (JSC::TakeIfEmpty::operator()):
      (JSC::TakeIfEmpty::returnValue):
      (JSC::AllocationSpace::shrink):
      * heap/AllocationSpace.h: Added.
      (JSC::AllocationSpace::AllocationSpace):
      (JSC::AllocationSpace::blocks):
      (JSC::AllocationSpace::sizeClassFor):
      (JSC::AllocationSpace::setHighWaterMark):
      (JSC::AllocationSpace::highWaterMark):
      (JSC::AllocationSpace::canonicalizeBlocks):
      (JSC::AllocationSpace::resetAllocator):
      (JSC::AllocationSpace::forEachCell):
      (JSC::AllocationSpace::forEachBlock):
      (JSC::AllocationSpace::allocate):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::reportExtraMemoryCostSlowCase):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      (JSC::Heap::clearMarks):
      (JSC::Heap::sweep):
      (JSC::Heap::objectCount):
      (JSC::Heap::size):
      (JSC::Heap::capacity):
      (JSC::Heap::globalObjectCount):
      (JSC::Heap::objectTypeCounts):
      (JSC::Heap::collect):
      (JSC::Heap::canonicalizeBlocks):
      (JSC::Heap::resetAllocator):
      (JSC::Heap::freeBlocks):
      (JSC::Heap::shrink):
      * heap/Heap.h:
      (JSC::Heap::objectSpace):
      (JSC::Heap::sizeClassForObject):
      (JSC::Heap::allocate):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::recompileAllJSFunctions):
      (JSC::JSGlobalData::releaseExecutableMemory):
      
      ../../../../Volumes/Data/git/WebKit/OpenSource/Source/WebCore:
      
      Adding a forwarding header.
      
      * ForwardingHeaders/heap/AllocationSpace.h: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95559 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44d8954c
    • ggaren@apple.com's avatar
      Removed BREWMP* platform #ifdefs · f903ca32
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68425
              
      BREWMP* has no maintainer, and this is dead code.
      
      Reviewed by Darin Adler.
      
      ../JavaScriptCore: 
      
      * heap/MarkStack.h:
      (JSC::::shrinkAllocation):
      * jit/ExecutableAllocator.h:
      (JSC::ExecutableAllocator::cacheFlush):
      * runtime/TimeoutChecker.cpp:
      (JSC::getCPUTime):
      * wtf/Assertions.cpp:
      * wtf/Assertions.h:
      * wtf/CurrentTime.cpp:
      * wtf/DateMath.cpp:
      (WTF::calculateUTCOffset):
      * wtf/FastMalloc.cpp:
      (WTF::fastMalloc):
      (WTF::fastCalloc):
      (WTF::fastMallocSize):
      * wtf/FastMalloc.h:
      * wtf/MainThread.cpp:
      * wtf/MathExtras.h:
      * wtf/OwnPtrCommon.h:
      * wtf/Platform.h:
      * wtf/RandomNumber.cpp:
      (WTF::randomNumber):
      * wtf/RandomNumberSeed.h:
      (WTF::initializeRandomNumberGenerator):
      * wtf/text/WTFString.h:
      * wtf/unicode/Unicode.h:
      
      ../WebCore: 
      
      * WebCorePrefix.h:
      * loader/cache/CachedFont.cpp:
      * platform/DragData.h:
      * platform/DragImage.h:
      * platform/FileSystem.h:
      * platform/PlatformKeyboardEvent.h:
      * platform/PlatformMouseEvent.h:
      * platform/PlatformTouchEvent.h:
      * platform/PlatformTouchPoint.h:
      (WebCore::PlatformTouchPoint::PlatformTouchPoint):
      * platform/Widget.h:
      * platform/graphics/IntPoint.h:
      * platform/graphics/IntSize.h:
      * platform/graphics/WOFFFileFormat.cpp:
      * platform/graphics/skia/FontCustomPlatformData.cpp:
      (WebCore::FontCustomPlatformData::~FontCustomPlatformData):
      (WebCore::FontCustomPlatformData::fontPlatformData):
      (WebCore::createFontCustomPlatformData):
      * platform/graphics/skia/FontCustomPlatformData.h:
      * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
      * platform/text/TextBoundaries.cpp:
      * platform/text/TextEncoding.cpp:
      (WebCore::TextEncoding::encode):
      * platform/text/TextEncodingRegistry.cpp:
      * plugins/PluginViewNone.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95555 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f903ca32
  14. 19 Sep, 2011 2 commits
    • mhahnenberg@apple.com's avatar
      Remove toPrimitive from JSCell · 02a74eab
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67875
      
      Reviewed by Darin Adler.
      
      Part of the refactoring process to un-virtualize JSCell.  We move
      all of the implicit functionality provided by the virtual toPrimitive method
      in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
      also de-virtualizing JSCell::toPrimitive.
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * runtime/JSCell.cpp:
      (JSC::JSCell::toPrimitive):
      * runtime/JSCell.h:
      
      We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
      JSObject.  This pushes the virtual method further down, enabling us to get rid
      of the virtual call in JSCell.  Eventually we'll probably have to deal with this
      again, but we'll cross that bridge when we come to it.
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::defaultValue):
      * runtime/JSNotAnObject.h:
      * runtime/JSObject.h:
      * runtime/JSString.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95516 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02a74eab
    • ggaren@apple.com's avatar
      Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs. · e2f27917
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68422
              
      As discussed on webkit-dev. All ports build with threads enabled in JSC now.
              
      This may break WinCE and other ports that have not built and tested with
      this configuration. I've filed bugs for port maintainers. It's time for
      WebKit to move forward.
      
      Reviewed by Sam Weinig.
      
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      * API/JSContextRef.cpp:
      * heap/MachineStackMarker.cpp:
      (JSC::MachineThreads::MachineThreads):
      (JSC::MachineThreads::~MachineThreads):
      (JSC::MachineThreads::gatherConservativeRoots):
      * heap/MachineStackMarker.h:
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      (JSC::initializeThreading):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::sharedInstance):
      * runtime/JSGlobalData.h:
      (JSC::JSGlobalData::makeUsableFromMultipleThreads):
      * runtime/JSLock.cpp:
      * runtime/Structure.cpp:
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95510 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e2f27917