1. 15 Mar, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      Roll out r145838 · 871ffe65
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112458
      
      Unreviewed. Requested by Filip Pizlo.
      
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectPrototypeTable):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      * runtime/CommonIdentifiers.h:
      * runtime/JSCell.cpp:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::create):
      (ObjectPrototype):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::findWithString):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      
      LayoutTests:
      
      * fast/js/regress/script-tests/string-lookup-hit-identifier.js: Removed.
      * fast/js/regress/script-tests/string-lookup-hit.js: Removed.
      * fast/js/regress/script-tests/string-lookup-miss.js: Removed.
      * fast/js/regress/string-lookup-hit-expected.txt: Removed.
      * fast/js/regress/string-lookup-hit-identifier-expected.txt: Removed.
      * fast/js/regress/string-lookup-hit-identifier.html: Removed.
      * fast/js/regress/string-lookup-hit.html: Removed.
      * fast/js/regress/string-lookup-miss-expected.txt: Removed.
      * fast/js/regress/string-lookup-miss.html: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145945 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      871ffe65
  2. 14 Mar, 2013 1 commit
    • fpizlo@apple.com's avatar
      JSObject fast by-string access optimizations should work even on the prototype... · 10c38d3c
      fpizlo@apple.com authored
      JSObject fast by-string access optimizations should work even on the prototype chain, and even when the result is undefined
      https://bugs.webkit.org/show_bug.cgi?id=112233
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Extended the existing fast access path for String keys to work over the entire prototype chain,
      not just the self access case. This will fail as soon as it sees an object that intercepts
      getOwnPropertySlot, so this patch also ensures that ObjectPrototype does not fall into that
      category. This is accomplished by making ObjectPrototype eagerly reify all of its properties.
      This is safe for ObjectPrototype because it's so common and we expect all of its properties to
      be reified for any interesting programs anyway. A new idiom for adding native functions to
      prototypes is introduced, which ought to work well for any other prototypes that we wish to do
      this conversion for.
              
      This is a >60% speed-up in the case that you frequently do by-string lookups that "miss", i.e.
      they don't turn up anything.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectConstructorTable):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      * runtime/CommonIdentifiers.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getByStringSlow):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC):
      (JSC::JSCell::getByStringAndKey):
      (JSC::JSCell::getByString):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectNativeFunction):
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::create):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::findWithString):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      (JSC):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/js/regress/script-tests/string-lookup-hit-identifier.js: Added.
      (result):
      * fast/js/regress/script-tests/string-lookup-hit.js: Added.
      (result):
      * fast/js/regress/script-tests/string-lookup-miss.js: Added.
      (result):
      * fast/js/regress/string-lookup-hit-expected.txt: Added.
      * fast/js/regress/string-lookup-hit-identifier-expected.txt: Added.
      * fast/js/regress/string-lookup-hit-identifier.html: Added.
      * fast/js/regress/string-lookup-hit.html: Added.
      * fast/js/regress/string-lookup-miss-expected.txt: Added.
      * fast/js/regress/string-lookup-miss.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145838 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10c38d3c
  3. 06 Mar, 2013 1 commit
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 85b26820
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Geoffrey Garen.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      This time it should stick; I've been through all the tests with COLLECT_ON_EVERY_ALLOCATION.
      The issue with the last version was that Structure::m_offset could be used uninitialized
      when re-materializing a previously GC'd property table, causing some sanity checks to fail.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
          Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
          Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
          zaps the property table.
      
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureInlines.h:
      (JSC::Structure::propertyTable):
      
          Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
          Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
          Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
      
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      
          Added for setting up the property table in a new transition, this code is now shared between
          addPropertyTransition() and nonPropertyTransition().
      
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
          Add a global propertyTableStructure.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
          Make PropertyTable a GC object.
      
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::checkConsistency):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144910 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85b26820
  4. 05 Mar, 2013 1 commit
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r144708. · 0c94dc67
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/144708
      https://bugs.webkit.org/show_bug.cgi?id=111447
      
      random assertion crashes in inspector tests on qt+mac bots
      (Requested by kling on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-03-05
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::visitChildren):
      (JSC::Structure::checkConsistency):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144767 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0c94dc67
  5. 04 Mar, 2013 1 commit
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 9f23adb0
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Geoffrey Garen.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::get):
      
          Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
          Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
          zaps the property table.
      
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureInlines.h:
      (JSC::Structure::propertyTable):
      
          Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
          Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
          Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
      
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
          Add a global propertyTableStructure.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
          Make PropertyTable a GC object.
      
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::pin):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::checkConsistency):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144708 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9f23adb0
  6. 26 Feb, 2013 4 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r144074. · a5683e34
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/144074
      https://bugs.webkit.org/show_bug.cgi?id=110897
      
      Causing 20+ crashes on Mac (Requested by bradee-oh on
      #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-02-26
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144113 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a5683e34
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 1c5bd24a
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Filip Pizlo.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/StructureInlines.h:
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      (Structure):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144074 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1c5bd24a
    • akling@apple.com's avatar
      Unreviewed, rolling out r144054. · f9f6d217
      akling@apple.com authored
      http://trac.webkit.org/changeset/144054
      https://bugs.webkit.org/show_bug.cgi?id=110854
      
      broke builds
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyTable.cpp: Removed.
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      (Structure):
      * runtime/StructureInlines.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f9f6d217
    • akling@apple.com's avatar
      Unused Structure property tables waste 14MB on Membuster. · 11193c50
      akling@apple.com authored
      <http://webkit.org/b/110854>
      <rdar://problem/13292104>
      
      Reviewed by Filip Pizlo.
      
      Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
      14 MB progression on Membuster3.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      
          Added PropertyTable.cpp.
      
      * runtime/PropertyTable.cpp: Added.
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::destroy):
      (JSC::PropertyTable::~PropertyTable):
      (JSC::PropertyTable::visitChildren):
      
          Moved marking of property table values here from Structure::visitChildren().
      
      * runtime/StructureInlines.h:
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::checkOffsetConsistency):
      
          Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
      
      * runtime/Structure.cpp:
      (JSC::Structure::visitChildren):
      
          Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
      
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      (Structure):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/PropertyMapHashTable.h:
      (PropertyTable):
      (JSC::PropertyTable::createStructure):
      (JSC::PropertyTable::copy):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144054 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      11193c50
  7. 21 Feb, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      Objective-C API: Need a way to use the Objective-C JavaScript API with WebKit · f0712f94
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=106059
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      * API/JSBase.h: Renamed enable flag for API.
      * API/JSBlockAdaptor.h: Using new flag.
      * API/JSBlockAdaptor.mm: Ditto.
      * API/JSContext.h: Add convenience C API conversion function for JSGlobalContextRef.
      * API/JSContext.mm: 
      (-[JSContext JSGlobalContextRef]): Implementation of C API convenience function.
      (-[JSContext initWithVirtualMachine:]): We don't use the m_apiData field any more.
      (-[JSContext initWithGlobalContextRef:]): init method for allocating new JSContexts given a JSGlobalContextRef.
      (-[JSContext dealloc]): No more m_apiData.
      (-[JSContext wrapperForObjCObject:]): Renamed wrapperForObject. 
      (-[JSContext wrapperForJSObject:]): Fetches or allocates the JSValue for the specified JSValueRef in this JSContext.
      (+[JSContext contextWithGlobalContextRef:]): Helper function to grab the lightweight JSContext wrapper for a given
      JSGlobalContextRef from the global wrapper cache or allocate a new one if there isn't already one.
      * API/JSContextInternal.h: New flag, new method declaration for initWithGlobalContextRef.
      * API/JSExport.h: New flag.
      * API/JSValue.h: New flag and new C API convenience method.
      * API/JSValue.mm:
      (-[JSValue JSValueRef]): Implementation of the C API convenience method.
      (objectToValueWithoutCopy):
      (+[JSValue valueWithValue:inContext:]): We now ask the JSContext for an Objective-C JSValue wrapper, which it can cache
      in its internal JSWrapperMap.
      * API/JSValueInternal.h:
      * API/JSVirtualMachine.h:
      * API/JSVirtualMachine.mm: Added global cache that maps JSContextGroupRef -> JSVirtualMachine lightweight wrappers.
      (wrapperCacheLock):
      (initWrapperCache):
      (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
      (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
      (-[JSVirtualMachine init]):
      (-[JSVirtualMachine initWithContextGroupRef:]):
      (-[JSVirtualMachine dealloc]):
      (+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
      (-[JSVirtualMachine contextForGlobalContextRef:]):
      (-[JSVirtualMachine addContext:forGlobalContextRef:]):
      * API/JSVirtualMachineInternal.h:
      * API/JSWrapperMap.h:
      * API/JSWrapperMap.mm:
      (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We use the JSObjectSetPrototype C API call because 
      setting the __proto__ property causes all sorts of bad things to happen behind the scenes, which can cause crashes based on 
      when it gets called.
      (-[JSWrapperMap initWithContext:]):
      (-[JSWrapperMap jsWrapperForObject:]):
      (-[JSWrapperMap objcWrapperForJSValueRef:]):
      * API/JavaScriptCore.h:
      * API/ObjCCallbackFunction.h:
      * API/ObjCCallbackFunction.mm:
      (ObjCCallbackFunction::ObjCCallbackFunction): We never actually should have retained the target in the case that we had a 
      block as a callback. Blocks are initially allocated on the stack and are only moved to the heap if we call their copy method.
      Retaining the block on the stack was a bad idea because if that stack frame ever went away and we called the block later, 
      we'd crash and burn.
      (ObjCCallbackFunction::setContext): We need a new setter for when the weak reference to a JSContext inside an ObjCCallbackFunction
      disappears, we can allocate a new one in its place.
      (ObjCCallbackFunction):
      (objCCallbackFunctionCallAsFunction): Reset the callback's context if it's ever destroyed.
      (objCCallbackFunctionForInvocation): Again, don't set the __proto__ property because it uses black magic that can cause us to crash
      depending on when this is called.
      (objCCallbackFunctionForBlock): Here is where we copy the block to the heap when we're first creating the callback object for it.
      * API/tests/testapi.c:
      (main):
      * API/tests/testapi.mm: We're going to get rid of the automatic block conversion, since that is causing leaks. I changed it 
      here in this test just so that it wouldn't mask any other potential leaks. Also modified some of the tests since JSContexts are 
      just lightweight wrappers now, we're not guaranteed to get the same pointer back from the call to [JSValue context] as the one 
      that the value was created in.
      (-[TestObject callback:]):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData): No more m_apiData.
      * runtime/JSGlobalData.h: Ditto.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject): Ditto.
      * runtime/JSGlobalObject.h:
      
      Source/WebCore: 
      
      Reviewed by Geoffrey Garen.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::setWindow): Since we're basically abandoning a JSDOMWindow here, we call
      garbageCollectSoon().
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/ScriptController.h: New function to get the JSContext for the global object of the current main world.
      * bindings/js/ScriptControllerMac.mm: 
      (WebCore::ScriptController::javaScriptContext): Ditto.
      * bindings/objc/WebScriptObject.h: Added ifdef guards. Also new convenience conversion function for the JSC Obj-C API.
      * bindings/objc/WebScriptObject.mm: JSC::JSValue and JSValue conflict with one another, so we have to be more specific.
      (-[WebScriptObject _globalContextRef]): Useful helper function for getting the JSGlobalContextRef of a particular WebScriptObject.
      (-[WebScriptObject callWebScriptMethod:withArguments:]):
      (-[WebScriptObject evaluateWebScript:]):
      (-[WebScriptObject valueForKey:]):
      (-[WebScriptObject webScriptValueAtIndex:]):
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      (-[WebScriptObject JSValue]): Implementation of convenience WebScriptObject conversion function to new Objective-C API.
      * bindings/objc/WebScriptObjectPrivate.h:
      
      Source/WebKit/mac: 
      
      Reviewed by Geoffrey Garen.
      
      Addition of appropriate delegate callbacks and support to the WebKit API.
      
      * WebCoreSupport/WebFrameLoaderClient.mm:
      * WebView/WebDelegateImplementationCaching.h:
      (WebFrameLoadDelegateImplementationCache):
      * WebView/WebFrame.h:
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      (-[WebFrame _javaScriptContextForScriptWorld:]):
      (-[WebFrame javaScriptContext]):
      * WebView/WebFrameLoadDelegate.h:
      * WebView/WebFramePrivate.h:
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame _convertValueToObjcValue:JSC::]):
      (-[WebScriptCallFrame exception]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptWorld.h:
      * WebView/WebScriptWorld.mm:
      (+[WebScriptWorld scriptWorldForJavaScriptContext:]):
      * WebView/WebView.mm:
      (-[WebView _cacheFrameLoadDelegateImplementations]):
      (aeDescFromJSValue):
      (-[WebView aeDescByEvaluatingJavaScriptFromString:]):
      (-[WebView _computedStyleIncludingVisitedInfo:forElement:]):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
      
      * wtf/FeatureDefines.h: Added enable flag for JSC Objective-C API so it can be used in
      export files.
      
      Tools: 
      
      Reviewed by Geoffrey Garen.
      
      Added new tests for the WebKit API portion of the JSC Objective-C API.
      
      * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
      * TestWebKitAPI/Tests/mac/JSContextBackForwardCache1.html: Added.
      * TestWebKitAPI/Tests/mac/JSContextBackForwardCache2.html: Added.
      * TestWebKitAPI/Tests/mac/WebViewDidCreateJavaScriptContext.mm: Added.
      (-[MyConsole log:]):
      (-[MyConsole printHelloWorld]):
      (-[MyConsole add:to:]):
      (-[DidCreateJavaScriptContextFrameLoadDelegate webView:didFinishLoadForFrame:]):
      (-[DidCreateJavaScriptContextFrameLoadDelegate webView:didCreateJavaScriptContext:forFrame:]):
      (TestWebKitAPI):
      (TestWebKitAPI::TEST):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143637 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f0712f94
  8. 18 Feb, 2013 1 commit
    • ggaren@apple.com's avatar
      Shrank the SourceProvider cache · d17e17e9
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=110158
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      CodeCache is now our primary source cache, so a long-lived SourceProvider
      cache is a waste. I measured this as a 10MB Membuster win; with more
      precise instrumentation, Andreas estimated it as up to 30MB.
      
      I didn't eliminate the SourceProvider cache because it's still useful
      in speeding up uncached parsing of scripts with large nested functions
      (i.e., all scripts).
      
      * heap/Heap.cpp:
      (JSC::Heap::collect): Discard all source provider caches after GC. This
      is a convenient place to do so because it's reasonably soon after initial
      parsing without being immediate.
      
      * parser/Parser.cpp:
      (JSC::::Parser): Updated for interface change: The heap now owns the
      source provider cache, since most SourceProviders are not expected to
      have one by default, and the heap is responsible for throwing them away.
      
      (JSC::::parseInner): No need to update statistics on cache size, since
      we're going to throw it away no matter what.
      
      (JSC::::parseFunctionInfo): Reduced the minimum function size to 16. This
      is a 27% win on a new parsing micro-benchmark I've added. Now that the
      cache is temporary, we don't have to worry so much about its memory
      footprint.
      
      * parser/Parser.h:
      (Parser): Updated for interface changes.
      
      * parser/SourceProvider.cpp:
      (JSC::SourceProvider::SourceProvider):
      (JSC::SourceProvider::~SourceProvider):
      * parser/SourceProvider.h:
      (JSC):
      (SourceProvider): SourceProvider doesn't own its cache anymore because
      the cache is temporary.
      
      * parser/SourceProviderCache.cpp:
      (JSC::SourceProviderCache::clear):
      (JSC::SourceProviderCache::add):
      * parser/SourceProviderCache.h:
      (JSC::SourceProviderCache::SourceProviderCache):
      (SourceProviderCache):
      * parser/SourceProviderCacheItem.h:
      (SourceProviderCacheItem): No need to update statistics on cache size,
      since we're going to throw it away no matter what.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::addSourceProviderCache):
      (JSC):
      (JSC::JSGlobalData::clearSourceProviderCaches):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData): Moved the cache here so it's easier to throw away.
      
      Source/WebCore: 
      
      Test: fast/js/regress/nested-function-parsing.html
      
      No need to keep statistics on cache size, since we're going to throw it
      away no matter what.
      
      * WebCore.order:
      * bindings/js/CachedScriptSourceProvider.h:
      (CachedScriptSourceProvider):
      (WebCore::CachedScriptSourceProvider::CachedScriptSourceProvider):
      * loader/cache/CachedScript.cpp:
      (WebCore::CachedScript::destroyDecodedData):
      (WebCore):
      (WebCore::CachedScript::reportMemoryUsage):
      * loader/cache/CachedScript.h:
      (CachedScript):
      
      LayoutTests: 
      
      New benchmark to show that a minimum size of 16 is better than 64.
      
      * fast/js/regress/nested-function-parsing-expected.txt: Added.
      * fast/js/regress/nested-function-parsing.html: Added.
      * fast/js/regress/script-tests/nested-function-parsing.js: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143279 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d17e17e9
  9. 01 Feb, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      Structure should have a StructureRareData field to save space · dc3d148e
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=108659
      
      Reviewed by Oliver Hunt.
      
      Many of the fields in Structure are used in a subset of all total Structures; however, all Structures must 
      pay the memory cost of those fields, regardless of whether they use them or not. Since we can have potentially 
      many Structures on a single page (e.g. bing.com creates ~1500 Structures), it would be profitable to 
      refactor Structure so that not every Structure has to pay the memory costs for these infrequently used fields.
      
      To accomplish this, we can create a new StructureRareData class to house these seldom used fields which we 
      can allocate on demand whenever a Structure requires it. This StructureRareData can itself be a JSCell, and 
      can do all the marking of the fields for the Structure. The StructureRareData field will be part of a union 
      with m_previous to minimize overhead. We'll add a new field to JSTypeInfo to indicate that the Structure has 
      a StructureRareData field. During transitions, a Structure will clone its previous Structure's StructureRareData 
      if it has one. There could be some potential for optimizing this process, but the initial implementation will 
      be dumb since we'd be paying these overhead costs for each Structure anyways.
      
      Initially we'll only put two fields in the StructureRareData to avoid a memory regression. Over time we'll 
      continue to move fields from Structure to StructureRareData. Optimistically, this could potentially reduce our 
      Structure memory footprint by up to around 75%. It could also clear the way for removing destructors from 
      Structures (and into StructureRareData).
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGRepatch.cpp: Includes for linking purposes.
      * jit/JITStubs.cpp:
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      * runtime/JSCellInlines.h: Added ifdef guards.
      * runtime/JSGlobalData.cpp: New Structure for StructureRareData class.
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      * runtime/JSTypeInfo.h: New flag to indicate whether or not a Structure has a StructureRareData field.
      (JSC::TypeInfo::flags):
      (JSC::TypeInfo::structureHasRareData):
      * runtime/ObjectPrototype.cpp:
      * runtime/Structure.cpp: We use a combined WriteBarrier<JSCell> field m_previousOrRareData to avoid compiler issues.
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::Structure): 
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::pin):
      (JSC::Structure::allocateRareData): Handles allocating a brand new StructureRareData field.
      (JSC::Structure::cloneRareDataFrom): Handles cloning a StructureRareData field from another. Used during Structure 
      transitions.
      (JSC::Structure::visitChildren): We no longer have to worry about marking m_objectToStringValue.
      * runtime/Structure.h:
      (JSC::Structure::previousID): Checks the structureHasRareData flag to see where it should get the previous Structure.
      (JSC::Structure::objectToStringValue): Reads the value from the StructureRareData. If it doesn't exist, returns 0.
      (JSC::Structure::setObjectToStringValue): Ensures that we have a StructureRareData field, then forwards the function 
      call to it.
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::setPreviousID): Checks for StructureRareData and forwards if necessary.
      (Structure):
      (JSC::Structure::clearPreviousID): Ditto.
      (JSC::Structure::create):
      * runtime/StructureRareData.cpp: Added. All of the basic functionality of a JSCell with the fields that we've moved 
      from Structure and the functions required to access/modify those fields as Structure would have done.
      (JSC):
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::create):
      (JSC::StructureRareData::clone):
      (JSC::StructureRareData::StructureRareData):
      (JSC::StructureRareData::visitChildren):
      * runtime/StructureRareData.h: Added.
      (JSC):
      (StructureRareData):
      * runtime/StructureRareDataInlines.h: Added.
      (JSC):
      (JSC::StructureRareData::previousID):
      (JSC::StructureRareData::setPreviousID):
      (JSC::StructureRareData::clearPreviousID):
      (JSC::Structure::previous): Handles the ugly casting to get the value of the right type of m_previousOrRareData.
      (JSC::Structure::rareData): Ditto.
      (JSC::StructureRareData::objectToStringValue):
      (JSC::StructureRareData::setObjectToStringValue):
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGRepatch.cpp:
      * jit/JITStubs.cpp:
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      * runtime/JSCellInlines.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      * runtime/JSTypeInfo.h:
      (JSC):
      (JSC::TypeInfo::flags):
      (JSC::TypeInfo::structureHasRareData):
      * runtime/ObjectPrototype.cpp:
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::pin):
      (JSC::Structure::allocateRareData):
      (JSC):
      (JSC::Structure::cloneRareDataFrom):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::previousID):
      (JSC::Structure::objectToStringValue):
      (JSC::Structure::setObjectToStringValue):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::setPreviousID):
      (Structure):
      (JSC::Structure::clearPreviousID):
      (JSC::Structure::previous):
      (JSC::Structure::rareData):
      (JSC::Structure::create):
      * runtime/StructureRareData.cpp: Added.
      (JSC):
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::create):
      (JSC::StructureRareData::clone):
      (JSC::StructureRareData::StructureRareData):
      (JSC::StructureRareData::visitChildren):
      * runtime/StructureRareData.h: Added.
      (JSC):
      (StructureRareData):
      * runtime/StructureRareDataInlines.h: Added.
      (JSC):
      (JSC::StructureRareData::previousID):
      (JSC::StructureRareData::setPreviousID):
      (JSC::StructureRareData::clearPreviousID):
      (JSC::StructureRareData::objectToStringValue):
      (JSC::StructureRareData::setObjectToStringValue):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141651 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dc3d148e
  10. 29 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG should not use a graph that is a vector, Nodes shouldn't move after... · 8ff092fc
      fpizlo@apple.com authored
      DFG should not use a graph that is a vector, Nodes shouldn't move after allocation, and we should always refer to nodes by Node*
      https://bugs.webkit.org/show_bug.cgi?id=106868
      
      Reviewed by Oliver Hunt.
              
      This adds a pool allocator for Nodes, and uses that instead of a Vector. Changes all
      uses of Node& and NodeIndex to be simply Node*. Nodes no longer have an index except
      for debugging (Node::index(), which is not guaranteed to be O(1)).
              
      1% speed-up on SunSpider, presumably because this improves compile times.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::booleanResult):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
      (JSC::DFG::AbstractState::dump):
      * dfg/DFGAbstractState.h:
      (DFG):
      (JSC::DFG::AbstractState::forNode):
      (AbstractState):
      (JSC::DFG::AbstractState::speculateInt32Unary):
      (JSC::DFG::AbstractState::speculateNumberUnary):
      (JSC::DFG::AbstractState::speculateBooleanUnary):
      (JSC::DFG::AbstractState::speculateInt32Binary):
      (JSC::DFG::AbstractState::speculateNumberBinary):
      (JSC::DFG::AbstractState::trySetConstant):
      * dfg/DFGAbstractValue.h:
      (AbstractValue):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (JSC::DFG::AdjacencyList::initialize):
      * dfg/DFGAllocator.h: Added.
      (DFG):
      (Allocator):
      (JSC::DFG::Allocator::Region::size):
      (JSC::DFG::Allocator::Region::headerSize):
      (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
      (JSC::DFG::Allocator::Region::data):
      (JSC::DFG::Allocator::Region::isInThisRegion):
      (JSC::DFG::Allocator::Region::regionFor):
      (Region):
      (JSC::DFG::::Allocator):
      (JSC::DFG::::~Allocator):
      (JSC::DFG::::allocate):
      (JSC::DFG::::free):
      (JSC::DFG::::freeAll):
      (JSC::DFG::::reset):
      (JSC::DFG::::indexOf):
      (JSC::DFG::::allocatorOf):
      (JSC::DFG::::bumpAllocate):
      (JSC::DFG::::freeListAllocate):
      (JSC::DFG::::allocateSlow):
      (JSC::DFG::::freeRegionsStartingAt):
      (JSC::DFG::::startBumpingIn):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
      (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::originalArrayStructure):
      (JSC::DFG::ArrayMode::alreadyChecked):
      * dfg/DFGArrayMode.h:
      (ArrayMode):
      * dfg/DFGArrayifySlowPathGenerator.h:
      (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::node):
      (JSC::DFG::BasicBlock::isInPhis):
      (JSC::DFG::BasicBlock::isInBlock):
      (BasicBlock):
      * dfg/DFGBasicBlockInlines.h:
      (DFG):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::setDirect):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::setPair):
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::getToInt32):
      (JSC::DFG::ByteCodeParser::toInt32):
      (JSC::DFG::ByteCodeParser::getJSConstantForValue):
      (JSC::DFG::ByteCodeParser::getJSConstant):
      (JSC::DFG::ByteCodeParser::getCallee):
      (JSC::DFG::ByteCodeParser::getThis):
      (JSC::DFG::ByteCodeParser::setThis):
      (JSC::DFG::ByteCodeParser::isJSConstant):
      (JSC::DFG::ByteCodeParser::isInt32Constant):
      (JSC::DFG::ByteCodeParser::valueOfJSConstant):
      (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
      (JSC::DFG::ByteCodeParser::constantUndefined):
      (JSC::DFG::ByteCodeParser::constantNull):
      (JSC::DFG::ByteCodeParser::one):
      (JSC::DFG::ByteCodeParser::constantNaN):
      (JSC::DFG::ByteCodeParser::cellConstant):
      (JSC::DFG::ByteCodeParser::addToGraph):
      (JSC::DFG::ByteCodeParser::insertPhiNode):
      (JSC::DFG::ByteCodeParser::addVarArgChild):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getPrediction):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord):
      (ConstantRecord):
      (JSC::DFG::ByteCodeParser::PhiStackEntry::PhiStackEntry):
      (PhiStackEntry):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitFunctionChecks):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::setIntrinsicResult):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::getScope):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
      (OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
      (JSC::DFG::CFGSimplificationPhase::recordNewTarget):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::canonicalize):
      (JSC::DFG::CSEPhase::endIndexForPureCSE):
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::constantCSE):
      (JSC::DFG::CSEPhase::weakConstantCSE):
      (JSC::DFG::CSEPhase::getCalleeLoadElimination):
      (JSC::DFG::CSEPhase::getArrayLengthElimination):
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::checkFunctionElimination):
      (JSC::DFG::CSEPhase::checkExecutableElimination):
      (JSC::DFG::CSEPhase::checkStructureElimination):
      (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::checkArrayElimination):
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      (JSC::DFG::CSEPhase::performSubstitution):
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::eliminate):
      (JSC::DFG::CSEPhase::performNodeCSE):
      (JSC::DFG::CSEPhase::performBlockCSE):
      (CSEPhase):
      * dfg/DFGCommon.cpp: Added.
      (DFG):
      (JSC::DFG::NodePointerTraits::dump):
      * dfg/DFGCommon.h:
      (DFG):
      (JSC::DFG::NodePointerTraits::defaultValue):
      (NodePointerTraits):
      (JSC::DFG::verboseCompilationEnabled):
      (JSC::DFG::shouldDumpGraphAtEachPhase):
      (JSC::DFG::validationEnabled):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
      (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
      (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::Disassembler):
      (JSC::DFG::Disassembler::createDumpList):
      (JSC::DFG::Disassembler::dumpDisassembly):
      * dfg/DFGDisassembler.h:
      (JSC::DFG::Disassembler::setForNode):
      (Disassembler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.cpp: Added.
      (DFG):
      (JSC::DFG::Edge::dump):
      * dfg/DFGEdge.h:
      (JSC::DFG::Edge::Edge):
      (JSC::DFG::Edge::node):
      (JSC::DFG::Edge::operator*):
      (JSC::DFG::Edge::operator->):
      (Edge):
      (JSC::DFG::Edge::setNode):
      (JSC::DFG::Edge::useKind):
      (JSC::DFG::Edge::setUseKind):
      (JSC::DFG::Edge::isSet):
      (JSC::DFG::Edge::shift):
      (JSC::DFG::Edge::makeWord):
      (JSC::DFG::operator==):
      (JSC::DFG::operator!=):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupBlock):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      (JSC::DFG::FixupPhase::fixIntEdge):
      (JSC::DFG::FixupPhase::fixDoubleEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (FixupPhase):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::GenerationInfo):
      (JSC::DFG::GenerationInfo::initConstant):
      (JSC::DFG::GenerationInfo::initInteger):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initCell):
      (JSC::DFG::GenerationInfo::initBoolean):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::initStorage):
      (GenerationInfo):
      (JSC::DFG::GenerationInfo::node):
      (JSC::DFG::GenerationInfo::noticeOSRBirth):
      (JSC::DFG::GenerationInfo::use):
      (JSC::DFG::GenerationInfo::appendFill):
      (JSC::DFG::GenerationInfo::appendSpill):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::~Graph):
      (DFG):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::amountOfNodeWhiteSpace):
      (JSC::DFG::Graph::printNodeWhiteSpace):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      (JSC::DFG::Graph::refChildren):
      (JSC::DFG::Graph::derefChildren):
      (JSC::DFG::Graph::predictArgumentTypes):
      (JSC::DFG::Graph::collectGarbage):
      (JSC::DFG::Graph::determineReachability):
      (JSC::DFG::Graph::resetExitStates):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::ref):
      (JSC::DFG::Graph::deref):
      (JSC::DFG::Graph::changeChild):
      (JSC::DFG::Graph::compareAndSwap):
      (JSC::DFG::Graph::clearAndDerefChild):
      (JSC::DFG::Graph::clearAndDerefChild1):
      (JSC::DFG::Graph::clearAndDerefChild2):
      (JSC::DFG::Graph::clearAndDerefChild3):
      (JSC::DFG::Graph::convertToConstant):
      (JSC::DFG::Graph::getJSConstantSpeculation):
      (JSC::DFG::Graph::addSpeculationMode):
      (JSC::DFG::Graph::valueAddSpeculationMode):
      (JSC::DFG::Graph::arithAddSpeculationMode):
      (JSC::DFG::Graph::addShouldSpeculateInteger):
      (JSC::DFG::Graph::mulShouldSpeculateInteger):
      (JSC::DFG::Graph::negateShouldSpeculateInteger):
      (JSC::DFG::Graph::isConstant):
      (JSC::DFG::Graph::isJSConstant):
      (JSC::DFG::Graph::isInt32Constant):
      (JSC::DFG::Graph::isDoubleConstant):
      (JSC::DFG::Graph::isNumberConstant):
      (JSC::DFG::Graph::isBooleanConstant):
      (JSC::DFG::Graph::isCellConstant):
      (JSC::DFG::Graph::isFunctionConstant):
      (JSC::DFG::Graph::isInternalFunctionConstant):
      (JSC::DFG::Graph::valueOfJSConstant):
      (JSC::DFG::Graph::valueOfInt32Constant):
      (JSC::DFG::Graph::valueOfNumberConstant):
      (JSC::DFG::Graph::valueOfBooleanConstant):
      (JSC::DFG::Graph::valueOfFunctionConstant):
      (JSC::DFG::Graph::valueProfileFor):
      (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
      (JSC::DFG::Graph::numSuccessors):
      (JSC::DFG::Graph::successor):
      (JSC::DFG::Graph::successorForCondition):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      (JSC::DFG::Graph::varArgNumChildren):
      (JSC::DFG::Graph::numChildren):
      (JSC::DFG::Graph::varArgChild):
      (JSC::DFG::Graph::child):
      (JSC::DFG::Graph::voteNode):
      (JSC::DFG::Graph::voteChildren):
      (JSC::DFG::Graph::substitute):
      (JSC::DFG::Graph::substituteGetLocal):
      (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
      (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
      * dfg/DFGInsertionSet.h:
      (JSC::DFG::Insertion::Insertion):
      (JSC::DFG::Insertion::element):
      (Insertion):
      (JSC::DFG::InsertionSet::insert):
      (InsertionSet):
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::setForNode):
      (JSC::DFG::JITCompiler::addressOfDoubleConstant):
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGLongLivedState.cpp: Added.
      (DFG):
      (JSC::DFG::LongLivedState::LongLivedState):
      (JSC::DFG::LongLivedState::~LongLivedState):
      (JSC::DFG::LongLivedState::shrinkToFit):
      * dfg/DFGLongLivedState.h: Added.
      (DFG):
      (LongLivedState):
      * dfg/DFGMinifiedID.h:
      (JSC::DFG::MinifiedID::MinifiedID):
      (JSC::DFG::MinifiedID::node):
      * dfg/DFGMinifiedNode.cpp:
      (JSC::DFG::MinifiedNode::fromNode):
      * dfg/DFGMinifiedNode.h:
      (MinifiedNode):
      * dfg/DFGNode.cpp: Added.
      (DFG):
      (JSC::DFG::Node::index):
      (WTF):
      (WTF::printInternal):
      * dfg/DFGNode.h:
      (DFG):
      (JSC::DFG::Node::Node):
      (Node):
      (JSC::DFG::Node::convertToGetByOffset):
      (JSC::DFG::Node::convertToPutByOffset):
      (JSC::DFG::Node::ref):
      (JSC::DFG::Node::shouldSpeculateInteger):
      (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
      (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
      (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      (JSC::DFG::Node::shouldSpeculateFinalObject):
      (JSC::DFG::Node::shouldSpeculateArray):
      (JSC::DFG::Node::dumpChildren):
      (WTF):
      * dfg/DFGNodeAllocator.h: Added.
      (DFG):
      (operator new ):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      (SpeculationFailureDebugInfo):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (DFG):
      (JSC::DFG::Phase::beginPhase):
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGPhase.h:
      (Phase):
      (JSC::DFG::runAndLog):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::setPrediction):
      (JSC::DFG::PredictionPropagationPhase::mergePrediction):
      (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
      (JSC::DFG::PredictionPropagationPhase::isNotZero):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
      (JSC::DFG::PredictionPropagationPhase::propagateForward):
      (JSC::DFG::PredictionPropagationPhase::propagateBackward):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      (PredictionPropagationPhase):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::ScoreBoard):
      (JSC::DFG::ScoreBoard::use):
      (JSC::DFG::ScoreBoard::useIfHasResult):
      (ScoreBoard):
      * dfg/DFGSilentRegisterSavePlan.h:
      (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
      (JSC::DFG::SilentRegisterSavePlan::node):
      (SilentRegisterSavePlan):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
      (JSC::DFG::SlowPathGenerator::generate):
      (SlowPathGenerator):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::useChildren):
      (JSC::DFG::SpeculativeJIT::isStrictInt32):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownNumeric):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::writeBarrier):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
      (JSC::DFG::GPRTemporary::GPRTemporary):
      (JSC::DFG::FPRTemporary::FPRTemporary):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
      (JSC::DFG::SpeculativeJIT::compileInstanceOf):
      (JSC::DFG::SpeculativeJIT::compileSoftModulo):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
      (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
      (JSC::DFG::SpeculativeJIT::compileRegExpExec):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::isConstant):
      (JSC::DFG::SpeculativeJIT::isJSConstant):
      (JSC::DFG::SpeculativeJIT::isInt32Constant):
      (JSC::DFG::SpeculativeJIT::isDoubleConstant):
      (JSC::DFG::SpeculativeJIT::isNumberConstant):
      (JSC::DFG::SpeculativeJIT::isBooleanConstant):
      (JSC::DFG::SpeculativeJIT::isFunctionConstant):
      (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
      (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
      (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
      (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
      (JSC::DFG::SpeculativeJIT::isNullConstant):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
      (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::integerResult):
      (JSC::DFG::SpeculativeJIT::noResult):
      (JSC::DFG::SpeculativeJIT::cellResult):
      (JSC::DFG::SpeculativeJIT::booleanResult):
      (JSC::DFG::SpeculativeJIT::jsValueResult):
      (JSC::DFG::SpeculativeJIT::storageResult):
      (JSC::DFG::SpeculativeJIT::doubleResult):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::setNodeForOperand):
      (JSC::DFG::IntegerOperand::IntegerOperand):
      (JSC::DFG::IntegerOperand::node):
      (JSC::DFG::IntegerOperand::gpr):
      (JSC::DFG::IntegerOperand::use):
      (IntegerOperand):
      (JSC::DFG::DoubleOperand::DoubleOperand):
      (JSC::DFG::DoubleOperand::node):
      (JSC::DFG::DoubleOperand::fpr):
      (JSC::DFG::DoubleOperand::use):
      (DoubleOperand):
      (JSC::DFG::JSValueOperand::JSValueOperand):
      (JSC::DFG::JSValueOperand::node):
      (JSC::DFG::JSValueOperand::gpr):
      (JSC::DFG::JSValueOperand::fill):
      (JSC::DFG::JSValueOperand::use):
      (JSValueOperand):
      (JSC::DFG::StorageOperand::StorageOperand):
      (JSC::DFG::StorageOperand::node):
      (JSC::DFG::StorageOperand::gpr):
      (JSC::DFG::StorageOperand::use):
      (StorageOperand):
      (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
      (JSC::DFG::SpeculateIntegerOperand::node):
      (JSC::DFG::SpeculateIntegerOperand::gpr):
      (JSC::DFG::SpeculateIntegerOperand::use):
      (SpeculateIntegerOperand):
      (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
      (JSC::DFG::SpeculateStrictInt32Operand::node):
      (JSC::DFG::SpeculateStrictInt32Operand::gpr):
      (JSC::DFG::SpeculateStrictInt32Operand::use):
      (SpeculateStrictInt32Operand):
      (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
      (JSC::DFG::SpeculateDoubleOperand::node):
      (JSC::DFG::SpeculateDoubleOperand::fpr):
      (JSC::DFG::SpeculateDoubleOperand::use):
      (SpeculateDoubleOperand):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (JSC::DFG::SpeculateCellOperand::node):
      (JSC::DFG::SpeculateCellOperand::gpr):
      (JSC::DFG::SpeculateCellOperand::use):
      (SpeculateCellOperand):
      (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
      (JSC::DFG::SpeculateBooleanOperand::node):
      (JSC::DFG::SpeculateBooleanOperand::gpr):
      (JSC::DFG::SpeculateBooleanOperand::use):
      (SpeculateBooleanOperand):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileValueAdd):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileValueAdd):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureAbstractValue.h:
      (StructureAbstractValue):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGValidate.cpp:
      (DFG):
      (Validate):
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::reportValidationContext):
      * dfg/DFGValidate.h:
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::ValueSource):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * runtime/FunctionExecutableDump.cpp: Added.
      (JSC):
      (JSC::FunctionExecutableDump::dump):
      * runtime/FunctionExecutableDump.h: Added.
      (JSC):
      (FunctionExecutableDump):
      (JSC::FunctionExecutableDump::FunctionExecutableDump):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (DFG):
      (JSGlobalData):
      * runtime/Options.h:
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141069 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8ff092fc
  11. 08 Jan, 2013 1 commit
    • oliver@apple.com's avatar
      Support op_typeof in the DFG · e722ad0f
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98898
      
      Reviewed by Filip Pizlo.
      
      Adds a TypeOf node to the DFG to support op_typeof.
      
      To avoid adding too much GC horror, this also makes the
      common strings portion of the SmallString cache strongly
      referenced.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
        We try to determine the result early here, and substitute in a constant.
        Otherwise we leave the node intact, and set the result type to SpecString.
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
        Parse op_typeof
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
        TypeOf nodes can be subjected to pure CSE
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
        We can handle typeof.
      * dfg/DFGNodeType.h:
      (DFG):
        Define the node.
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
        Add operationTypeOf to support the non-trivial cases.
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
        Actual codegen
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      (JSC):
      * runtime/Operations.h:
      (JSC):
        Some refactoring to allow us to get the type string for an
        object without needing a callframe.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139145 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e722ad0f
  12. 07 Jan, 2013 1 commit
  13. 01 Jan, 2013 1 commit
    • barraclough@apple.com's avatar
      Objective-C API for JavaScriptCore · fc381887
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=105889
      
      Reviewed by Filip Pizlo.
      
      ../JavaScriptCore: 
      
      For a detailed description of the API implemented here, see:
          JSContext.h
          APIJSValue.h
          JSVirtualMachine.h
          JSExport.h
      Still to do -
          (1) Shoud rename APIJSValue.h -> JSValue.h (but we'll have to rename JSValue.h first).
          (2) Numerous FIXMEs, all with separate bugs filed.
      
      * API/APIJSValue.h: Added.
          - this Objective-C class is used to reference a JavaScript object.
      * API/JSBase.h:
          - added JS_OBJC_API_ENABLED macro to control ObjC API support.
      * API/JSBlockAdaptor.h: Added.
          - this Objective-C class is used in creating a special NSBlock proxying a JavaScript function.
      * API/JSBlockAdaptor.mm: Added.
      (BlockArgument):
      (BlockArgument::~BlockArgument):
      (BlockArgumentBoolean):
      (BlockArgumentBoolean::get):
      (BlockArgumentNumeric):
      (BlockArgumentNumeric::get):
      (BlockArgumentId):
      (BlockArgumentId::get):
      (BlockArgumentStruct):
      (BlockArgumentStruct::BlockArgumentStruct):
      (BlockArgumentStruct::~BlockArgumentStruct):
      (BlockArgumentStruct::get):
          - decoded arguent type information of a JSBlockAdaptor.
      (BlockArgumentTypeDelegate):
      (BlockArgumentTypeDelegate::typeInteger):
      (BlockArgumentTypeDelegate::typeDouble):
      (BlockArgumentTypeDelegate::typeBool):
      (BlockArgumentTypeDelegate::typeVoid):
      (BlockArgumentTypeDelegate::typeId):
      (BlockArgumentTypeDelegate::typeOfClass):
      (BlockArgumentTypeDelegate::typeBlock):
      (BlockArgumentTypeDelegate::typeStruct):
          - delegate for use in conjunction with parseObjCType.
      (BlockResult):
      (BlockResult::~BlockResult):
      (BlockResultVoid):
      (BlockResultVoid::set):
      (BlockResultInteger):
      (BlockResultInteger::set):
      (BlockResultDouble):
      (BlockResultDouble::set):
      (BlockResultBoolean):
      (BlockResultBoolean::set):
      (BlockResultStruct):
      (BlockResultStruct::BlockResultStruct):
      (BlockResultStruct::~BlockResultStruct):
      (BlockResultStruct::set):
          - decoded result type information of a JSBlockAdaptor.
      (buildBlockSignature):
          - partial step in constructing a signature with stack offset information from one without.
      (-[JSBlockAdaptor initWithBlockSignatureFromProtocol:]):
          - constructor.
      (-[JSBlockAdaptor blockMatchesSignature:]):
          - check whether signature strings match, where only one contains stack frame offsets.
      (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
          - use the adaptor to create a special forwarding block.
      * API/JSCallbackObjectFunctions.h:
      (JSC::::inherits):
          - add missing braces to multiline for statement.
      * API/JSContext.h: Added.
          - this Objective-C class is used to reference a JavaScript context.
      * API/JSContext.mm: Added.
      (-[JSContext init]):
          - constructor.
      (-[JSContext initWithVirtualMachine:]):
          - construct in a given VM (JSGlobalData).
      (-[JSContext evaluateScript:]):
      (-[JSContext globalObject]):
          - evaluate a script, global object accessor.
      (+[JSContext currentContext]):
      (+[JSContext currentThis]):
      (+[JSContext currentArguments]):
          - These methods obtain context, this, arguments from within a callback.
      (-[JSContext virtualMachine]):
          - implementation for .virtualMachine property.
      (-[JSContext objectForKeyedSubscript:]):
      (-[JSContext setObject:forKeyedSubscript:]):
          - support for subscript property access.
      (contextInternalContext):
          - internal accessor to m_context.
      (-[JSContext dealloc]):
          - desctructor.
      (-[JSContext notifyException:]):
      (-[JSContext valueFromNotifyException:]):
      (-[JSContext boolFromNotifyException:]):
          - internal method to record an exception was thrown.
      (-[JSContext beginCallbackWithData:thisValue:argumentCount:arguments:]):
      (-[JSContext endCallbackWithData:]):
          - internal methods to push/pop a callback record.
      (-[JSContext protect:]):
      (-[JSContext unprotect:]):
          - internal methods to add a value to a protect set (used to protect the internal property of JSValue).
      (-[JSContext wrapperForObject:]):
          - internal method to create a wrapper object.
      (WeakContextRef::WeakContextRef):
      (WeakContextRef::~WeakContextRef):
      (WeakContextRef::get):
      (WeakContextRef::set):
          - Helper class to implement a weak reference to a JSContext.
      * API/JSContextInternal.h: Added.
      (CallbackData):
      (WeakContextRef):
          - see API/JSContext.mm for description of internal methods.
      * API/JSExport.h: Added.
          - Provides JSExport protocol & JSExportAs macro.
      * API/JSValue.mm: Added.
      (+[JSValue valueWithObject:inContext:]):
      (+[JSValue valueWithBool:inContext:]):
      (+[JSValue valueWithDouble:inContext:]):
      (+[JSValue valueWithInt32:inContext:]):
      (+[JSValue valueWithUInt32:inContext:]):
      (+[JSValue valueWithNewObjectInContext:]):
      (+[JSValue valueWithNewArrayInContext:]):
      (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
      (+[JSValue valueWithNewErrorFromMessage:inContext:]):
      (+[JSValue valueWithNullInContext:]):
      (+[JSValue valueWithUndefinedInContext:]):
          - Constructors.
      (-[JSValue toObject]):
      (-[JSValue toObjectOfClass:]):
      (-[JSValue toBool]):
      (-[JSValue toDouble]):
      (-[JSValue toInt32]):
      (-[JSValue toUInt32]):
      (-[JSValue toNumber]):
      (-[JSValue toString]):
      (-[JSValue toDate]):
      (-[JSValue toArray]):
      (-[JSValue toDictionary]):
          - Conversion to Objective-C types.
      (-[JSValue valueForProperty:]):
      (-[JSValue setValue:forProperty:]):
      (-[JSValue deleteProperty:]):
      (-[JSValue hasProperty:]):
      (-[JSValue defineProperty:descriptor:]):
          - Property access by property name.
      (-[JSValue valueAtIndex:]):
      (-[JSValue setValue:atIndex:]):
          - Property access by index.
      (-[JSValue isUndefined]):
      (-[JSValue isNull]):
      (-[JSValue isBoolean]):
      (-[JSValue isNumber]):
      (-[JSValue isString]):
      (-[JSValue isObject]):
          - Test JavaScript type.
      (-[JSValue isEqualToObject:]):
      (-[JSValue isEqualWithTypeCoercionToObject:]):
      (-[JSValue isInstanceOf:]):
          - ===, ==, instanceof operators.
      (-[JSValue callWithArguments:]):
      (-[JSValue constructWithArguments:]):
      (-[JSValue invokeMethod:withArguments:]):
          - Call & construct.
      (-[JSValue context]):
          - implementation for .context property.
      (-[JSValue toPoint]):
      (-[JSValue toRange]):
      (-[JSValue toRect]):
      (-[JSValue toSize]):
      (+[JSValue valueWithPoint:inContext:]):
      (+[JSValue valueWithRange:inContext:]):
      (+[JSValue valueWithRect:inContext:]):
      (+[JSValue valueWithSize:inContext:]):
          - Support for NS struct types.
      (-[JSValue objectForKeyedSubscript:]):
      (-[JSValue objectAtIndexedSubscript:]):
      (-[JSValue setObject:forKeyedSubscript:]):
      (-[JSValue setObject:atIndexedSubscript:]):
          - support for subscript property access.
      (isDate):
      (isArray):
          - internal helper functions to check for instances of JS Date, Array types.
      (JSContainerConvertor):
      (Task):
      (JSContainerConvertor::JSContainerConvertor):
      (JSContainerConvertor::isWorkListEmpty):
      (JSContainerConvertor::convert):
      (JSContainerConvertor::add):
      (JSContainerConvertor::take):
          - helper class for tracking state while converting to Array/Dictionary objects.
      (valueToObjectWithoutCopy):
      (containerValueToObject):
      (valueToObject):
      (valueToNumber):
      (valueToString):
      (valueToDate):
      (valueToArray):
      (valueToDictionary):
          - function for converting JavaScript values to Objective-C objects.
      (ObjcContainerConvertor):
      (ObjcContainerConvertor::ObjcContainerConvertor):
      (ObjcContainerConvertor::isWorkListEmpty):
      (ObjcContainerConvertor::convert):
      (ObjcContainerConvertor::add):
      (ObjcContainerConvertor::take):
          - helper class for tracking state while converting to Array/Dictionary values.
      (objectToValueWithoutCopy):
      (objectToValue):
      (valueInternalValue):
          - function for converting Objective-C objects to JavaScript values.
      (+[JSValue valueWithValue:inContext:]):
      (-[JSValue initWithValue:inContext:]):
          - internal constructors.
      (StructTagHandler):
      (getStructTagHandler):
      (+[JSValue selectorForStructToValue:]):
      (+[JSValue selectorForValueToStruct:]):
          - methods to tracking struct types that support conversion to/from JSValue.
      (-[JSValue dealloc]):
          - destructor.
      (-[JSValue description]):
          - Objective-C to-NSString conversion.
      (typeToValueInvocationFor):
      (valueToTypeInvocationFor):
          - create invocation objects for conversion to/from JSValue.
      * API/JSValueInternal.h: Added.
          - see API/JSValue.mm for description of internal methods.
      * API/JSVirtualMachine.h: Added.
          - this Objective-C class is used to reference a JavaScript virtual machine (JSGlobalData).
      * API/JSVirtualMachine.mm: Added.
      (-[JSVirtualMachine init]):
      (-[JSVirtualMachine dealloc]):
          - constructor & destructor.
      (getGroupFromVirtualMachine):
          - internal accessor for m_group property.
      * API/JSVirtualMachineInternal.h: Added.
          - see API/JSVirtualMachine.mm for description of internal methods.
      * API/JSWrapperMap.h: Added.
      * API/JSWrapperMap.mm: Added.
      (wrapperClass):
          - singleton root for detction (& unwrapping) of wrapper objects.
      (selectorToPropertyName):
          - default selector to property name conversion.
      (createObjectWithCustomBrand):
          - creates a JSObject with a custom NativeBrand (class name).
      (createRenameMap):
          - parse @optional properties of a JSExport protocol.
      (putNonEnumerable):
          - property put with enumerable=false.
      (copyMethodsToObject):
          - iterate methods in a protocol; add functions to a JSObject.
      (parsePropertyAttributes):
          - examine protocol property metadata.
      (makeSetterName):
          - "foo" -> "setFoo"
      (copyPrototypeProperties):
          - create properties on a Protocol object reflecting the instance methods & properties of a protocol.
      (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
      (-[JSObjCClassInfo dealloc]):
      (-[JSObjCClassInfo wrapperForObject:]):
      (-[JSObjCClassInfo constructor]):
          - cache the Protocol/Constructor objects for an Objective-C type.
      (-[JSWrapperMap initWithContext:]):
      (-[JSWrapperMap dealloc]):
          - constructor & desctructor.
      (-[JSWrapperMap classInfoForClass:]):
          - maps Class -> JSObjCClassInfo.
      (-[JSWrapperMap wrapperForObject:]):
          - cretae or retrieve a cached wrapper value for an object.
      (tryUnwrapObjcObject):
          - check whether a value is a wrapper object; unwrap if so.
      * API/JavaScriptCore.h:
          - Added includes for new API headers.
      * API/ObjCCallbackFunction.h: Added.
          - this class is used to wrap Objective-C instance methods, class methods & blocks as JSFunction objects.
      * API/ObjCCallbackFunction.mm: Added.
      (CallbackArgument):
      (CallbackArgument::~CallbackArgument):
      (CallbackArgumentBoolean):
      (CallbackArgumentBoolean::set):
      (CallbackArgumentInteger):
      (CallbackArgumentInteger::set):
      (CallbackArgumentDouble):
      (CallbackArgumentDouble::set):
      (CallbackArgumentJSValue):
      (CallbackArgumentJSValue::set):
      (CallbackArgumentId):
      (CallbackArgumentId::set):
      (CallbackArgumentOfClass):
      (CallbackArgumentOfClass::CallbackArgumentOfClass):
      (CallbackArgumentOfClass::~CallbackArgumentOfClass):
      (CallbackArgumentOfClass::set):
      (CallbackArgumentNSNumber):
      (CallbackArgumentNSNumber::set):
      (CallbackArgumentNSString):
      (CallbackArgumentNSString::set):
      (CallbackArgumentNSDate):
      (CallbackArgumentNSDate::set):
      (CallbackArgumentNSArray):
      (CallbackArgumentNSArray::set):
      (CallbackArgumentNSDictionary):
      (CallbackArgumentNSDictionary::set):
      (CallbackArgumentStruct):
      (CallbackArgumentStruct::CallbackArgumentStruct):
      (CallbackArgumentStruct::~CallbackArgumentStruct):
      (CallbackArgumentStruct::set):
      (CallbackArgumentBlockCallback):
      (CallbackArgumentBlockCallback::CallbackArgumentBlockCallback):
      (CallbackArgumentBlockCallback::~CallbackArgumentBlockCallback):
      (CallbackArgumentBlockCallback::set):
          - decoded arguent type information of a ObjCCallbackFunction.
      (ArgumentTypeDelegate):
      (ArgumentTypeDelegate::typeInteger):
      (ArgumentTypeDelegate::typeDouble):
      (ArgumentTypeDelegate::typeBool):
      (ArgumentTypeDelegate::typeVoid):
      (ArgumentTypeDelegate::typeId):
      (ArgumentTypeDelegate::typeOfClass):
      (ArgumentTypeDelegate::typeBlock):
      (ArgumentTypeDelegate::typeStruct):
          - delegate for use in conjunction with parseObjCType.
      (CallbackResult):
      (CallbackResult::~CallbackResult):
      (CallbackResultVoid):
      (CallbackResultVoid::get):
      (CallbackResultId):
      (CallbackResultId::get):
      (CallbackResultNumeric):
      (CallbackResultNumeric::get):
      (CallbackResultBoolean):
      (CallbackResultBoolean::get):
      (CallbackResultStruct):
      (CallbackResultStruct::CallbackResultStruct):
      (CallbackResultStruct::~CallbackResultStruct):
      (CallbackResultStruct::get):
          - decoded result type information of a ObjCCallbackFunction.
      (ResultTypeDelegate):
      (ResultTypeDelegate::typeInteger):
      (ResultTypeDelegate::typeDouble):
      (ResultTypeDelegate::typeBool):
      (ResultTypeDelegate::typeVoid):
      (ResultTypeDelegate::typeId):
      (ResultTypeDelegate::typeOfClass):
      (ResultTypeDelegate::typeBlock):
      (ResultTypeDelegate::typeStruct):
          - delegate for use in conjunction with parseObjCType.
      (ObjCCallbackFunction):
      (ObjCCallbackFunction::ObjCCallbackFunction):
      (ObjCCallbackFunction::~ObjCCallbackFunction):
          - constructor & destructor.
      (ObjCCallbackFunction::context):
          - accessor.
      (ObjCCallbackFunction::wrappedBlock):
          - attemmpt to unwrap a block object.
      (objCCallbackFunctionFinalize):
      (objCCallbackFunctionCallAsFunction):
      (objCCallbackFunctionClass):
          - JSClassRef used to represent ObjCCallbackFunction objects.
      (ObjCCallbackFunction::call):
      (blockSignatureContainsClass):
          - helper function to determine if we're running on a recent Clang.
      (skipNumber):
          - helper used in parsing signature strings.
      (objCCallbackFunctionForInvocation):
      (objCCallbackFunctionForMethod):
      (objCCallbackFunctionForBlock):
          - functions to try to create ObjCCallbackFunction instances for methods/blocks.
      (tryUnwrapBlock):
          - attemmpt to unwrap a block object.
      * API/ObjcRuntimeExtras.h: Added.
      (protocolImplementsProtocol):
      (forEachProtocolImplementingProtocol):
      (forEachMethodInClass):
      (forEachMethodInProtocol):
      (forEachPropertyInProtocol):
          - functions used in reflecting on Objective-C types.
      (skipPair):
          - parsing helper used by parseObjCType, scans for matching parentheses.
      (StringRange):
      (StringRange::StringRange):
      (StringRange::~StringRange):
      (StringRange::operator const char*):
      (StringRange::get):
          - Helper class - create a c string copy of a range of an existing string.
      (parseObjCType):
          - function to parse Objective-C type strings, makes callbacks to a deleagte.
      * API/tests/testapi.c:
      (main):
          - added call to testObjectiveCAPI (in testapi.m).
      * API/tests/testapi.m: Added.
      (+[ParentObject parentTest]):
      (+[TestObject testObject]):
      (+[TestObject classTest]):
      (-[TestObject getString]):
      (-[TestObject testArgumentTypesWithInt:double:boolean:string:number:array:dictionary:]):
      (-[TestObject callback:]):
      (-[TextXYZ test:]):
          - test object, used in various test vases.
      (checkResult):
          - helper function.
      (blockSignatureContainsClass):
          - helper function to determine if we're running on a recent Clang.
      (testObjectiveCAPI):
          - new test cases.
      * JavaScriptCore.xcodeproj/project.pbxproj:
          - added new files.
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
          - added m_apiData - provide convenient storage for use by the API.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
          - added m_apiData - provide convenient storage for use by the API.
      
      ../WTF: 
      
      * wtf/WTFThreadData.cpp:
      (WTF::WTFThreadData::WTFThreadData):
      * wtf/WTFThreadData.h:
      (WTFThreadData):
          - Added m_apiData - provide convenient storage for use by the API.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138604 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fc381887
  14. 06 Dec, 2012 1 commit
  15. 05 Dec, 2012 1 commit
    • oliver@apple.com's avatar
      Empty parse cache when receiving a low memory warning · c32e3a0e
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=104161
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      This adds a function to the globaldata to empty all code related data
      structures (code in the heap and the code cache).
      It also adds a function to allow the CodeCache to actually be cleared
      at all.
      
      * runtime/CodeCache.h:
      (CacheMap):
      (JSC::CacheMap::clear):
      (JSC::CodeCache::clear):
      (CodeCache):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::discardAllCode):
      (JSC):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      
      Source/WebCore:
      
      Use new discardAllCode() function on the global data, rather than
      directly interacting with the heap.
      
      * bindings/js/GCController.cpp:
      (WebCore::GCController::discardAllCompiledCode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136773 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c32e3a0e
  16. 04 Dec, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should be able to report profiling data associated with the IR dumps and disassembly · 4a81fa41
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=102999
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Added a new profiler to JSC. It's simply called "Profiler" in anticipation of it
      ultimately replacing the previous profiling infrastructure. This profiler counts the
      number of times that a bytecode executes in various engines, and will record both the
      counts and all disassembly and bytecode dumps, into a database that can be at any
      time turned into either a JS object using any global object or global data of your
      choice, or can be turned into a JSON string, or saved to a file.
              
      Currently the only use of this is the new '-p <file>' flag to the jsc command-line.
              
      The profiler is always compiled in and normally incurs no execution time cost, but is
      only activated when you create a Profiler::Database and install it in
      JSGlobalData::m_perBytecodeProfiler. From that point on, all code blocks will be
      compiled along with disassembly and bytecode dumps stored into the Profiler::Database,
      and all code blocks will have execution counts, which are also stored in the database.
      The database will continue to keep information about code blocks alive even after they
      are otherwise GC'd.
              
      This currently still has some glitches, like the fact that it only counts executions
      in the JITs. Doing execution counting in the LLInt might require a bit of a rethink
      about how the counting is expressed - currently it is implicit in bytecode, so there
      is no easy way to "turn it on" in the LLInt. Also, right now there is no information
      recorded about OSR exits or out-of-line stubs. But, even so, it's quite cool, and
      gives you a peek into what JSC is doing that would otherwise not be possible.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::~CodeBlock):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::baselineCodeBlock):
      (JSC):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dump):
      (DFG):
      (JSC::DFG::Disassembler::reportToProfiler):
      (JSC::DFG::Disassembler::dumpHeader):
      (JSC::DFG::Disassembler::append):
      (JSC::DFG::Disassembler::createDumpList):
      * dfg/DFGDisassembler.h:
      (Disassembler):
      (JSC::DFG::Disassembler::DumpedOp::DumpedOp):
      (DumpedOp):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGNode.h:
      (Node):
      (JSC::DFG::Node::hasExecutionCounter):
      (JSC::DFG::Node::executionCounter):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JIT):
      * jit/JITDisassembler.cpp:
      (JSC::JITDisassembler::dump):
      (JSC::JITDisassembler::reportToProfiler):
      (JSC):
      (JSC::JITDisassembler::dumpHeader):
      (JSC::JITDisassembler::firstSlowLabel):
      (JSC::JITDisassembler::dumpVectorForInstructions):
      (JSC::JITDisassembler::dumpForInstructions):
      (JSC::JITDisassembler::reportInstructions):
      * jit/JITDisassembler.h:
      (JITDisassembler):
      (DumpedOp):
      * jsc.cpp:
      (CommandLine::CommandLine):
      (CommandLine):
      (printUsageStatement):
      (CommandLine::parseArguments):
      (jscmain):
      * profiler/ProfilerBytecode.cpp: Added.
      (Profiler):
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecode.h: Added.
      (Profiler):
      (Bytecode):
      (JSC::Profiler::Bytecode::Bytecode):
      (JSC::Profiler::Bytecode::bytecodeIndex):
      (JSC::Profiler::Bytecode::description):
      (JSC::Profiler::getBytecodeIndexForBytecode):
      * profiler/ProfilerBytecodes.cpp: Added.
      (Profiler):
      (JSC::Profiler::Bytecodes::Bytecodes):
      (JSC::Profiler::Bytecodes::~Bytecodes):
      (JSC::Profiler::Bytecodes::indexForBytecodeIndex):
      (JSC::Profiler::Bytecodes::forBytecodeIndex):
      (JSC::Profiler::Bytecodes::dump):
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerBytecodes.h: Added.
      (Profiler):
      (Bytecodes):
      (JSC::Profiler::Bytecodes::append):
      (JSC::Profiler::Bytecodes::id):
      (JSC::Profiler::Bytecodes::hash):
      (JSC::Profiler::Bytecodes::size):
      (JSC::Profiler::Bytecodes::at):
      * profiler/ProfilerCompilation.cpp: Added.
      (Profiler):
      (JSC::Profiler::Compilation::Compilation):
      (JSC::Profiler::Compilation::~Compilation):
      (JSC::Profiler::Compilation::addDescription):
      (JSC::Profiler::Compilation::executionCounterFor):
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompilation.h: Added.
      (Profiler):
      (Compilation):
      (JSC::Profiler::Compilation::bytecodes):
      (JSC::Profiler::Compilation::kind):
      * profiler/ProfilerCompilationKind.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * profiler/ProfilerCompilationKind.h: Added.
      (Profiler):
      (WTF):
      * profiler/ProfilerCompiledBytecode.cpp: Added.
      (Profiler):
      (JSC::Profiler::CompiledBytecode::CompiledBytecode):
      (JSC::Profiler::CompiledBytecode::~CompiledBytecode):
      (JSC::Profiler::CompiledBytecode::toJS):
      * profiler/ProfilerCompiledBytecode.h: Added.
      (Profiler):
      (CompiledBytecode):
      (JSC::Profiler::CompiledBytecode::originStack):
      (JSC::Profiler::CompiledBytecode::description):
      * profiler/ProfilerDatabase.cpp: Added.
      (Profiler):
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::~Database):
      (JSC::Profiler::Database::addBytecodes):
      (JSC::Profiler::Database::ensureBytecodesFor):
      (JSC::Profiler::Database::notifyDestruction):
      (JSC::Profiler::Database::newCompilation):
      (JSC::Profiler::Database::toJS):
      (JSC::Profiler::Database::toJSON):
      (JSC::Profiler::Database::save):
      * profiler/ProfilerDatabase.h: Added.
      (Profiler):
      (Database):
      * profiler/ProfilerExecutionCounter.h: Added.
      (Profiler):
      (ExecutionCounter):
      (JSC::Profiler::ExecutionCounter::ExecutionCounter):
      (JSC::Profiler::ExecutionCounter::address):
      (JSC::Profiler::ExecutionCounter::count):
      * profiler/ProfilerOrigin.cpp: Added.
      (Profiler):
      (JSC::Profiler::Origin::Origin):
      (JSC::Profiler::Origin::dump):
      (JSC::Profiler::Origin::toJS):
      * profiler/ProfilerOrigin.h: Added.
      (JSC):
      (Profiler):
      (Origin):
      (JSC::Profiler::Origin::Origin):
      (JSC::Profiler::Origin::operator!):
      (JSC::Profiler::Origin::bytecodes):
      (JSC::Profiler::Origin::bytecodeIndex):
      (JSC::Profiler::Origin::operator!=):
      (JSC::Profiler::Origin::operator==):
      (JSC::Profiler::Origin::hash):
      (JSC::Profiler::Origin::isHashTableDeletedValue):
      (JSC::Profiler::OriginHash::hash):
      (JSC::Profiler::OriginHash::equal):
      (OriginHash):
      (WTF):
      * profiler/ProfilerOriginStack.cpp: Added.
      (Profiler):
      (JSC::Profiler::OriginStack::OriginStack):
      (JSC::Profiler::OriginStack::~OriginStack):
      (JSC::Profiler::OriginStack::append):
      (JSC::Profiler::OriginStack::operator==):
      (JSC::Profiler::OriginStack::hash):
      (JSC::Profiler::OriginStack::dump):
      (JSC::Profiler::OriginStack::toJS):
      * profiler/ProfilerOriginStack.h: Added.
      (JSC):
      (Profiler):
      (OriginStack):
      (JSC::Profiler::OriginStack::OriginStack):
      (JSC::Profiler::OriginStack::operator!):
      (JSC::Profiler::OriginStack::size):
      (JSC::Profiler::OriginStack::fromBottom):
      (JSC::Profiler::OriginStack::fromTop):
      (JSC::Profiler::OriginStack::isHashTableDeletedValue):
      (JSC::Profiler::OriginStackHash::hash):
      (JSC::Profiler::OriginStackHash::equal):
      (OriginStackHash):
      (WTF):
      * runtime/CommonIdentifiers.h:
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/Options.h:
      (JSC):
      
      Source/WTF: 
      
      Made some minor changes to support the new profiler. FileOutputStream now has an
      open() method, and DataLog uses it. StringPrintStream has a reset() method, which
      allows you to reuse the same StringPrintStream for creating multiple strings.
      SegmentedVector now has a const operator[]. And, WTFString now can do fromUTF8() on
      a CString directly.
      
      * wtf/DataLog.cpp:
      (WTF::initializeLogFileOnce):
      * wtf/FilePrintStream.cpp:
      (WTF::FilePrintStream::open):
      (WTF):
      * wtf/FilePrintStream.h:
      * wtf/SegmentedVector.h:
      (WTF::SegmentedVector::at):
      (SegmentedVector):
      (WTF::SegmentedVector::operator[]):
      * wtf/StringPrintStream.cpp:
      (WTF::StringPrintStream::reset):
      (WTF):
      * wtf/StringPrintStream.h:
      (StringPrintStream):
      * wtf/text/WTFString.cpp:
      (WTF::String::fromUTF8):
      (WTF):
      * wtf/text/WTFString.h:
      (String):
      
      Tools: 
      
      Added a tool that allows you to grok the output from JSC's new profiler. Currently,
      this still gets confused a bit about the execution counts of a method running
      standalone versus a method running inlined, but other than that, it's pretty cool.
      See the attached "sampling profiling session" attached to the bug to see it in
      action.
              
      Also had to feed EFL's build system.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      * Scripts/display-profiler-output: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136601 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4a81fa41
  17. 21 Nov, 2012 1 commit
    • fpizlo@apple.com's avatar
      Rename dataLog() and dataLogV() to dataLogF() and dataLogFV() · 01902c80
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=103001
      
      Rubber stamped by Dan Bernstein.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      (JSC::LinkBuffer::dumpLinkStatistics):
      (JSC::LinkBuffer::dumpCode):
      * assembler/LinkBuffer.h:
      (JSC):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::vprintfStdoutInstr):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
      (JSC::CodeBlock::printUnaryOp):
      (JSC::CodeBlock::printBinaryOp):
      (JSC::CodeBlock::printConditionalJump):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::dumpStructure):
      (JSC::dumpChain):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::printPutByIdOp):
      (JSC::CodeBlock::printStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::dumpStatistics):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::resetStubInternal):
      (JSC::CodeBlock::reoptimize):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::CodeBlock::shouldOptimizeNow):
      (JSC::CodeBlock::tallyFrequentExitSites):
      (JSC::CodeBlock::dumpValueProfiles):
      * bytecode/Opcode.cpp:
      (JSC::OpcodeStats::~OpcodeStats):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingFlags::stop):
      (JSC::SamplingRegion::dumpInternal):
      (JSC::SamplingTool::dump):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::endBasicBlock):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::dump):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      (JSC::DFG::CFAPhase::performForwardCFA):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::endIndexForPureCSE):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::eliminate):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::debugFail):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dump):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixDoubleEdge):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::printWhiteSpace):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (JSC::DFG::Phase::beginPhase):
      * dfg/DFGPhase.h:
      (JSC::DFG::runAndLog):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::propagateForward):
      (JSC::DFG::PredictionPropagationPhase::propagateBackward):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGRegisterBank.h:
      (JSC::DFG::RegisterBank::dump):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::use):
      (JSC::DFG::ScoreBoard::dump):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::generate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
      (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
      (JSC::DFG::SpeculativeJIT::dump):
      (JSC::DFG::SpeculativeJIT::checkConsistency):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGValidate.cpp:
      (Validate):
      (JSC::DFG::Validate::reportValidationContext):
      (JSC::DFG::Validate::dumpData):
      (JSC::DFG::Validate::dumpGraphIfAppropriate):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::logEvent):
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * heap/Heap.cpp:
      * heap/HeapStatistics.cpp:
      (JSC::HeapStatistics::logStatistics):
      (JSC::HeapStatistics::showObjectStatistics):
      * heap/MarkStack.h:
      * heap/MarkedBlock.h:
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::validate):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::dumpCaller):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITDisassembler.cpp:
      (JSC::JITDisassembler::dump):
      (JSC::JITDisassembler::dumpForInstructions):
      * jit/JITStubRoutine.h:
      (JSC):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JumpReplacementWatchpoint.cpp:
      (JSC::JumpReplacementWatchpoint::fireInternal):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      * profiler/Profile.cpp:
      (JSC::Profile::debugPrintData):
      (JSC::Profile::debugPrintDataSampleStyle):
      * profiler/ProfileNode.cpp:
      (JSC::ProfileNode::debugPrintData):
      (JSC::ProfileNode::debugPrintDataSampleStyle):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::dumpRegExpTrace):
      * runtime/RegExp.cpp:
      (JSC::RegExp::matchCompareWithInterpreter):
      * runtime/SamplingCounter.cpp:
      (JSC::AbstractSamplingCounter::dump):
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::report):
      * tools/ProfileTreeNode.h:
      (JSC::ProfileTreeNode::dumpInternal):
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::ByteCompiler::dumpDisjunction):
      
      Source/WebCore: 
      
      No change in behavior, so no new tests.
      
      * platform/KURLWTFURL.cpp:
      (WebCore::KURL::print):
      
      Source/WTF: 
      
      * wtf/DataLog.cpp:
      (WTF::dataLogFV):
      (WTF::dataLogF):
      (WTF::dataLogFString):
      * wtf/DataLog.h:
      (WTF):
      * wtf/HashTable.cpp:
      (WTF::HashTableStats::dumpStats):
      * wtf/HashTable.h:
      (WTF::HashTable::Stats::dumpStats):
      * wtf/MetaAllocator.cpp:
      (WTF::MetaAllocator::dumpProfile):
      * wtf/StackStats.cpp:
      (WTF::StackStats::initialize):
      (WTF::StackStats::PerThreadStats::PerThreadStats):
      (WTF::StackStats::CheckPoint::CheckPoint):
      (WTF::StackStats::CheckPoint::~CheckPoint):
      (WTF::StackStats::probe):
      (WTF::StackStats::LayoutCheckPoint::LayoutCheckPoint):
      * wtf/text/WTFString.cpp:
      (String::show):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@135469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      01902c80
  18. 06 Nov, 2012 1 commit
    • oliver@apple.com's avatar
      Reduce parser overhead in JSC · f0c01b8e
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101127
      
      Reviewed by Filip Pizlo.
      
      An exciting journey into the world of architecture in which our hero
      adds yet another layer to JSC codegeneration.
      
      This patch adds a marginally more compact form of bytecode that is
      free from any data specific to a given execution context, and that
      does store any data structures necessary for execution.  To actually
      execute this UnlinkedBytecode we still need to instantiate a real
      CodeBlock, but this is a much faster linear time operation than any
      of the earlier parsing or code generation passes.
      
      As the unlinked code is context free we can then simply use a cache
      from source to unlinked code mapping to completely avoid all of the
      old parser overhead.  The cache is currently very simple and memory
      heavy, using the complete source text as a key (rather than SourceCode
      or equivalent), and a random eviction policy.
      
      This seems to produce a substantial win when loading identical content
      in different contexts.
      
      * API/tests/testapi.c:
      (main):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
          Moved a number of fields, and a bunch of logic to UnlinkedCodeBlock.h/cpp
      * bytecode/Opcode.h:
          Added a global const init no op instruction needed to get correct
          behaviour without any associated semantics.
      * bytecode/UnlinkedCodeBlock.cpp: Added.
      * bytecode/UnlinkedCodeBlock.h: Added.
          A fairly shallow, GC allocated version of the old CodeBlock
          classes with a 32bit instruction size, and just metadata
          size tracking.
      * bytecompiler/BytecodeGenerator.cpp:
      * bytecompiler/BytecodeGenerator.h:
          Replace direct access to m_symbolTable with access through
          symbolTable().  ProgramCode no longer has a symbol table at
          all so some previously unconditional (and pointless) uses
          of symbolTable get null checks.
          A few other changes to deal with type changes due to us generating
          unlinked code (eg. pointer free, so profile indices rather than
          pointers).
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCapabilities.h:
          Support global_init_nop
      * interpreter/Interpreter.cpp:
          Now get the ProgramExecutable to initialise new global properties
          before starting execution.
      * jit/JIT.cpp:
      * jit/JITDriver.h:
      * jit/JITStubs.cpp:
      * llint/LLIntData.cpp:
      * llint/LLIntSlowPaths.cpp:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
          Adding init_global_const_nop everywhere else
      * parser/Parser.h:
      * parser/ParserModes.h: Added.
      * parser/ParserTokens.h:
          Parser no longer needs a global object or callframe to function
      * runtime/CodeCache.cpp: Added.
      * runtime/CodeCache.h: Added.
          A simple, random eviction, Source->UnlinkedCode cache
      * runtime/Executable.cpp:
      * runtime/Executable.h:
          Executables now reference their unlinked counterparts, and
          request code specifically for the target global object.
      * runtime/JSGlobalData.cpp:
      * runtime/JSGlobalData.h:
          GlobalData now owns a CodeCache and a set of new structures
          for the unlinked code types.
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
          Utility functions used by executables to perform compilation
      
      * runtime/JSType.h:
        Add new JSTypes for unlinked code
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133688 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f0c01b8e
  19. 05 Nov, 2012 1 commit
    • fpizlo@apple.com's avatar
      Reduce the verbosity of referring to QNaN in JavaScriptCore · 3494d02f
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101174
      
      Reviewed by Geoffrey Garen.
      
      Introduces a #define QNaN in JSValue.h, and replaces all previous uses of
      std::numeric_limits<double>::quiet_NaN() with QNaN.
      
      * API/JSValueRef.cpp:
      (JSValueMakeNumber):
      (JSValueToNumber):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      * runtime/CachedTranscendentalFunction.h:
      (JSC::CachedTranscendentalFunction::initialize):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateInstanceCache.h:
      (JSC::DateInstanceData::DateInstanceData):
      (JSC::DateInstanceCache::reset):
      * runtime/ExceptionHelpers.cpp:
      (JSC::InterruptedExecutionError::defaultValue):
      (JSC::TerminatedExecutionError::defaultValue):
      * runtime/JSCell.h:
      (JSC::JSValue::getPrimitiveNumber):
      * runtime/JSDateMath.cpp:
      (JSC::parseDateFromNullTerminatedCharacters):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::resetDateCache):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::parseInt):
      (JSC::jsStrDecimalLiteral):
      (JSC::toDouble):
      (JSC::jsToNumber):
      (JSC::parseFloat):
      * runtime/JSValue.cpp:
      (JSC::JSValue::toNumberSlowCase):
      * runtime/JSValue.h:
      (JSC):
      * runtime/JSValueInlineMethods.h:
      (JSC::jsNaN):
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax):
      (JSC::mathProtoFuncMin):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133493 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3494d02f
  20. 23 Oct, 2012 1 commit
    • mark.lam@apple.com's avatar
      Make topCallFrame reliable. · 05ed9845
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98928.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      - VM entry points and the GC now uses topCallFrame.
      - The callerFrame value in CallFrames are now always the previous
        frame on the stack, except for the first frame which has a
        callerFrame of 0 (not counting the HostCallFrameFlag).
        Hence, we can now traverse every frame on the stack all the way
        back to the first frame.
      - GlobalExec's will no longer be used as the callerFrame values in
        call frames.
      - Added fences and traps for debugging the JSStack in debug builds.
      
      * bytecode/SamplingTool.h:
      (SamplingTool):
      (JSC::SamplingTool::CallRecord::CallRecord):
      * dfg/DFGOperations.cpp:
      - Fixed 2 DFG helper functions to flush topCallFrame as expected.
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
      * interpreter/CallFrame.h:
      (JSC::ExecState::callerFrameNoFlags):
      (ExecState):
      (JSC::ExecState::argIndexForRegister):
      (JSC::ExecState::getArgumentUnsafe):
      * interpreter/CallFrameClosure.h:
      (CallFrameClosure):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::eval):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::endRepeatCall):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      (JSC::JSStack::gatherConservativeRoots):
      (JSC::JSStack::disableErrorStackReserve):
      * interpreter/JSStack.h:
      (JSC):
      (JSStack):
      (JSC::JSStack::installFence):
      (JSC::JSStack::validateFence):
      (JSC::JSStack::installTrapsAfterFrame):
      * interpreter/JSStackInlines.h: Added.
      (JSC):
      (JSC::JSStack::getTopOfFrame):
      (JSC::JSStack::getTopOfStack):
      (JSC::JSStack::getStartOfFrame):
      (JSC::JSStack::pushFrame):
      (JSC::JSStack::popFrame):
      (JSC::JSStack::generateFenceValue):
      (JSC::JSStack::installFence):
      (JSC::JSStack::validateFence):
      (JSC::JSStack::installTrapsAfterFrame):
      * jit/JITStubs.cpp:
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      - Set frame->codeBlock to 0 for both the above because they are called
        with partially intitialized frames (cb uninitialized), but may
        trigger a GC.
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      
      LayoutTests: 
      
      - Re-baseline some tests to match the new stack dump results.
      
      * http/tests/inspector/console-resource-errors-expected.txt:
      * http/tests/inspector/stacktraces/csp-injected-content-warning-contains-stacktrace-expected.txt:
      * http/tests/inspector/stacktraces/csp-inline-warning-contains-stacktrace-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@132182 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      05ed9845
  21. 22 Oct, 2012 1 commit
    • mark.lam@apple.com's avatar
      Change stack recursion checks to be based on stack availability. · 8b97fde5
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=99872.
      
      Reviewed by Filip Pizlo and Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      - Remove m_reentryDepth, ThreadStackType which are now obsolete.
      - Replaced the reentryDepth checks with a StackBounds check.
      - Added the Interpreter::StackPolicy class to compute a reasonable
        stack capacity requirement given the native stack that the
        interpreter is executing on at that time.
      - Reserved an amount of JSStack space for the use of error handling
        and enable its use (using Interpreter::ErrorHandlingMode) when
        we're about to throw or report an exception.
      - Interpreter::StackPolicy also allows more native stack space
        to be used when in ErrorHandlingMode. This is needed in the case
        of native stack overflows.
      - Fixed the parser so that it throws a StackOverflowError instead of
        a SyntaxError when it encounters a stack overflow.
      
      * API/JSContextRef.cpp:
      (JSContextGroupCreate):
      (JSGlobalContextCreateInGroup):
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode):
      (JSC):
      (JSC::Interpreter::ErrorHandlingMode::~ErrorHandlingMode):
      (JSC::Interpreter::StackPolicy::StackPolicy):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (ErrorHandlingMode):
      (StackPolicy):
      (JSC::Interpreter::StackPolicy::requiredCapacity):
      * interpreter/JSStack.cpp:
      (JSC):
      (JSC::JSStack::JSStack):
      (JSC::JSStack::growSlowCase):
      (JSC::JSStack::enableErrorStackReserve):
      (JSC::JSStack::disableErrorStackReserve):
      * interpreter/JSStack.h:
      (JSStack):
      (JSC::JSStack::reservationEnd):
      (JSC):
      * jsc.cpp:
      (jscmain):
      * parser/Parser.cpp:
      (JSC::::Parser):
      * parser/Parser.h:
      (Parser):
      (JSC::::parse):
      * runtime/ExceptionHelpers.cpp:
      (JSC::throwStackOverflowError):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::createContextGroup):
      (JSC::JSGlobalData::create):
      (JSC::JSGlobalData::createLeaked):
      (JSC::JSGlobalData::sharedInstance):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      * testRegExp.cpp:
      (realMain):
      
      Source/WebCore: 
      
      Removed the use of ThreadStackType. Enabled the reserved JSStack space
      for error processing before doing work in reportException().
      
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::reportException):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::commonJSGlobalData):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::WorkerScriptController):
      
      LayoutTests: 
      
      Updated test baseline.
      
      * fast/js/global-recursion-on-full-stack-expected.txt:
      * fast/xmlhttprequest/xmlhttprequest-recursive-sync-event-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@132143 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8b97fde5
  22. 27 Sep, 2012 1 commit
  23. 24 Sep, 2012 1 commit
    • mark.lam@apple.com's avatar
      Deleting the classic interpreter and cleaning up some build options. · 74a9e837
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96969.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (AbstractPC):
      * interpreter/CallFrame.h:
      (ExecState):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getLineNumberForCallFrame):
      (JSC::getCallerInfo):
      (JSC::getSourceURLFromCallFrame):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      (JSC::Interpreter::retrieveCallerFromVMCode):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC::Interpreter::getOpcodeID):
      (Interpreter):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
      * offlineasm/asm.rb:
      * offlineasm/offsets.rb:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::NativeExecutable::create):
      (NativeExecutable):
      (JSC::NativeExecutable::finishCreation):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::getHostFunction):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      (JSC::JSGlobalData::canUseJIT):
      (JSC::JSGlobalData::canUseRegExpJIT):
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      
      Source/WebKit/blackberry: 
      
      * WebCoreSupport/AboutDataEnableFeatures.in:
      
      Source/WTF: 
      
      * wtf/OSAllocatorPosix.cpp:
      (WTF::OSAllocator::reserveAndCommit):
      * wtf/Platform.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129453 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      74a9e837
  24. 14 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      All of the things in SparseArrayValueMap should be out-of-line · 9cedb5d0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96854
      
      Reviewed by Andy Estes.
      
      Those inline methods were buying us nothing.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSArray.cpp:
      * runtime/JSGlobalData.cpp:
      * runtime/JSObject.cpp:
      * runtime/RegExpMatchesArray.cpp:
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC):
      (JSC::SparseArrayValueMap::~SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::destroy):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::get):
      (JSC::SparseArrayEntry::getNonSparseMode):
      (JSC::SparseArrayValueMap::visitChildren):
      * runtime/SparseArrayValueMapInlineMethods.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128680 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9cedb5d0
  25. 13 Sep, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Rename forEachCell to forEachLiveCell · 4930320c
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96685
      
      Reviewed by Oliver Hunt.
      
      forEachCell actually only iterates over live cells. We should rename it to 
      reflect what it actually does. This is also helpful because we want to add a new 
      forEachCell that actually does iterate each and every cell in a MarkedBlock 
      regardless of whether or not it is live.
      
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      * heap/Heap.cpp:
      (JSC::Heap::globalObjectCount):
      (JSC::Heap::objectTypeCounts):
      * heap/MarkedBlock.h:
      (MarkedBlock):
      (JSC::MarkedBlock::forEachLiveCell):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::forEachLiveCell):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::releaseExecutableMemory):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128498 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4930320c
  26. 12 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should have property butterflies · d8dd0535
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91933
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      This changes the JSC object model. Previously, all objects had fast lookup for
      named properties. Integer indexed properties were only fast if you used a
      JSArray. With this change, all objects have fast indexed properties. This is
      accomplished without any space overhead by using a bidirectional object layout,
      aka butterflies. Each JSObject has a m_butterfly pointer where previously it
      had a m_outOfLineStorage pointer. To the left of the location pointed to by
      m_butterfly, we place all named out-of-line properties. To the right, we place
      all indexed properties along with indexing meta-data. Though, some indexing
      meta-data is placed in the 8-byte word immediately left of the pointed-to
      location; this is in anticipation of the indexing meta-data being small enough
      in the common case that m_butterfly always points to the first indexed
      property.
              
      This is performance neutral, except on tests that use indexed properties on
      plain objects, where the speed-up is in excess of an order of magnitude.
              
      One notable aspect of what this change brings is that it allows indexing
      storage to morph over time. Currently this is only used to allow all non-array
      objects to start out without any indexed storage. But it could be used for
      some kinds of array type inference in the future.
      
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlotByIndex):
      (JSC):
      (JSC::::getOwnNonIndexPropertyNames):
      * API/JSObjectRef.cpp:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitDirectPutById):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (AdjacencyList):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::modeSupportsLength):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::addNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryBuildPutByIdList):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateBasicStorage):
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Arguments.cpp:
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::defineOwnProperty):
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConventions.h: Added.
      (JSC):
      (JSC::isDenseEnoughForVector):
      (JSC::indexingHeaderForArray):
      (JSC::baseIndexingHeaderForArray):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::create):
      (JSC):
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      (JSC::ArrayPrototype::createStructure):
      * runtime/ArrayStorage.h: Added.
      (JSC):
      (ArrayStorage):
      (JSC::ArrayStorage::ArrayStorage):
      (JSC::ArrayStorage::from):
      (JSC::ArrayStorage::butterfly):
      (JSC::ArrayStorage::indexingHeader):
      (JSC::ArrayStorage::length):
      (JSC::ArrayStorage::setLength):
      (JSC::ArrayStorage::vectorLength):
      (JSC::ArrayStorage::setVectorLength):
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (JSC::ArrayStorage::inSparseMode):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::vectorLengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSC::ArrayStorage::indexBiasOffset):
      (JSC::ArrayStorage::sparseMapOffset):
      (JSC::ArrayStorage::sizeFor):
      * runtime/Butterfly.h: Added.
      (JSC):
      (Butterfly):
      (JSC::Butterfly::Butterfly):
      (JSC::Butterfly::totalSize):
      (JSC::Butterfly::fromBase):
      (JSC::Butterfly::offsetOfIndexingHeader):
      (JSC::Butterfly::offsetOfPublicLength):
      (JSC::Butterfly::offsetOfVectorLength):
      (JSC::Butterfly::indexingHeader):
      (JSC::Butterfly::propertyStorage):
      (JSC::Butterfly::indexingPayload):
      (JSC::Butterfly::arrayStorage):
      (JSC::Butterfly::offsetOfPropertyStorage):
      (JSC::Butterfly::indexOfPropertyStorage):
      (JSC::Butterfly::base):
      * runtime/ButterflyInlineMethods.h: Added.
      (JSC):
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::createUninitializedDuringCollection):
      (JSC::Butterfly::base):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/ClassInfo.h:
      (MethodTable):
      (JSC):
      * runtime/IndexingHeader.h: Added.
      (JSC):
      (IndexingHeader):
      (JSC::IndexingHeader::offsetOfIndexingHeader):
      (JSC::IndexingHeader::offsetOfPublicLength):
      (JSC::IndexingHeader::offsetOfVectorLength):
      (JSC::IndexingHeader::IndexingHeader):
      (JSC::IndexingHeader::vectorLength):
      (JSC::IndexingHeader::setVectorLength):
      (JSC::IndexingHeader::publicLength):
      (JSC::IndexingHeader::setPublicLength):
      (JSC::IndexingHeader::from):
      (JSC::IndexingHeader::fromEndOf):
      (JSC::IndexingHeader::propertyStorage):
      (JSC::IndexingHeader::arrayStorage):
      (JSC::IndexingHeader::butterfly):
      * runtime/IndexingHeaderInlineMethods.h: Added.
      (JSC):
      (JSC::IndexingHeader::preCapacity):
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.h: Added.
      (JSC):
      (JSC::hasIndexingHeader):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::getOwnNonIndexPropertyNames):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::getOwnNonIndexPropertyNames):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      (JSC::JSArray::JSArray):
      (JSC::JSArray::length):
      (JSC::JSArray::createStructure):
      (JSC::JSArray::isLengthWritable):
      (JSC::createArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnNonIndexPropertyNames):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC):
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::fillGetterPropertySlot):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::deallocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      (JSC::JSObject::getOwnPropertySlotSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSObject):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::butterfly):
      (JSC::JSObject::outOfLineStorage):
      (JSC::JSObject::offsetForLocation):
      (JSC::JSObject::indexingShouldBeSparse):
      (JSC::JSObject::butterflyOffset):
      (JSC::JSObject::butterflyAddress):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrZero):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::setButterflyWithoutChangingStructure):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::offsetInButterfly):
      (JSC::offsetRelativeToPatchedStorage):
      (JSC::indexRelativeToBase):
      (JSC::offsetRelativeToBase):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/JSTypeInfo.h:
      (JSC):
      (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero):
      (JSC::TypeInfo::overridesGetPropertyNames):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyOffset.h:
      (JSC::offsetInOutOfLineStorage):
      * runtime/PropertyStorage.h: Added.
      (JSC):
      * runtime/PutDirectIndexMode.h: Added.
      (JSC):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnNonIndexPropertyNames):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/Reject.h: Added.
      (JSC):
      (JSC::reject):
      * runtime/SparseArrayValueMap.cpp: Added.
      (JSC):
      * runtime/SparseArrayValueMap.h: Added.
      (JSC):
      (SparseArrayEntry):
      (JSC::SparseArrayEntry::SparseArrayEntry):
      (SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
      * runtime/SparseArrayValueMapInlineMethods.h: Added.
      (JSC):
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::~SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::destroy):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::get):
      (JSC::SparseArrayEntry::getNonSparseMode):
      (JSC::SparseArrayValueMap::visitChildren):
      * runtime/StorageBarrier.h: Removed.
      * runtime/StringObject.cpp:
      (JSC::StringObject::putByIndex):
      (JSC):
      (JSC::StringObject::deletePropertyByIndex):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::nonPropertyTransition):
      (JSC):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::indexingType):
      (JSC::Structure::indexingTypeIncludingHistory):
      (JSC::Structure::indexingTypeOffset):
      (JSC::Structure::create):
      * runtime/StructureTransitionTable.h:
      (JSC):
      (JSC::toAttributes):
      (JSC::newIndexingType):
      (JSC::StructureTransitionTable::Hash::hash):
      * tests/mozilla/js1_6/Array/regress-304828.js:
      
      Source/WebCore: 
      
      Teach the DOM that to intercept get/put on indexed properties, you now have
      to override getOwnPropertySlotByIndex and putByIndex.
      
      No new tests because no new behavior. One test was rebased because indexed
      property iteration order now matches other engines (indexed properties always
      come first).
      
      * bindings/js/ArrayValue.cpp:
      (WebCore::ArrayValue::get):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindow::putByIndex):
      (WebCore::JSDOMWindow::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindowShell::putByIndex):
      (WebCore::JSDOMWindowShell::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSWebSocketCustom.cpp:
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::serialize):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      
      LayoutTests: 
      
      Modify the JSON test to indicate that iterating over properties now returns
      indexed properties first. This is a behavior change that makes us more
      compliant with other implementations.
              
      Also check in new expected file for the edge cases of indexed property access
      with prototype accessors. This changeset introduces a known regression in that
      department, which is tracked here: https://bugs.webkit.org/show_bug.cgi?id=96596
      
      * fast/js/resources/JSON-stringify.js:
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d8dd0535
  27. 06 Sep, 2012 1 commit
  28. 04 Sep, 2012 2 commits
    • commit-queue@webkit.org's avatar
      Allow the YarrJIT to use the assembler even when useJIT() is false. · 2793046c
      commit-queue@webkit.org authored
      Introduce the useYarrJIT() option.
      https://bugs.webkit.org/show_bug.cgi?id=95809.
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-09-04
      Reviewed by Geoffrey Garen.
      
      * runtime/JSGlobalData.cpp:
      (JSC::enableAssembler):
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      * runtime/Options.h:
      (JSC):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127554 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2793046c
    • benjamin@webkit.org's avatar
      Improve JSC use of Strings after the UString->String change · 762e2c65
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95633
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-09-04
      Reviewed by Geoffrey Garen.
      
      This patch improve the use of strings in the JSC runtime.
      
      The initialization of Identifier is left for future patches.
      
      The improvements are the following:
      -5% faster to raise one of the modified exception.
      -3 times faster to execute Boolean::toString()
      
      Most of the changes are just about using the new methods
      for string literals.
      
      With the changes, the binary on x86_64 gets 176 bytes smaller.
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      * bytecode/CodeBlock.cpp:
      (JSC::valueToSourceString):
      (JSC::CodeBlock::nameForRegister):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::addStackTraceIfNecessary):
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
      * runtime/ArrayPrototype.cpp:
      (JSC::shift):
      (JSC::unshift):
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncReverse):
      * runtime/BooleanPrototype.cpp:
      (JSC::booleanProtoFuncToString): Instead of instanciating new strings, reuse the
      keywords available in SmallStrings. Avoiding the creation of the JSString and StringImpl
      makes the method significantly faster.
      
      * runtime/DateConversion.cpp:
      (JSC::formatDateTime):
      * runtime/DatePrototype.cpp:
      (JSC::formatLocaleDate):
      (JSC::formateDateInstance):
      (JSC::dateProtoFuncToISOString):
      Change the way we use snprintf() for clarity and performance.
      
      Instead of allocating one extra byte to put a zero "just in case", we use the size returned
      by snprintf().
      To prevent any overflow from a programming mistake, we explicitely test for overflow and
      return an empty string.
      
      (JSC::dateProtoFuncToJSON):
      * runtime/Error.cpp:
      (JSC::createNotEnoughArgumentsError):
      (JSC::throwTypeError):
      (JSC::throwSyntaxError):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::finishCreation):
      (JSC::errorProtoFuncToString):
      Using a null String is correct because (8) uses jsString(), (9) tests for a length of 0.
      
      * runtime/ExceptionHelpers.cpp:
      (JSC::InterruptedExecutionError::defaultValue):
      (JSC::TerminatedExecutionError::defaultValue):
      (JSC::createStackOverflowError):
      (JSC::createOutOfMemoryError):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::FunctionExecutable::paramString):
      * runtime/FunctionConstructor.cpp:
      (JSC::constructFunction):
      (JSC::constructFunctionSkippingEvalEnabledCheck):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      Using a null String for the name is correct because InternalFunction uses jsString()
      to create the name value.
      
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      There is no need to create an empty string for a null string, jsString() handle both
      cases as empty JSString.
      
      * runtime/JSArray.cpp:
      (JSC::reject):
      (JSC::SparseArrayValueMap::put):
      (JSC::JSArray::put):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::putDirectIndexBeyondVectorLength):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation): Same issue as InternalFunction::finishCreation.
      
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSGlobalData.cpp:
      (JSC::enableAssembler): Use CFSTR() instead of CFStringCreateWithCString().
      CFStringCreateWithCString() copy the content and may choose to decode the data.
      CFSTR() is much more efficient.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      JSFunction uses jsString() to create the name, we can use null strings instead
      of creating empty strings.
      
      (JSC::JSGlobalObject::createThrowTypeError): ditto.
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::encode):
      (JSC::decode):
      (JSC::globalFuncEval):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::defaultValue):
      (JSC::JSObject::hasInstance):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSString.cpp:
      Return an empty JSString to avoid the creation of a temporary empty String.
      
      (JSC::JSRopeString::getIndexSlowCase):
      * runtime/JSString.h:
      (JSC): Remove the versions of jsNontrivialString() taking a char*. All the callers
      have been replaced by calls using ASCIILiteral.
      
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/LiteralParser.cpp:
      (JSC::::Lexer::lex):
      (JSC::::Lexer::lexString):
      (JSC::::Lexer::lexNumber):
      (JSC::::parse):
      * runtime/LiteralParser.h:
      (JSC::LiteralParser::getErrorMessage):
      * runtime/NumberPrototype.cpp:
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetPrototypeOf):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorGetOwnPropertyNames):
      (JSC::objectConstructorKeys):
      (JSC::toPropertyDescriptor):
      (JSC::objectConstructorDefineProperty):
      (JSC::objectConstructorDefineProperties):
      (JSC::objectConstructorCreate):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      (JSC::objectConstructorIsExtensible):
      * runtime/ObjectPrototype.cpp:
      (JSC::objectProtoFuncDefineGetter):
      (JSC::objectProtoFuncDefineSetter):
      (JSC::objectProtoFuncToString):
      * runtime/RegExpConstructor.cpp:
      (JSC::constructRegExp):
      * runtime/RegExpObject.cpp:
      (JSC::reject):
      (JSC::regExpObjectSource):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/StringObject.cpp:
      (JSC::StringObject::defineOwnProperty):
      * runtime/StringPrototype.cpp:
      (JSC::jsSpliceSubstrings):
      (JSC::jsSpliceSubstringsWithSeparators):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127505 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      762e2c65
  29. 31 Aug, 2012 4 commits
    • ggaren@apple.com's avatar
      Rolled back in a piece of <http://trac.webkit.org/changeset/127293>. · a62184de
      ggaren@apple.com authored
          Shrink activation objects by half
          https://bugs.webkit.org/show_bug.cgi?id=95591
      
          Reviewed by Sam Weinig.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::JSWithScope):
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127348 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a62184de
    • ggaren@apple.com's avatar
      Rolled back in a piece of <http://trac.webkit.org/changeset/127293>. · 70aed69e
      ggaren@apple.com authored
          Shrink activation objects by half
          https://bugs.webkit.org/show_bug.cgi?id=95591
      
          Reviewed by Sam Weinig.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve_global_dynamic):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::withScopeStructure):
      (JSC::JSGlobalObject::strictEvalActivationStructure):
      (JSC::JSGlobalObject::activationStructure):
      (JSC::JSGlobalObject::nameScopeStructure):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127345 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      70aed69e
    • ggaren@apple.com's avatar
      Not reviewed. · 1929b299
      ggaren@apple.com authored
      Rolled out http://trac.webkit.org/changeset/127293 because it broke
      inspector tests on Windows.
      
          Shrink activation objects by half
          https://bugs.webkit.org/show_bug.cgi?id=95591
      
          Reviewed by Sam Weinig.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127304 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1929b299
    • ggaren@apple.com's avatar
      Shrink activation objects by half · 0b44fca6
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95591
      
      Reviewed by Sam Weinig.
      
      Removed the global object, global data, and global this pointers from
      JSScope, and changed an int to a bitfield. This gets the JSActivation
      class down to 64 bytes, which in practice cuts it in half by getting it
      out of the 128 byte size class.
      
      Now, it's one extra indirection to get these pointers. These pointers
      aren't accessed by JIT code, so I thought there would be no cost to the
      extra indirection. However, some C++-heavy SunSpider tests regressed a
      bit in an early version of the patch, which added even more indirection.
      This suggests that calls to exec->globalData() and/or exec->lexicalGlobalObject()
      are common and probably duplicated in lots of places, and could stand
      further optimization in C++.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute): Test against the specific activation
      for our global object, since there's no VM-shared activation structure
      anymore. This is guaranteed to have the same success rate as the old test
      because activation scope is fixed at compile time.
      
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::globalData):
      * heap/WeakSet.cpp:
      (JSC::WeakSet::addAllocator):
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::WeakSet):
      (JSC::WeakSet::globalData): Store a JSGlobalData* instead of a Heap*
      because JSGlobalData->Heap is just a constant fold in the addressing
      mode, while Heap->JSGlobalData is an extra pointer dereference. (These
      objects should eventually just merge.)
      
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve_global_dynamic): See DFGAbstractState.cpp.
      
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Load the activation structure from
      the code block instead of the global data because the structure is not
      VM-shared anymore. (See DFGAbstractState.cpp.)
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      * runtime/JSActivation.h:
      (JSActivation): This is the point of the patch: Remove the data.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData): No longer VM-shared. (See DFGAbstractState.cpp.)
      
      (JSC::WeakSet::heap): (See WeakSet.h.)
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::setGlobalThis):
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::withScopeStructure):
      (JSC::JSGlobalObject::strictEvalActivationStructure):
      (JSC::JSGlobalObject::activationStructure):
      (JSC::JSGlobalObject::nameScopeStructure):
      (JSC::JSScope::globalThis):
      (JSC::JSGlobalObject::globalThis): Data that used to be in the JSScope
      class goes here now, so it's not duplicated across all activations.
      
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSScope.cpp:
      (JSC::JSScope::visitChildren): This is the point of the patch: Remove the data.
      
      * runtime/JSScope.h:
      (JSScope):
      (JSC::JSScope::JSScope):
      (JSC::JSScope::globalObject):
      (JSC::JSScope::globalData):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::JSWithScope):
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation): Simplified now that
      we don't need to pass so much data to JSScope.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127293 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0b44fca6
  30. 30 Aug, 2012 3 commits
    • ggaren@apple.com's avatar
      Use one object instead of two for closures, eliminating ScopeChainNode · b11e7874
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95501
      
      Reviewed by Filip Pizlo.
      
      ../JavaScriptCore: 
      
      This patch removes ScopeChainNode, and moves all the data and related
      functions that used to be in ScopeChainNode into JSScope.
      
      Most of this patch is mechanical changes to use a JSScope* where we used
      to use a ScopeChainNode*. I've only specifically commented about items
      that were non-mechanical.
      
      * runtime/Completion.cpp:
      (JSC::evaluate):
      * runtime/Completion.h: Don't require an explicit scope chain argument
      when evaluating code. Clients never wanted anything other than the
      global scope, and other arbitrary scopes probably wouldn't work
      correctly, anyway.
      
      * runtime/JSScope.cpp:
      * runtime/JSScope.h:
      (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
      ScopeChainNode, so it can link itself into the scope chain correctly.
      
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
      for specifically supplying your own scope chain. The DOM needs this
      interface for setting up the scope chain for certain event handlers.
      Other clients always just push the JSWithScope to the head of the current
      scope chain.
      
      ../WebCore: 
      
      Mechanical changes to update for JSC interface changes.
      
      ../WebKit/mac: 
      
      Mechanical change to update for JSC interface change.
      
      ../WebKit/qt: 
      
      Mechanical change to update for JSC interface change.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      ../WebKit2: 
      
      Mechanical changes to update for JSC interface change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b11e7874
    • commit-queue@webkit.org's avatar
      Render unto #ifdef's that which belong to them. · b8419483
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95482.
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-08-30
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      Refining / disambiguating between #ifdefs and adding some. For
      example, ENABLE(JIT) is conflated with ENABLE(LLINT) in some places.
      Also, we need to add ENABLE(COMPUTED_GOTO_OPCODES) to indicate that we
      want interpreted opcodes to use COMPUTED GOTOs apart from ENABLE(LLINT)
      and ENABLE(COMPUTED_GOTO_CLASSIC_INTERPRETER). Also cleaned up #ifdefs
      in certain places which were previously incorrect.
      
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::bytecodeOffset):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * config.h:
      * dfg/DFGOperations.cpp:
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/CallFrame.h:
      (ExecState):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::~Interpreter):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getLineNumberForCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::privateExecute):
      * interpreter/Interpreter.h:
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (Interpreter):
      * jit/HostCallReturnValue.h:
      * jit/JITCode.h:
      (JITCode):
      * jit/JITExceptions.cpp:
      * jit/JITExceptions.h:
      * jit/JSInterfaceJIT.h:
      * llint/LLIntData.h:
      (JSC::LLInt::getOpcode):
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntOffsetsExtractor.cpp:
      (JSC::LLIntOffsetsExtractor::dummy):
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      * runtime/JSGlobalData.cpp:
      (JSC):
      
      Source/WTF:
      
      * wtf/Platform.h: Added ENABLE(COMPUTED_GOTO_OPCODES).
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127199 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b8419483
    • benjamin@webkit.org's avatar
      Replace JSC::UString by WTF::String · cff06e46
      benjamin@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95271
      
      Patch by Benjamin Poulain <bpoulain@apple.com> on 2012-08-30
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Having JSC::UString and WTF::String increase the complexity of working on WebKit, and
      add useless conversions in the bindings. It also cause some code bloat.
      
      The performance advantages of UString have been ported over in previous patches. This patch
      is the last step: getting rid of UString.
      
      In addition to the simplified code, this also reduce the binary size by 15kb on x86_64.
      
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::ustring):
      * runtime/Identifier.h:
      (JSC::Identifier::ustring):
      To avoid changing everything at once, the function named ustring() were kept as is. They
      will be renamed in a follow up patch.
      
      * runtime/JSString.h:
      (JSC::JSString::string):
      (JSC::JSValue::toWTFString):
      (JSC::inlineJSValueNotStringtoString):
      (JSC::JSValue::toWTFStringInline):
      Since JSValue::toString() already exist (and return the JSString), the direct accessor is renamed
      to ::toWTFString(). We may change ::string() to ::jsString() and ::toWTFString() to ::toString()
      in the future.
      
      * runtime/StringPrototype.cpp:
      (JSC::substituteBackreferencesSlow): Replace the use of UString::getCharacters<>() by String::getCharactersWithUpconvert<>().
      
      Source/WebCore: 
      
      Update the code to use String instead of UString.
      
      On x86_64, this reduces the binary size by 22kb.
      
      Since it is no longer possible to differenciate JSC::jsString() and WebCore::jsString() by the input
      types, WebCore::jsString() is renated to WebCore::jsStringWithCache().
      
      Since the cache is using a PtrHash, JSC::jsString() is used in place of the old WebCore::jsString() when
      the string is generated locally. This is because the cache can never match in those cases.
      
      Source/WebKit/blackberry: 
      
      Replace UString by String.
      
      * WebCoreSupport/ClientExtension.cpp:
      * WebCoreSupport/PagePopupBlackBerry.cpp:
      (WebCore::PagePopupBlackBerry::installDomFunction):
      
      Source/WebKit/efl: 
      
      Replace UString by String.
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::sendWebIntentResponse):
      * ewk/ewk_frame.cpp:
      (ewk_frame_script_execute):
      
      Source/WebKit/gtk: 
      
      Replace UString by String.
      
      * gdom/ConvertToGCharPrivate.h:
      (copyAsGchar):
      
      Source/WebKit/mac: 
      
      Get rid of UString, replace it by String, and simplify the code when possible.
      
      On x86_64, this reduces the binary size by 7kb.
      
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      * WebView/WebFrame.mm:
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]):
      (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame functionName]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.h:
      (WTF):
      (JSC):
      (WebScriptDebugger):
      * WebView/WebScriptDebugger.mm:
      (toNSURL):
      (WebScriptDebugger::sourceParsed):
      * WebView/WebView.mm:
      (aeDescFromJSValue):
      
      Source/WebKit/qt: 
      
      Replace UString by String.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      Source/WebKit/win: 
      
      Replace UString by String.
      
      * WebFrame.cpp:
      (WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
      * WebView.cpp:
      (WebView::stringByEvaluatingJavaScriptFromString):
      
      Source/WebKit/wx: 
      
      Update the #includes to use the correct types.
      
      * WebFrame.cpp:
      * WebView.cpp:
      
      Source/WebKit2: 
      
      Update to code to switch from UString to String.
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::evaluate):
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      
      Source/WTF: 
      
      * wtf/Platform.h: Useless edit to force a full build. This is needed for some bots for some reason.
      * wtf/text/WTFString.h: Export a symbol that was exported on UString and needed in WebCore.
      
      Add String::getCharactersWithUpconvert<>(), which is similar to String::getCharacters<>() but with the same
      behaviors as UString::getCharacters<>().
      
      String::getCharactersWithUpconvert<>() is useful when manipulating multiple strings, it allow writting code
      using 16bits characters if any of the input String is not 8bit.
      
      Tools: 
      
      Get rid of UString.
      
      * DumpRenderTree/efl/WorkQueueItemEfl.cpp:
      * gdb/webkit.py:
      (WTFStringPrinter.to_string):
      (JSCIdentifierPrinter.to_string):
      (JSCJSStringPrinter.to_string):
      (add_pretty_printers):
      
      Websites/webkit.org: 
      
      Update the coding style to avoid mentioning a class that no longer exist.
      
      * coding/coding-style.html:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127191 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cff06e46
  31. 29 Aug, 2012 1 commit
    • barraclough@apple.com's avatar
      Refactoring LLInt::Data. · 25d57826
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95316.
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-08-29
      Reviewed by Geoff Garen.
      
      This change allows its opcodeMap to be easily queried from any function
      without needing to go through a GlobalData object.  It also introduces
      the LLInt::getCodePtr() methods that will be used by the LLInt C loop
      later to redefine how llint symbols (opcodes and trampoline glue
      labels) get resolved.
      
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
      (MacroAssemblerCodeRef):
      (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::adjustPCIfAtCallSite):
      (JSC::CodeBlock::bytecodeOffset):
      * bytecode/Opcode.h:
          Remove the 'const' to simplify things and avoid having to do
          additional casts and #ifdefs in many places.
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForLLInt):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::initialize):
      * interpreter/Interpreter.h:
      (Interpreter):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      * llint/LLIntData.cpp:
      (LLInt):
      (JSC::LLInt::initialize):
      * llint/LLIntData.h:
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::exceptionInstructions):
      (JSC::LLInt::opcodeMap):
      (JSC::LLInt::getOpcode):
      (JSC::LLInt::getCodePtr):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::handleHostCall):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce): Initialize the singleton LLInt data.
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData): Removed the now unneeded LLInt::Data instance in
          JSGlobalData.
      * runtime/JSValue.h:
      (JSValue):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127068 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      25d57826