GitLab

https://bugs.webkit.org/show_bug.cgi?id=67881

Reviewed by Sam Weinig.

Source/JavaScriptCore:

Remove all use of anonymous slots, essentially a mechanical change
in JavaScriptCore

* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::createStructure):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::createStructure):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::createStructure):
* JavaScriptCore.exp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::createStructure):
* heap/MarkStack.cpp:
(JSC::MarkStack::validateValue):
* heap/MarkStack.h:
* runtime/Arguments.h:
(JSC::Arguments::createStructure):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::createStructure):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/BooleanObject.h:
(JSC::BooleanObject::createStructure):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::createStructure):
* runtime/DateConstructor.h:
(JSC::DateConstructor::createStructure):
* runtime/DateInstance.h:
(JSC::DateInstance::createStructure):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
* runtime/DatePrototype.h:
(JSC::DatePrototype::createStructure):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::createStructure):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::finishCreation):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::createStructure):
* runtime/ExceptionHelpers.h:
(JSC::InterruptedExecutionError::createStructure):
(JSC::TerminatedExecutionError::createStructure):
* runtime/Executable.h:
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::createStructure):
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/InternalFunction.h:
(JSC::InternalFunction::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSActivation.h:
(JSC::JSActivation::createStructure):
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::createStructure):
* runtime/JSCell.h:
* runtime/JSFunction.h:
(JSC::JSFunction::createStructure):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::finishCreation):
(JSC::JSGlobalObject::createStructure):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::createStructure):
* runtime/JSONObject.h:
(JSC::JSONObject::createStructure):
* runtime/JSObject.h:
(JSC::JSObject::createStructure):
(JSC::JSNonFinalObject::createStructure):
(JSC::JSFinalObject::createStructure):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::create):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::createStructure):
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::createStructure):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::createStructure):
* runtime/MathObject.h:
(JSC::MathObject::createStructure):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::createStructure):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::createStructure):
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::createStructure):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::createStructure):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::finishCreation):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::createStructure):
* runtime/RegExp.h:
(JSC::RegExp::createStructure):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::createStructure):
* runtime/RegExpObject.h:
(JSC::RegExpObject::createStructure):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::createStructure):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::createStructure):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::createStructure):
* runtime/StringConstructor.h:
(JSC::StringConstructor::createStructure):
* runtime/StringObject.h:
(JSC::StringObject::createStructure):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
(JSC::StringPrototype::createStructure):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::materializePropertyMap):
(JSC::Structure::addPropertyTransitionToExistingStructure):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::removePropertyTransition):
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::getterSetterTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::removePropertyWithoutTransition):
(JSC::Structure::get):
(JSC::Structure::putSpecificValue):
(JSC::Structure::remove):
(JSC::Structure::checkConsistency):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::propertyStorageSize):
(JSC::Structure::get):
* runtime/StructureChain.h:
(JSC::StructureChain::createStructure):

Source/JavaScriptGlue:

Don't need an anonymous slot count anymore

* UserObjectImp.h:
(UserObjectImp::createStructure):

Source/WebCore:

Remove all use of anonymous slots, this required modifying
bindings generation to add member variables for cached attributes,
and override visitChildren with the necessary logic to mark those
new members.

I added bindings generation tests for these values.

* bindings/js/JSAudioConstructor.h:
(WebCore::JSAudioConstructor::createStructure):
* bindings/js/JSDOMBinding.h:
(WebCore::DOMConstructorObject::createStructure):
* bindings/js/JSDOMGlobalObject.h:
(WebCore::JSDOMGlobalObject::createStructure):
* bindings/js/JSDOMWindowBase.h:
(WebCore::JSDOMWindowBase::createStructure):
* bindings/js/JSDOMWindowShell.h:
(WebCore::JSDOMWindowShell::createStructure):
* bindings/js/JSDOMWrapper.h:
(WebCore::JSDOMWrapper::createStructure):
* bindings/js/JSImageConstructor.h:
(WebCore::JSImageConstructor::createStructure):
* bindings/js/JSMessageEventCustom.cpp:
(WebCore::JSMessageEvent::data):
(WebCore::JSMessageEvent::initMessageEvent):
* bindings/js/JSOptionConstructor.h:
(WebCore::JSOptionConstructor::createStructure):
* bindings/js/JSWorkerContextBase.h:
(WebCore::JSWorkerContextBase::createStructure):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GenerateConstructorDeclaration):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterfaceConstructor::createStructure):
* bindings/scripts/test/JS/JSTestInterface.h:
(WebCore::JSTestInterface::createStructure):
(WebCore::JSTestInterfacePrototype::createStructure):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
(WebCore::JSTestMediaQueryListListener::createStructure):
(WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjConstructor::createStructure):
(WebCore::jsTestObjCachedAttribute1):
(WebCore::jsTestObjCachedAttribute2):
(WebCore::JSTestObj::visitChildren):
* bindings/scripts/test/JS/JSTestObj.h:
(WebCore::JSTestObj::createStructure):
(WebCore::JSTestObjPrototype::createStructure):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
(WebCore::JSTestSerializedScriptValueInterface::createStructure):
(WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
* bindings/scripts/test/TestObj.idl:
* bindings/scripts/test/V8/V8TestObj.cpp:
(WebCore::TestObjInternal::cachedAttribute1AttrGetter):
(WebCore::TestObjInternal::cachedAttribute2AttrGetter):
* bridge/c/CRuntimeObject.h:
(JSC::Bindings::CRuntimeObject::createStructure):
* bridge/c/c_instance.cpp:
(JSC::Bindings::CRuntimeMethod::createStructure):
* bridge/jni/jsc/JavaInstanceJSC.cpp:
(JavaRuntimeMethod::createStructure):
* bridge/jni/jsc/JavaRuntimeObject.h:
(JSC::Bindings::JavaRuntimeObject::createStructure):
* bridge/objc/ObjCRuntimeObject.h:
(JSC::Bindings::ObjCRuntimeObject::createStructure):
* bridge/objc/objc_instance.mm:
(ObjCRuntimeMethod::createStructure):
* bridge/objc/objc_runtime.h:
(JSC::Bindings::ObjcFallbackObjectImp::createStructure):
* bridge/runtime_array.h:
(JSC::RuntimeArray::createStructure):
* bridge/runtime_method.h:
(JSC::RuntimeMethod::createStructure):
* bridge/runtime_object.h:
(JSC::Bindings::RuntimeObject::createStructure):

Source/WebKit/mac:

Remove the use of AnonymousSlotCount

* Plugins/Hosted/ProxyInstance.mm:
(WebKit::ProxyRuntimeMethod::createStructure):
* Plugins/Hosted/ProxyRuntimeObject.h:
(WebKit::ProxyRuntimeObject::createStructure):

Source/WebKit2:

Remove the use of AnonymousSlotCount.

* WebProcess/Plugins/Netscape/JSNPMethod.h:
(WebKit::JSNPMethod::createStructure):
* WebProcess/Plugins/Netscape/JSNPObject.h:
(WebKit::JSNPObject::createStructure):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94929 268f45cc-cd09-0410-ab3c-d52691b4dbfc

chunks of executable memory
https://bugs.webkit.org/show_bug.cgi?id=66363

Reviewed by Oliver Hunt.
        
Introduced a best-fit, balanced-tree based allocator. The allocator
required a balanced tree that does not allocate memory and that
permits the removal of individual nodes directly (as opposed to by
key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
Changed all references to executable code to use a reference counted
handle.

Source/JavaScriptCore: 

* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::executableCopy):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::finalizeCode):
(JSC::LinkBuffer::linkCode):
* assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
(JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
(JSC::MacroAssemblerCodeRef::executableMemory):
(JSC::MacroAssemblerCodeRef::code):
(JSC::MacroAssemblerCodeRef::size):
(JSC::MacroAssemblerCodeRef::operator!):
* assembler/X86Assembler.h:
(JSC::X86Assembler::executableCopy):
(JSC::X86Assembler::X86InstructionFormatter::executableCopy):
* bytecode/CodeBlock.h:
* bytecode/Instruction.h:
* bytecode/StructureStubInfo.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGRepatch.cpp:
(JSC::DFG::generateProtoChainAccessStub):
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::tryBuildGetByIDProtoList):
(JSC::DFG::tryCachePutByID):
* jit/ExecutableAllocator.cpp:
(JSC::ExecutableAllocator::initializeAllocator):
(JSC::ExecutableAllocator::ExecutableAllocator):
(JSC::ExecutableAllocator::allocate):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::dumpProfile):
* jit/ExecutableAllocator.h:
(JSC::ExecutableAllocator::dumpProfile):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::ExecutableAllocator::initializeAllocator):
(JSC::ExecutableAllocator::ExecutableAllocator):
(JSC::ExecutableAllocator::isValid):
(JSC::ExecutableAllocator::underMemoryPressure):
(JSC::ExecutableAllocator::allocate):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::dumpProfile):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::JIT::compileCTIMachineTrampolines):
(JSC::JIT::compileCTINativeCall):
* jit/JITCode.h:
(JSC::JITCode::operator !):
(JSC::JITCode::addressForCall):
(JSC::JITCode::offsetOf):
(JSC::JITCode::execute):
(JSC::JITCode::start):
(JSC::JITCode::size):
(JSC::JITCode::getExecutableMemory):
(JSC::JITCode::HostFunction):
(JSC::JITCode::JITCode):
* jit/JITOpcodes.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):
* jit/JITStubs.cpp:
(JSC::JITThunks::JITThunks):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::getPolymorphicAccessStructureListSlot):
(JSC::JITThunks::ctiStub):
(JSC::JITThunks::hostFunctionStub):
* jit/JITStubs.h:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::finalize):
* jit/ThunkGenerators.cpp:
(JSC::charCodeAtThunkGenerator):
(JSC::charAtThunkGenerator):
(JSC::fromCharCodeThunkGenerator):
(JSC::sqrtThunkGenerator):
(JSC::floorThunkGenerator):
(JSC::ceilThunkGenerator):
(JSC::roundThunkGenerator):
(JSC::expThunkGenerator):
(JSC::logThunkGenerator):
(JSC::absThunkGenerator):
(JSC::powThunkGenerator):
* jit/ThunkGenerators.h:
* runtime/Executable.h:
(JSC::NativeExecutable::create):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
(JSC::JSGlobalData::dumpSampleData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::getCTIStub):
* wtf/CMakeLists.txt:
* wtf/MetaAllocator.cpp: Added.
(WTF::MetaAllocatorHandle::MetaAllocatorHandle):
(WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
(WTF::MetaAllocatorHandle::shrink):
(WTF::MetaAllocator::MetaAllocator):
(WTF::MetaAllocator::allocate):
(WTF::MetaAllocator::currentStatistics):
(WTF::MetaAllocator::findAndRemoveFreeSpace):
(WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
(WTF::MetaAllocator::addFreshFreeSpace):
(WTF::MetaAllocator::debugFreeSpaceSize):
(WTF::MetaAllocator::addFreeSpace):
(WTF::MetaAllocator::incrementPageOccupancy):
(WTF::MetaAllocator::decrementPageOccupancy):
(WTF::MetaAllocator::roundUp):
(WTF::MetaAllocator::allocFreeSpaceNode):
(WTF::MetaAllocator::freeFreeSpaceNode):
(WTF::MetaAllocator::dumpProfile):
* wtf/MetaAllocator.h: Added.
(WTF::MetaAllocator::bytesAllocated):
(WTF::MetaAllocator::bytesReserved):
(WTF::MetaAllocator::bytesCommitted):
(WTF::MetaAllocator::dumpProfile):
(WTF::MetaAllocator::~MetaAllocator):
* wtf/MetaAllocatorHandle.h: Added.
* wtf/RedBlackTree.h: Added.
(WTF::RedBlackTree::Node::Node):
(WTF::RedBlackTree::Node::successor):
(WTF::RedBlackTree::Node::predecessor):
(WTF::RedBlackTree::Node::reset):
(WTF::RedBlackTree::Node::parent):
(WTF::RedBlackTree::Node::setParent):
(WTF::RedBlackTree::Node::left):
(WTF::RedBlackTree::Node::setLeft):
(WTF::RedBlackTree::Node::right):
(WTF::RedBlackTree::Node::setRight):
(WTF::RedBlackTree::Node::color):
(WTF::RedBlackTree::Node::setColor):
(WTF::RedBlackTree::RedBlackTree):
(WTF::RedBlackTree::insert):
(WTF::RedBlackTree::remove):
(WTF::RedBlackTree::findExact):
(WTF::RedBlackTree::findLeastGreaterThanOrEqual):
(WTF::RedBlackTree::findGreatestLessThanOrEqual):
(WTF::RedBlackTree::first):
(WTF::RedBlackTree::last):
(WTF::RedBlackTree::size):
(WTF::RedBlackTree::isEmpty):
(WTF::RedBlackTree::treeMinimum):
(WTF::RedBlackTree::treeMaximum):
(WTF::RedBlackTree::treeInsert):
(WTF::RedBlackTree::leftRotate):
(WTF::RedBlackTree::rightRotate):
(WTF::RedBlackTree::removeFixup):
* wtf/wtf.pri:
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::compile):
* yarr/YarrJIT.h:
(JSC::Yarr::YarrCodeBlock::execute):
(JSC::Yarr::YarrCodeBlock::getAddr):

Source/JavaScriptGlue: 

* ForwardingHeaders/wtf/MetaAllocatorHandle.h: Added.

Source/WebCore: 

No new layout tests because behavior is not changed.  New API unit
tests:
Tests/WTF/RedBlackTree.cpp
Tests/WTF/MetaAllocator.cpp

* ForwardingHeaders/wtf/MetaAllocatorHandle.h: Added.

Tools: 

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WTF/MetaAllocator.cpp: Added.
(TestWebKitAPI::TEST_F):
* TestWebKitAPI/Tests/WTF/RedBlackTree.cpp: Added.
(TestWebKitAPI::Pair::findExact):
(TestWebKitAPI::Pair::remove):
(TestWebKitAPI::Pair::findLeastGreaterThanOrEqual):
(TestWebKitAPI::Pair::assertFoundAndRemove):
(TestWebKitAPI::Pair::assertEqual):
(TestWebKitAPI::Pair::assertSameValuesForKey):
(TestWebKitAPI::Pair::testDriver):
(TestWebKitAPI::TEST_F):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94920 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67901

Reviewed by Andy Estes.

* JavaScriptCore.exp:
* runtime/JSCell.cpp:
* runtime/JSValue.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67892

Reviewed by Andy "First Time Reviewer" Estes.

../JavaScriptCore: 

* JavaScriptCore.exp:
Add symbols.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
Use new predicates.

* runtime/ExceptionHelpers.cpp:
(JSC::createInterruptedExecutionException):
(JSC::isInterruptedExecutionException):
(JSC::createTerminatedExecutionException):
(JSC::isTerminatedExecutionException):
* runtime/ExceptionHelpers.h:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
Add predicates.

../WebCore: 

* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::evaluate):
Use the new predicates instead of probing the ClassInfo directly.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94918 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67420

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::create):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::JSCallbackFunction):
(JSC::JSCallbackFunction::finishCreation):
* API/JSCallbackFunction.h:
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
(JSC::::finishCreation):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::create):
* jsc.cpp:
(GlobalObject::finishCreation):
(GlobalObject::GlobalObject):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
(JSC::ArrayConstructor::finishCreation):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::create):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
(JSC::BooleanConstructor::finishCreation):
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/BooleanObject.h:
(JSC::BooleanObject::create):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
(JSC::BooleanPrototype::finishCreation):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
(JSC::DateConstructor::finishCreation):
* runtime/DateConstructor.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
* runtime/DateInstance.h:
(JSC::DateInstance::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
(JSC::DatePrototype::finishCreation):
* runtime/DatePrototype.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
(JSC::ErrorConstructor::finishCreation):
* runtime/ErrorConstructor.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
(JSC::FunctionConstructor::finishCreation):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
(JSC::FunctionPrototype::finishCreation):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSString.cpp:
(JSC::StringObject::create):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::finishCreation):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::finishCreation):
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
(JSC::NumberConstructor::finishCreation):
* runtime/NumberConstructor.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
* runtime/NumberObject.h:
(JSC::NumberObject::create):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
(JSC::NumberPrototype::finishCreation):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
(JSC::ObjectConstructor::finishCreation):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
(JSC::RegExpConstructor::finishCreation):
(JSC::RegExpMatchesArray::RegExpMatchesArray):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::create):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
(JSC::StringConstructor::finishCreation):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
(JSC::StringPrototype::finishCreation):
* runtime/StringPrototype.h:

Source/JavaScriptGlue:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* JSRun.cpp:
(JSGlueGlobalObject::JSGlueGlobalObject):

Source/WebCore:

No new tests.

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* WebCore.exp.in:
* bindings/js/JSDOMBinding.h:
(WebCore::DOMConstructorObject::DOMConstructorObject):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
(WebCore::JSDOMGlobalObject::finishCreation):
* bindings/js/JSDOMGlobalObject.h:
* bindings/js/JSDOMWindowShell.cpp:
* bindings/js/JSDOMWindowShell.h:
(WebCore::JSDOMWindowShell::create):
* bindings/js/JSDOMWrapper.h:
(WebCore::JSDOMWrapper::JSDOMWrapper):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::JSTestInterface):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObj::JSTestObj):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface):
* bridge/c/CRuntimeObject.cpp:
(JSC::Bindings::CRuntimeObject::CRuntimeObject):
(JSC::Bindings::CRuntimeObject::finishCreation):
* bridge/c/CRuntimeObject.h:
* bridge/jni/jsc/JavaRuntimeObject.cpp:
(JSC::Bindings::JavaRuntimeObject::JavaRuntimeObject):
(JSC::Bindings::JavaRuntimeObject::finishCreation):
* bridge/jni/jsc/JavaRuntimeObject.h:
* bridge/objc/ObjCRuntimeObject.h:
* bridge/objc/ObjCRuntimeObject.mm:
(JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):
(JSC::Bindings::ObjCRuntimeObject::finishCreation):
* bridge/objc/objc_runtime.h:
(JSC::Bindings::ObjcFallbackObjectImp::create):
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
* bridge/qt/qt_instance.cpp:
(JSC::Bindings::QtRuntimeObject::QtRuntimeObject):
* bridge/qt/qt_pixmapruntime.cpp:
(JSC::Bindings::QtPixmapRuntimeObject::QtPixmapRuntimeObject):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::QtRuntimeMethod::QtRuntimeMethod):
(JSC::Bindings::QtRuntimeMethod::finishCreation):
* bridge/qt/qt_runtime.h:
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::RuntimeArray):
* bridge/runtime_array.h:
(JSC::RuntimeArray::create):
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::RuntimeMethod):
(JSC::RuntimeMethod::finishCreation):
* bridge/runtime_method.h:
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::RuntimeObject):
* bridge/runtime_object.h:
(JSC::Bindings::RuntimeObject::create):

Source/WebKit/mac:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* Plugins/Hosted/ProxyRuntimeObject.h:
* Plugins/Hosted/ProxyRuntimeObject.mm:
(WebKit::ProxyRuntimeObject::ProxyRuntimeObject):
(WebKit::ProxyRuntimeObject::finishCreation):

Source/WebKit2:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* WebProcess/Plugins/Netscape/JSNPMethod.cpp:
(WebKit::JSNPMethod::JSNPMethod):
(WebKit::JSNPMethod::finishCreation):
* WebProcess/Plugins/Netscape/JSNPMethod.h:
(WebKit::JSNPMethod::create):
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::JSNPObject):
* WebProcess/Plugins/Netscape/JSNPObject.h:
(WebKit::JSNPObject::create):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67829

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-09-08
Reviewed by Sam Weinig.

Fixing a couple tests that were broken due to the wrong values being 
set in the parent class pointers in the ClassInfo structs for 
TerminatedExecutionError and InterruptedExecutionError.

* runtime/ExceptionHelpers.cpp:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94835 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67494

Reviewed by Geoffrey Garen.

../../../../Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore:

Use a bump allocator for initial allocation of property storage,
and promote to fastMalloc memory only if it survives a GC pass.

Comes out as a 1% win on v8, and is a useful step on the way to
GC allocation of all property storage.

* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp:
(JSC::Heap::collect):
* heap/Heap.h:
(JSC::Heap::allocatePropertyStorage):
(JSC::Heap::inPropertyStorageNursery):
* heap/MarkedBlock.h:
* heap/NewSpace.cpp:
(JSC::NewSpace::NewSpace):
* heap/NewSpace.h:
(JSC::NewSpace::resetPropertyStorageNursery):
(JSC::NewSpace::allocatePropertyStorage):
(JSC::NewSpace::inPropertyStorageNursery):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSC::JSObject::isUsingInlineStorage):
(JSC::JSObject::JSObject):
(JSC::JSObject::propertyStorage):
(JSC::JSObject::~JSObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::transitionTo):
(JSC::JSObject::visitChildrenDirect):
* runtime/StorageBarrier.h: Added.
(JSC::StorageBarrier::StorageBarrier):
(JSC::StorageBarrier::set):
(JSC::StorageBarrier::operator->):
(JSC::StorageBarrier::operator*):
(JSC::StorageBarrier::operator[]):
(JSC::StorageBarrier::get):

../../../../Volumes/Data/git/WebKit/OpenSource/Source/WebCore:

Add a forwarding header.

* ForwardingHeaders/runtime/StorageBarrier.h: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67755

Reviewed by Gavin Barraclough.

../JavaScriptCore: 

- Removes the Completion object and replaces its use with out parameter exceptions.
- Remove ComplType and virtual exceptionType() function on JSObject. Replace with
  ClassInfo for InterruptedExecutionError and TerminatedExecutionError.

* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::throwException):
* jsc.cpp:
(functionLoad):
(functionCheckSyntax):
(runWithScripts):
(runInteractive):
* runtime/Completion.cpp:
(JSC::checkSyntax):
(JSC::evaluate):
* runtime/Completion.h:
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::toString):
(JSC::TerminatedExecutionError::toString):
(JSC::createInterruptedExecutionException):
* runtime/ExceptionHelpers.h:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::InterruptedExecutionError::create):
(JSC::InterruptedExecutionError::createStructure):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
(JSC::TerminatedExecutionError::create):
(JSC::TerminatedExecutionError::createStructure):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSObject.h:

../JavaScriptGlue: 

* JSRun.cpp:
(JSRun::Evaluate):
(JSRun::CheckSyntax):
* JSRun.h:
* JavaScriptGlue.cpp:
(JSRunEvaluate):

../WebCore: 

* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent):
* bindings/js/JSInjectedScriptManager.cpp:
(WebCore::InjectedScriptManager::createInjectedScript):
* bindings/js/JSMainThreadExecState.h:
(WebCore::JSMainThreadExecState::evaluate):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::evaluateInWorld):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::evaluate):
* bindings/objc/WebScriptObject.mm:
(-[WebScriptObject evaluateWebScript:]):
* bridge/NP_jsobject.cpp:
(_NPN_Evaluate):
* bridge/jni/jni_jsobject.mm:
(JavaJSObject::eval):

../WebKit/mac: 

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::evaluate):

../WebKit/qt: 

* Api/qwebelement.cpp:
(QWebElement::evaluateJavaScript):

../WebKit2: 

* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::evaluate):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94811 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67691

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-09-08
Reviewed by Oliver Hunt.

 We don't use JSCell::getUInt32 anymore, so it has been removed.

* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* runtime/JSCell.cpp:
* runtime/JSCell.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94774 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67689

Reviewed by Geoff Garen.

../../../../Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore:

Remove JSObjectWithGlobalObject, and update code to stop using anonymous
storage to access the global object that a JSObject comes from.  Largely
mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.

* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
(JSC::JSCallbackConstructor::finishCreation):
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.cpp:
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::create):
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
(JSC::::finishCreation):
(JSC::::staticFunctionGetter):
* API/JSClassRef.cpp:
(OpaqueJSClass::prototype):
* API/JSObjectRef.cpp:
(JSObjectMake):
(JSObjectGetPrivate):
(JSObjectSetPrivate):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):
* API/JSValueRef.cpp:
(JSValueIsObjectOfClass):
* API/JSWeakObjectMapRefPrivate.cpp:
* JavaScriptCore.exp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.h:
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgRepatchGetMethodFast):
(JSC::DFG::tryCacheGetMethod):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::emitAllocateJSFunction):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::patchMethodCallProto):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/DatePrototype.cpp:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
(JSC::InternalFunction::finishCreation):
* runtime/InternalFunction.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::finishCreation):
* runtime/JSFunction.h:
(JSC::JSFunction::create):
(JSC::JSFunction::createStructure):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
(JSC::JSONObject::finishCreation):
* runtime/JSONObject.h:
* runtime/JSObject.h:
(JSC::JSObject::globalObject):
* runtime/JSObjectWithGlobalObject.cpp: Removed.
* runtime/JSObjectWithGlobalObject.h: Removed.
* runtime/JSValue.cpp:
(JSC::JSValue::isValidCallee):
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
(JSC::MathObject::finishCreation):
* runtime/MathObject.h:
* runtime/NumberPrototype.cpp:
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
(JSC::RegExpObject::finishCreation):
* runtime/RegExpObject.h:
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::globalObject):

../../../../Volumes/Data/git/WebKit/OpenSource/Source/WebCore:

Remove use of anonymous storage and JSObjectWithGlobalObject for
accessing a JSObject's global object now that they're available
on the object's structure.

* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::setWindow):
* bindings/js/JSDOMWrapper.h:
(WebCore::JSDOMWrapper::globalObject):
(WebCore::JSDOMWrapper::JSDOMWrapper):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::initScript):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
* bridge/objc/objc_runtime.h:
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
(JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::RuntimeObject):
(JSC::Bindings::RuntimeObject::finishCreation):
* bridge/runtime_object.h:

../../../../Volumes/Data/git/WebKit/OpenSource/Source/WebKit2:

Remove JSObjectWithGlobalObject usage.

* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::JSNPObject):
(WebKit::JSNPObject::finishCreation):
* WebProcess/Plugins/Netscape/JSNPObject.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/94627
http://trac.webkit.org/changeset/94632
https://bugs.webkit.org/show_bug.cgi?id=67698

It broke tests on GTK and Qt (Requested by Ossy on #webkit).

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-09-07

Source/JavaScriptCore:

* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::create):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::JSCallbackFunction):
* API/JSCallbackFunction.h:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::create):
* debugger/DebuggerActivation.h:
* jsc.cpp:
(GlobalObject::constructorBody):
(GlobalObject::GlobalObject):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::create):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/BooleanObject.h:
(JSC::BooleanObject::create):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
* runtime/DateConstructor.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
* runtime/DateInstance.h:
(JSC::DateInstance::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
* runtime/DatePrototype.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
* runtime/ErrorConstructor.h:
(JSC::ErrorConstructor::create):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSString.cpp:
(JSC::StringObject::create):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::constructorBody):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::constructorBody):
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
* runtime/NumberConstructor.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
* runtime/NumberObject.h:
(JSC::NumberObject::create):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
(JSC::RegExpMatchesArray::RegExpMatchesArray):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::create):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:

Source/JavaScriptGlue:

* JSRun.cpp:
(JSGlueGlobalObject::JSGlueGlobalObject):

Source/WebCore:

* WebCore.exp.in:
* bindings/js/JSDOMBinding.h:
(WebCore::DOMConstructorObject::DOMConstructorObject):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
* bindings/js/JSDOMGlobalObject.h:
* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::create):
* bindings/js/JSDOMWindowShell.h:
* bindings/js/JSDOMWrapper.h:
(WebCore::JSDOMWrapper::JSDOMWrapper):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::JSTestInterface):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObj::JSTestObj):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface):
* bridge/c/CRuntimeObject.cpp:
(JSC::Bindings::CRuntimeObject::CRuntimeObject):
* bridge/c/CRuntimeObject.h:
* bridge/jni/jsc/JavaRuntimeObject.cpp:
(JSC::Bindings::JavaRuntimeObject::JavaRuntimeObject):
* bridge/jni/jsc/JavaRuntimeObject.h:
* bridge/objc/ObjCRuntimeObject.h:
* bridge/objc/ObjCRuntimeObject.mm:
(JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):
* bridge/objc/objc_runtime.h:
(JSC::Bindings::ObjcFallbackObjectImp::create):
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
* bridge/qt/qt_instance.cpp:
(JSC::Bindings::QtRuntimeObject::QtRuntimeObject):
* bridge/qt/qt_pixmapruntime.cpp:
(JSC::Bindings::QtPixmapRuntimeObject::QtPixmapRuntimeObject):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::QtRuntimeMethod::QtRuntimeMethod):
* bridge/qt/qt_runtime.h:
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::RuntimeArray):
* bridge/runtime_array.h:
(JSC::RuntimeArray::create):
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::RuntimeMethod):
* bridge/runtime_method.h:
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::RuntimeObject):
* bridge/runtime_object.h:
(JSC::Bindings::RuntimeObject::create):

Source/WebKit/mac:

* Plugins/Hosted/ProxyRuntimeObject.h:
* Plugins/Hosted/ProxyRuntimeObject.mm:
(WebKit::ProxyRuntimeObject::ProxyRuntimeObject):

Source/WebKit2:

* WebProcess/Plugins/Netscape/JSNPMethod.cpp:
(WebKit::JSNPMethod::JSNPMethod):
(WebKit::JSNPMethod::create):
* WebProcess/Plugins/Netscape/JSNPMethod.h:
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::JSNPObject):
(WebKit::JSNPObject::create):
* WebProcess/Plugins/Netscape/JSNPObject.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94644 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67079

Patch by Xianzhu Wang <wangxianzhu@chromium.org> on 2011-09-06
Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

This is part of work to support 8-bit string buffers.
Adds StringBuilder::characters() because the original Vector<UChar>::data()
is widely used.
Sets the minimum size of buffer to 16 to prevent possible performance
regression. Further performance investigation should be done in
https://bugs.webkit.org/show_bug.cgi?id=67084.

* wtf/Forward.h:
* wtf/text/StringBuilder.cpp:
(WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::operator[]):
(WTF::StringBuilder::characters): Added.

Source/WebCore:

No new tests. All existing unit tests and layout tests should run
as before.

* css/CSSOMUtils.cpp:
(WebCore::appendCharacter):
(WebCore::serializeCharacter):
(WebCore::serializeCharacterAsCodePoint):
(WebCore::serializeIdentifier):
(WebCore::serializeString):
* css/CSSOMUtils.h:
* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::cssText):
* css/CSSStyleSelector.cpp:
(WebCore::CSSStyleSelector::SelectorChecker::determineLinkStateSlowCase):
* css/CSSWrapShapes.cpp:
(WebCore::CSSWrapShapeRect::cssText):
(WebCore::CSSWrapShapeCircle::cssText):
(WebCore::CSSWrapShapeEllipse::cssText):
(WebCore::CSSWrapShapePolygon::cssText):
* editing/HTMLInterchange.cpp:
(WebCore::convertHTMLTextToInterchangeFormat):
* editing/MarkupAccumulator.cpp:
(WebCore::appendCharactersReplacingEntities):
(WebCore::MarkupAccumulator::serializeNodes):
(WebCore::MarkupAccumulator::appendStartTag):
(WebCore::MarkupAccumulator::appendEndTag):
(WebCore::MarkupAccumulator::concatenateMarkup):
(WebCore::MarkupAccumulator::appendAttributeValue):
(WebCore::MarkupAccumulator::appendCustomAttributes):
(WebCore::MarkupAccumulator::appendQuotedURLAttributeValue):
(WebCore::MarkupAccumulator::appendNodeValue):
(WebCore::MarkupAccumulator::appendNamespace):
(WebCore::MarkupAccumulator::appendText):
(WebCore::MarkupAccumulator::appendComment):
(WebCore::MarkupAccumulator::appendDocumentType):
(WebCore::MarkupAccumulator::appendProcessingInstruction):
(WebCore::MarkupAccumulator::appendElement):
(WebCore::MarkupAccumulator::appendOpenTag):
(WebCore::MarkupAccumulator::appendCloseTag):
(WebCore::MarkupAccumulator::appendAttribute):
(WebCore::MarkupAccumulator::appendCDATASection):
(WebCore::MarkupAccumulator::appendStartMarkup):
(WebCore::MarkupAccumulator::appendEndMarkup):
* editing/MarkupAccumulator.h:
* editing/markup.cpp:
(WebCore::StyledMarkupAccumulator::appendElement):
(WebCore::StyledMarkupAccumulator::wrapWithNode):
(WebCore::StyledMarkupAccumulator::wrapWithStyleNode):
(WebCore::StyledMarkupAccumulator::appendStyleNodeOpenTag):
(WebCore::StyledMarkupAccumulator::takeResults):
(WebCore::StyledMarkupAccumulator::appendText):
(WebCore::urlToMarkup):
* html/DOMTokenList.cpp:
(WebCore::DOMTokenList::removeToken):
* html/HTMLFontElement.cpp:
(WebCore::parseFontSize):
* html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::strippedPlaceholder):
* html/parser/CSSPreloadScanner.cpp:
(WebCore::CSSPreloadScanner::emitRule):
* html/parser/CSSPreloadScanner.h:
* html/parser/HTMLEntityParser.cpp:
(WebCore::consumeHTMLEntity):
* html/parser/HTMLEntityParser.h:
* html/parser/HTMLParserIdioms.cpp:
(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger):
* html/parser/HTMLTokenizer.cpp:
(WebCore::HTMLTokenizer::processEntity):
(WebCore::HTMLTokenizer::nextToken):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::giveRemainingTo):
(WebCore::HTMLTreeBuilder::defaultForInTableText):
* html/parser/HTMLTreeBuilder.h:
* inspector/InspectorValues.cpp:
(WebCore::InspectorValue::toJSONString):
(WebCore::InspectorValue::writeJSON):
(WebCore::InspectorBasicValue::writeJSON):
(WebCore::InspectorString::writeJSON):
(WebCore::InspectorObject::writeJSON):
(WebCore::InspectorArray::writeJSON):
* inspector/InspectorValues.h:
* loader/CrossOriginAccessControl.cpp:
(WebCore::createAccessControlPreflightRequest):
* loader/appcache/ApplicationCacheStorage.cpp:
(WebCore::ApplicationCacheStorage::store):
* page/Chrome.cpp:
(WebCore::Chrome::setToolTip):
* page/PageSerializer.cpp:
(WebCore::SerializerMarkupAccumulator::appendText):
(WebCore::SerializerMarkupAccumulator::appendElement):
(WebCore::SerializerMarkupAccumulator::appendCustomAttributes):
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::toString):
* platform/KURL.cpp:
(WebCore::KURL::deprecatedString):
(WebCore::decodeURLEscapeSequences):
* platform/LinkHash.cpp:
(WebCore::squeezeOutNullCharacters):
(WebCore::cleanSlashDotDotSlashes):
(WebCore::mergeDoubleSlashes):
(WebCore::cleanSlashDotSlashes):
(WebCore::cleanPath):
(WebCore::visitedURLInline):
(WebCore::visitedURL):
(WebCore::visitedLinkHash):
* platform/LinkHash.h:
* platform/gtk/DataObjectGtk.cpp:
(WebCore::DataObjectGtk::setURL):
* platform/network/HTTPParsers.cpp:
(WebCore::extractMIMETypeFromMediaType):
* platform/text/TextCodecICU.cpp:
(WebCore::TextCodecICU::decode):
* platform/text/TextStream.cpp:
(WebCore::TextStream::operator<<):
(WebCore::TextStream::release):
* platform/text/TextStream.h:
* plugins/PluginStream.cpp:
(WebCore::PluginStream::startStream):
* rendering/InlineTextBox.cpp:
(WebCore::adjustCharactersAndLengthForHyphen):
* rendering/InlineTextBox.h:
(WebCore::BufferForAppendingHyphen::BufferForAppendingHyphen):
* rendering/RenderListItem.cpp:
(WebCore::RenderListItem::markerTextWithSuffix):
* rendering/RenderListMarker.cpp:
(WebCore::toSymbolic):
(WebCore::RenderListMarker::paint):
(WebCore::RenderListMarker::suffix):
* rendering/RenderTreeAsText.cpp:
(WebCore::quoteAndEscapeNonPrintables):
* rendering/mathml/RenderMathMLFenced.cpp:
(WebCore::RenderMathMLFenced::updateFromElement):
* storage/IDBLevelDBCoding.cpp:
(WebCore::IDBLevelDBCoding::decodeString):
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::getAllResponseHeaders):
* xml/XPathFunctions.cpp:
(WebCore::XPath::FunId::evaluate):
(WebCore::XPath::FunConcat::evaluate):
* xml/XPathUtil.cpp:
(WebCore::XPath::stringValue):
* xml/XSLTProcessorLibxslt.cpp:
(WebCore::writeToStringBuilder):
(WebCore::saveResultToString):
* xml/parser/CharacterReferenceParserInlineMethods.h:
(WebCore::unconsumeCharacters):
(WebCore::consumeCharacterReference):
* xml/parser/XMLCharacterReferenceParser.cpp:
(WebCore::consumeXMLCharacterReference):
* xml/parser/XMLCharacterReferenceParser.h:
* xml/parser/XMLTokenizer.cpp:
(WebCore::XMLTokenizer::nextToken):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94640 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67670

Reviewed by Gavin Barraclough.

This adds boolean value profiling, boolean prediction in the DFG,
boolean forward flow propagation in the DFGPropagator, boolean
data format in DFG generation info, and comprehensive optimizations
based on both boolean prediction and boolean generation info.
This is brings the speed-up on v8-richards to 12%, and gives slight
speed-ups elsewhere as well.

Making this work right required navigating some subtleties in
value profiling.  Some functions get compiled with insufficient
information because some important path of the function never
executed.  In these cases, we wish to fall back on static
speculation.  But to do so, we need to ensure that predictions that
are inherent in the code (like that GetById almost certainly takes
a cell operand) are reflected in predictions that we make in
DFGPropagator.  Thus, DFGPropagator now does both backward and
forward flow, using a both forward and backward fixpoint.

The backward flow in DFGPropagator is a separate static analysis,
and needs to keep a set of backward flow abstract values for
variables, arguments, and globals.  To make this easy, this patch
factors out DFGGraph's prediction tracking capability into
DFGPredictionTracker, which now gets used by both DFGGraph (for
forward flow predictions) and DFGPropagator (for backward flow
predictions).  Backward flow predictions eventually get merged
into forward flow ones, but the two are not equivalent: a forward
flow prediction is a superset of the backward flow prediction.

Debugging these prediction issues required a better understanding
of where we fail speculation, and what our value predictions look
like.  This patch also adds optional verbose speculation failure
(so an informative printf fires whenever speculation failure occurs)
and slight improvements to the verbosity in other places.

* bytecode/ValueProfile.h:
(JSC::ValueProfile::numberOfBooleans):
(JSC::ValueProfile::probabilityOfBoolean):
(JSC::ValueProfile::dump):
(JSC::ValueProfile::computeStatistics):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::stronglyPredict):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::dataFormatToString):
(JSC::DFG::needDataFormatConversion):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::predictions):
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::predictGlobalVar):
(JSC::DFG::Graph::getPrediction):
(JSC::DFG::Graph::getGlobalVarPrediction):
(JSC::DFG::Graph::isBooleanConstant):
(JSC::DFG::Graph::valueOfBooleanConstant):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillInteger):
(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::isKnownNotInteger):
(JSC::DFG::JITCodeGenerator::isKnownBoolean):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
(JSC::DFG::JITCodeGenerator::emitBranch):
(JSC::DFG::JITCodeGenerator::speculationCheck):
(JSC::DFG::GPRTemporary::GPRTemporary):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::isBooleanConstant):
(JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::debugCall):
(JSC::DFG::JITCompiler::isBooleanConstant):
(JSC::DFG::JITCompiler::valueOfBooleanConstant):
* dfg/DFGNode.h:
(JSC::DFG::isBooleanPrediction):
(JSC::DFG::predictionToString):
(JSC::DFG::mergePredictions):
(JSC::DFG::makePrediction):
(JSC::DFG::Node::isBooleanConstant):
(JSC::DFG::Node::valueOfBooleanConstant):
(JSC::DFG::Node::hasBooleanResult):
(JSC::DFG::Node::hasNumericResult):
(JSC::DFG::Node::predict):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionTracker.h: Added.
(JSC::DFG::operandIsArgument):
(JSC::DFG::PredictionSlot::PredictionSlot):
(JSC::DFG::PredictionTracker::PredictionTracker):
(JSC::DFG::PredictionTracker::initializeSimilarTo):
(JSC::DFG::PredictionTracker::numberOfArguments):
(JSC::DFG::PredictionTracker::numberOfVariables):
(JSC::DFG::PredictionTracker::argumentIndexForOperand):
(JSC::DFG::PredictionTracker::predictArgument):
(JSC::DFG::PredictionTracker::predict):
(JSC::DFG::PredictionTracker::predictGlobalVar):
(JSC::DFG::PredictionTracker::getArgumentPrediction):
(JSC::DFG::PredictionTracker::getPrediction):
(JSC::DFG::PredictionTracker::getGlobalVarPrediction):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::setPrediction):
(JSC::DFG::Propagator::mergeUse):
(JSC::DFG::Propagator::mergePrediction):
(JSC::DFG::Propagator::propagateNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
(JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
(JSC::DFG::SpeculateBooleanOperand::index):
(JSC::DFG::SpeculateBooleanOperand::gpr):
(JSC::DFG::SpeculateBooleanOperand::use):
* runtime/JSGlobalData.h:
* runtime/JSValue.cpp:
(JSC::JSValue::description):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94629 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67420

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-09-06
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::create):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::JSCallbackFunction):
(JSC::JSCallbackFunction::finishCreation):
* API/JSCallbackFunction.h:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::create):
* jsc.cpp:
(GlobalObject::finishCreation):
(GlobalObject::GlobalObject):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::ArrayConstructor):
(JSC::ArrayConstructor::finishCreation):
* runtime/ArrayConstructor.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::create):
* runtime/BooleanConstructor.cpp:
(JSC::BooleanConstructor::BooleanConstructor):
(JSC::BooleanConstructor::finishCreation):
* runtime/BooleanConstructor.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
* runtime/BooleanObject.h:
(JSC::BooleanObject::create):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::BooleanPrototype):
(JSC::BooleanPrototype::finishCreation):
* runtime/BooleanPrototype.h:
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::DateConstructor):
(JSC::DateConstructor::finishCreation):
* runtime/DateConstructor.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
* runtime/DateInstance.h:
(JSC::DateInstance::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::DatePrototype):
(JSC::DatePrototype::finishCreation):
* runtime/DatePrototype.h:
* runtime/Error.cpp:
(JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::ErrorConstructor):
(JSC::ErrorConstructor::finishCreation):
* runtime/ErrorConstructor.h:
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::FunctionConstructor):
(JSC::FunctionConstructor::finishCreation):
* runtime/FunctionConstructor.h:
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::FunctionPrototype):
(JSC::FunctionPrototype::finishCreation):
* runtime/FunctionPrototype.h:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSString.cpp:
(JSC::StringObject::create):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
* runtime/MathObject.h:
(JSC::MathObject::create):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::finishCreation):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::finishCreation):
* runtime/NativeErrorPrototype.h:
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::NumberConstructor):
(JSC::NumberConstructor::finishCreation):
* runtime/NumberConstructor.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
* runtime/NumberObject.h:
(JSC::NumberObject::create):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::NumberPrototype):
(JSC::NumberPrototype::finishCreation):
* runtime/NumberPrototype.h:
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::ObjectConstructor):
(JSC::ObjectConstructor::finishCreation):
* runtime/ObjectConstructor.h:
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::RegExpConstructor):
(JSC::RegExpConstructor::finishCreation):
(JSC::RegExpMatchesArray::RegExpMatchesArray):
* runtime/RegExpConstructor.h:
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::create):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
* runtime/RegExpObject.h:
(JSC::RegExpObject::create):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::RegExpPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::StringConstructor):
(JSC::StringConstructor::finishCreation):
* runtime/StringConstructor.h:
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
* runtime/StringObject.h:
(JSC::StringObject::create):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
(JSC::StringPrototype::finishCreation):
* runtime/StringPrototype.h:

Source/JavaScriptGlue:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* JSRun.cpp:
(JSGlueGlobalObject::JSGlueGlobalObject):

Source/WebCore:

No new tests.

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* WebCore.exp.in:
* bindings/js/JSDOMBinding.h:
(WebCore::DOMConstructorObject::DOMConstructorObject):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
(WebCore::JSDOMGlobalObject::finishCreation):
* bindings/js/JSDOMGlobalObject.h:
* bindings/js/JSDOMWindowShell.cpp:
* bindings/js/JSDOMWindowShell.h:
(WebCore::JSDOMWindowShell::create):
* bindings/js/JSDOMWrapper.h:
(WebCore::JSDOMWrapper::JSDOMWrapper):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::JSTestInterface):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObj::JSTestObj):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface):
* bridge/c/CRuntimeObject.cpp:
(JSC::Bindings::CRuntimeObject::CRuntimeObject):
(JSC::Bindings::CRuntimeObject::finishCreation):
* bridge/c/CRuntimeObject.h:
* bridge/jni/jsc/JavaRuntimeObject.cpp:
(JSC::Bindings::JavaRuntimeObject::JavaRuntimeObject):
(JSC::Bindings::JavaRuntimeObject::finishCreation):
* bridge/jni/jsc/JavaRuntimeObject.h:
* bridge/objc/ObjCRuntimeObject.h:
* bridge/objc/ObjCRuntimeObject.mm:
(JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):
(JSC::Bindings::ObjCRuntimeObject::finishCreation):
* bridge/objc/objc_runtime.h:
(JSC::Bindings::ObjcFallbackObjectImp::create):
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
* bridge/qt/qt_instance.cpp:
(JSC::Bindings::QtRuntimeObject::QtRuntimeObject):
* bridge/qt/qt_pixmapruntime.cpp:
(JSC::Bindings::QtPixmapRuntimeObject::QtPixmapRuntimeObject):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::QtRuntimeMethod::QtRuntimeMethod):
(JSC::Bindings::QtRuntimeMethod::finishCreation):
* bridge/qt/qt_runtime.h:
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::RuntimeArray):
* bridge/runtime_array.h:
(JSC::RuntimeArray::create):
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::RuntimeMethod):
(JSC::RuntimeMethod::finishCreation):
* bridge/runtime_method.h:
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::RuntimeObject):
* bridge/runtime_object.h:
(JSC::Bindings::RuntimeObject::create):

Source/WebKit/mac:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* Plugins/Hosted/ProxyRuntimeObject.h:
* Plugins/Hosted/ProxyRuntimeObject.mm:
(WebKit::ProxyRuntimeObject::ProxyRuntimeObject):
(WebKit::ProxyRuntimeObject::finishCreation):

Source/WebKit2:

Completed the fifth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* WebProcess/Plugins/Netscape/JSNPMethod.cpp:
(WebKit::JSNPMethod::JSNPMethod):
(WebKit::JSNPMethod::finishCreation):
* WebProcess/Plugins/Netscape/JSNPMethod.h:
(WebKit::JSNPMethod::create):
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::JSNPObject):
* WebProcess/Plugins/Netscape/JSNPObject.h:
(WebKit::JSNPObject::create):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94627 268f45cc-cd09-0410-ab3c-d52691b4dbfc

        
Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
new out-of-line JIT-specific method definitions with !ENABLE(JIT).

* bytecode/CodeBlock.cpp:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94616 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67624

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

Add a reference to a GlobalObject to Structure, and update all calls to
Structure::create() to pass the global object that is the origin for that
structure.  For objects where the appropriate global object isn't available
at construction time (global object prototypes, etc), or objects that
logically don't have a global object (strings, etc) we just pass null.

This change is largely mechanical (passing a new globalObject parameter
around).

* API/JSCallbackConstructor.h:
(JSC::JSCallbackConstructor::createStructure):
* API/JSCallbackFunction.h:
(JSC::JSCallbackFunction::createStructure):
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::createStructure):
* API/JSContextRef.cpp:
* JavaScriptCore.exp:
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::createStructure):
* runtime/Arguments.h:
(JSC::Arguments::createStructure):
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::createStructure):
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/BooleanObject.h:
(JSC::BooleanObject::createStructure):
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::createStructure):
* runtime/DateConstructor.h:
(JSC::DateConstructor::createStructure):
* runtime/DateInstance.h:
(JSC::DateInstance::createStructure):
* runtime/DatePrototype.h:
(JSC::DatePrototype::createStructure):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::createStructure):
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::createStructure):
* runtime/Executable.h:
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):
(JSC::EvalExecutable::createStructure):
(JSC::ProgramExecutable::createStructure):
(JSC::FunctionExecutable::createStructure):
* runtime/FunctionPrototype.h:
(JSC::FunctionPrototype::createStructure):
* runtime/GetterSetter.h:
(JSC::GetterSetter::createStructure):
* runtime/InternalFunction.h:
(JSC::InternalFunction::createStructure):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::createStructure):
* runtime/JSActivation.h:
(JSC::JSActivation::createStructure):
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::createStructure):
* runtime/JSByteArray.h:
* runtime/JSFunction.h:
(JSC::JSFunction::createStructure):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::finishCreation):
(JSC::JSGlobalObject::createStructure):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::createStructure):
* runtime/JSONObject.h:
(JSC::JSONObject::createStructure):
* runtime/JSObject.cpp:
(JSC::JSObject::createInheritorID):
* runtime/JSObject.h:
(JSC::JSObject::createStructure):
(JSC::JSNonFinalObject::createStructure):
(JSC::JSFinalObject::createStructure):
(JSC::createEmptyObjectStructure):
* runtime/JSObjectWithGlobalObject.h:
(JSC::JSObjectWithGlobalObject::createStructure):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::createStructure):
* runtime/JSString.h:
(JSC::RopeBuilder::createStructure):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::createStructure):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::createStructure):
* runtime/MathObject.h:
(JSC::MathObject::createStructure):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::createStructure):
(JSC::NativeErrorConstructor::constructorBody):
* runtime/NumberConstructor.h:
(JSC::NumberConstructor::createStructure):
* runtime/NumberObject.h:
(JSC::NumberObject::createStructure):
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::createStructure):
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::createStructure):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::createStructure):
* runtime/RegExp.h:
(JSC::RegExp::createStructure):
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::createStructure):
* runtime/RegExpObject.h:
(JSC::RegExpObject::createStructure):
* runtime/RegExpPrototype.h:
(JSC::RegExpPrototype::createStructure):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::createStructure):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::createStructure):
* runtime/StringConstructor.h:
(JSC::StringConstructor::createStructure):
* runtime/StringObject.h:
(JSC::StringObject::createStructure):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::create):
(JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
* runtime/StringPrototype.h:
(JSC::StringPrototype::createStructure):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::visitChildren):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::globalObject):
(JSC::Structure::setGlobalObject):
* runtime/StructureChain.h:
(JSC::StructureChain::createStructure):

Source/JavaScriptGlue:

Update for Structure::create() requiring a global object.

* JSRun.h:
(JSGlueGlobalObject::create):
* UserObjectImp.h:
(UserObjectImp::createStructure):

Source/WebCore:

Update calls to Structure::create() to pass the globalObject in,
and update the CodeGenerator to generate appropriate createStructure
methods.

* bindings/js/JSAudioConstructor.h:
(WebCore::JSAudioConstructor::createStructure):
* bindings/js/JSDOMBinding.h:
(WebCore::DOMConstructorObject::createStructure):
(WebCore::getDOMStructure):
* bindings/js/JSDOMGlobalObject.h:
(WebCore::JSDOMGlobalObject::createStructure):
(WebCore::getDOMConstructor):
* bindings/js/JSDOMWindowBase.h:
(WebCore::JSDOMWindowBase::createStructure):
* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::setWindow):
* bindings/js/JSDOMWindowShell.h:
(WebCore::JSDOMWindowShell::createStructure):
* bindings/js/JSDOMWrapper.h:
(WebCore::JSDOMWrapper::createStructure):
* bindings/js/JSImageConstructor.h:
(WebCore::JSImageConstructor::createStructure):
* bindings/js/JSImageDataCustom.cpp:
(WebCore::toJS):
* bindings/js/JSOptionConstructor.h:
(WebCore::JSOptionConstructor::createStructure):
* bindings/js/JSWorkerContextBase.h:
(WebCore::JSWorkerContextBase::createStructure):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::initScript):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GenerateConstructorDeclaration):
* bridge/c/CRuntimeObject.h:
(JSC::Bindings::CRuntimeObject::createStructure):
* bridge/c/c_instance.cpp:
(JSC::Bindings::CRuntimeMethod::createStructure):
* bridge/jni/jsc/JavaInstanceJSC.cpp:
(JavaRuntimeMethod::createStructure):
* bridge/jni/jsc/JavaRuntimeObject.h:
(JSC::Bindings::JavaRuntimeObject::createStructure):
* bridge/objc/ObjCRuntimeObject.h:
(JSC::Bindings::ObjCRuntimeObject::createStructure):
* bridge/objc/objc_instance.mm:
(ObjCRuntimeMethod::createStructure):
* bridge/objc/objc_runtime.h:
(JSC::Bindings::ObjcFallbackObjectImp::createStructure):
* bridge/runtime_array.h:
(JSC::RuntimeArray::createStructure):
* bridge/runtime_method.h:
(JSC::RuntimeMethod::createStructure):
* bridge/runtime_object.h:
(JSC::Bindings::RuntimeObject::createStructure):

Source/WebKit/mac:

Update for new Structure::create() globalObject parameter.

* Plugins/Hosted/ProxyInstance.mm:
(WebKit::ProxyRuntimeMethod::createStructure):
* Plugins/Hosted/ProxyRuntimeObject.h:
(WebKit::ProxyRuntimeObject::createStructure):

Source/WebKit2:

Update for new Structure::create globalObject parameter.

* WebProcess/Plugins/Netscape/JSNPMethod.cpp:
(WebKit::JSNPMethod::create):
* WebProcess/Plugins/Netscape/JSNPMethod.h:
(WebKit::JSNPMethod::createStructure):
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::create):
* WebProcess/Plugins/Netscape/JSNPObject.h:
(WebKit::JSNPObject::createStructure):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94599 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67176

Reviewed by Gavin Barraclough.

This adds the ability to have multiple CodeBlocks associated with
a particular role in an Executable.  These are stored in
descending order of compiler tier.  CodeBlocks are optimized when
a counter (m_executeCounter) that is incremented in loops and
epilogues becomes positive.  Optimizing means that all calls to
the old CodeBlock are unlinked.

The DFG can now pull in predictions from ValueProfiles, and
propagate them along the graph.  To support the new phase while
maintaing some level of abstraction, a DFGDriver was introduced
that encapsulates how to run the DFG compiler.

This is turned off by default because it's not yet a performance
win on all benchmarks.  It speeds up crypto and richards by
10% and 6% respectively, but still does not do as good of a job
as it could.  Notably, the DFG backend has not changed, and
is largely oblivious to the new information being made available
to it.

When turned off (the default), this patch is performance neutral.

* CMakeLists.txt:
* GNUmakefile.am:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::branchAdd32):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::branchAdd32):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CallLinkInfo::unlink):
(JSC::CodeBlock::unlinkCalls):
(JSC::CodeBlock::unlinkIncomingCalls):
(JSC::CodeBlock::clearEvalCache):
(JSC::replaceExistingEntries):
(JSC::CodeBlock::copyDataFromAlternative):
(JSC::ProgramCodeBlock::replacement):
(JSC::EvalCodeBlock::replacement):
(JSC::FunctionCodeBlock::replacement):
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::compileOptimized):
* bytecode/CodeBlock.h:
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ProgramCodeBlock::ProgramCodeBlock):
(JSC::EvalCodeBlock::EvalCodeBlock):
(JSC::FunctionCodeBlock::FunctionCodeBlock):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::dump):
(JSC::ValueProfile::computeStatistics):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* bytecompiler/BytecodeGenerator.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::dynamicallyPredict):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::parse):
* dfg/DFGDriver.cpp: Added.
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGDriver.h: Added.
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::predict):
(JSC::DFG::Graph::predictGlobalVar):
(JSC::DFG::Graph::isConstant):
(JSC::DFG::Graph::isJSConstant):
(JSC::DFG::Graph::isInt32Constant):
(JSC::DFG::Graph::isDoubleConstant):
(JSC::DFG::Graph::valueOfJSConstant):
(JSC::DFG::Graph::valueOfInt32Constant):
(JSC::DFG::Graph::valueOfDoubleConstant):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::isConstant):
(JSC::DFG::JITCompiler::isJSConstant):
(JSC::DFG::JITCompiler::isInt32Constant):
(JSC::DFG::JITCompiler::isDoubleConstant):
(JSC::DFG::JITCompiler::valueOfJSConstant):
(JSC::DFG::JITCompiler::valueOfInt32Constant):
(JSC::DFG::JITCompiler::valueOfDoubleConstant):
* dfg/DFGNode.h:
(JSC::DFG::isCellPrediction):
(JSC::DFG::isNumberPrediction):
(JSC::DFG::predictionToString):
(JSC::DFG::mergePrediction):
(JSC::DFG::makePrediction):
(JSC::DFG::Node::valueOfJSConstant):
(JSC::DFG::Node::isInt32Constant):
(JSC::DFG::Node::isDoubleConstant):
(JSC::DFG::Node::valueOfInt32Constant):
(JSC::DFG::Node::valueOfDoubleConstant):
(JSC::DFG::Node::predict):
* dfg/DFGPropagation.cpp: Added.
(JSC::DFG::Propagator::Propagator):
(JSC::DFG::Propagator::fixpoint):
(JSC::DFG::Propagator::setPrediction):
(JSC::DFG::Propagator::mergePrediction):
(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::propagateForward):
(JSC::DFG::Propagator::propagateBackward):
(JSC::DFG::propagate):
* dfg/DFGPropagation.h: Added.
(JSC::DFG::propagate):
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor):
* heap/HandleHeap.h:
(JSC::HandleHeap::Node::Node):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
(JSC::JIT::emitTimeoutCheck):
(JSC::JIT::privateCompile):
(JSC::JIT::linkFor):
* jit/JIT.h:
(JSC::JIT::emitOptimizationCheck):
* jit/JITCall32_64.cpp:
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_ret_object_or_this):
* jit/JITCode.h:
(JSC::JITCode::JITCode):
(JSC::JITCode::bottomTierJIT):
(JSC::JITCode::topTierJIT):
(JSC::JITCode::nextTierJIT):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_ret_object_or_this):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileOptimized):
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileOptimized):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::EvalExecutable::compile):
(JSC::ProgramExecutable::compile):
(JSC::FunctionExecutable::compileForCall):
(JSC::FunctionExecutable::compileForConstruct):
(JSC::FunctionExecutable::compileOptimizedFor):
* wtf/Platform.h:
* wtf/SentinelLinkedList.h:
(WTF::BasicRawSentinelNode::BasicRawSentinelNode):
(WTF::BasicRawSentinelNode::setPrev):
(WTF::BasicRawSentinelNode::setNext):
(WTF::BasicRawSentinelNode::prev):
(WTF::BasicRawSentinelNode::next):
(WTF::BasicRawSentinelNode::isOnList):
(WTF::::remove):
(WTF::::SentinelLinkedList):
(WTF::::begin):
(WTF::::end):
(WTF::::push):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94559 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/94445
http://trac.webkit.org/changeset/94448
https://bugs.webkit.org/show_bug.cgi?id=67595

It broke everything (Requested by ossy on #webkit).

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-09-05

* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* heap/Heap.cpp:
(JSC::Heap::collect):
* heap/Heap.h:
* heap/NewSpace.cpp:
(JSC::NewSpace::NewSpace):
* heap/NewSpace.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSC::JSObject::~JSObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::transitionTo):
(JSC::JSObject::visitChildrenDirect):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94522 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67562

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-09-04
Reviewed by Darin Adler.

Fixing the build (again which was broken by the dtoa patch.  Needed
to make sure WTF::double_conversion::initialize() is called for Qt
as well as adding a check for WinCE in dtoa/utils.h

* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* wtf/dtoa/cached-powers.cc:
* wtf/dtoa/utils.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94514 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67342

In preparation to allowing StringImpl to be backed by 8 bit 
characters when appropriate, we need to eliminate or change the
usage of StringImpl::characters(). Change the uses of characters()
that are used to implement redundant equals() methods.

Reviewed by Gavin Barraclough.

* runtime/Identifier.cpp:
(JSC::Identifier::equal):
* runtime/Identifier.h:
(JSC::Identifier::equal):
* wtf/text/AtomicString.cpp:
(WTF::CStringTranslator::equal): Moved an optimized method to here.
(WTF::operator==):
* wtf/text/StringImpl.cpp:
(WTF::equal):
* wtf/text/StringImpl.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67519

Add a data generator for regular expressions.  To enable, change the
#undef REGEXP_FUNC_TEST_DATA_GEN to #define.  Then compile and use
regular expressions.  The resulting data will be in /tmp/RegExpTestsData.

Reviewed by Gavin Barraclough.

* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExpFunctionalTestCollector::get):
(JSC::RegExpFunctionalTestCollector::outputOneTest):
(JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
(JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
(JSC::RegExpFunctionalTestCollector::outputEscapedUString):
(JSC::RegExp::~RegExp):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::matchCompareWithInterpreter):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94468 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66346

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-09-02
Reviewed by Oliver Hunt.

Source/JavaScriptCore:

Added new dtoa library at http://code.google.com/p/double-conversion/.
Replaced old call to dtoa.  The new library is much faster than the old one.
We still use the old dtoa for some stuff in WebCore as well as the old strtod,
but we can phase these out eventually as well.

* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/InitializeThreading.cpp:
* runtime/NumberPrototype.cpp:
(JSC::numberProtoFuncToExponential):
(JSC::numberProtoFuncToFixed):
(JSC::numberProtoFuncToPrecision):
* runtime/UString.cpp:
(JSC::UString::number):
* wtf/CMakeLists.txt:
* wtf/ThreadingPthreads.cpp:
(WTF::initializeThreading):
* wtf/ThreadingWin.cpp:
(WTF::initializeThreading):
* wtf/dtoa.cpp:
(WTF::dtoa):
* wtf/dtoa.h:
* wtf/dtoa/COPYING: Added.
* wtf/dtoa/LICENSE: Added.
* wtf/dtoa/README: Added.
* wtf/dtoa/bignum-dtoa.cc: Added.
* wtf/dtoa/bignum-dtoa.h: Added.
* wtf/dtoa/bignum.cc: Added.
* wtf/dtoa/bignum.h: Added.
(WTF::double_conversion::Bignum::Times10):
(WTF::double_conversion::Bignum::Equal):
(WTF::double_conversion::Bignum::LessEqual):
(WTF::double_conversion::Bignum::Less):
(WTF::double_conversion::Bignum::PlusEqual):
(WTF::double_conversion::Bignum::PlusLessEqual):
(WTF::double_conversion::Bignum::PlusLess):
(WTF::double_conversion::Bignum::EnsureCapacity):
(WTF::double_conversion::Bignum::BigitLength):
* wtf/dtoa/cached-powers.cc: Added.
* wtf/dtoa/cached-powers.h: Added.
* wtf/dtoa/diy-fp.cc: Added.
* wtf/dtoa/diy-fp.h: Added.
(WTF::double_conversion::DiyFp::DiyFp):
(WTF::double_conversion::DiyFp::Subtract):
(WTF::double_conversion::DiyFp::Minus):
(WTF::double_conversion::DiyFp::Times):
(WTF::double_conversion::DiyFp::Normalize):
(WTF::double_conversion::DiyFp::f):
(WTF::double_conversion::DiyFp::e):
(WTF::double_conversion::DiyFp::set_f):
(WTF::double_conversion::DiyFp::set_e):
* wtf/dtoa/double-conversion.cc: Added.
* wtf/dtoa/double-conversion.h: Added.
(WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
(WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
* wtf/dtoa/double.h: Added.
(WTF::double_conversion::double_to_uint64):
(WTF::double_conversion::uint64_to_double):
(WTF::double_conversion::Double::Double):
(WTF::double_conversion::Double::AsDiyFp):
(WTF::double_conversion::Double::AsNormalizedDiyFp):
(WTF::double_conversion::Double::AsUint64):
(WTF::double_conversion::Double::NextDouble):
(WTF::double_conversion::Double::Exponent):
(WTF::double_conversion::Double::Significand):
(WTF::double_conversion::Double::IsDenormal):
(WTF::double_conversion::Double::IsSpecial):
(WTF::double_conversion::Double::IsNan):
(WTF::double_conversion::Double::IsInfinite):
(WTF::double_conversion::Double::Sign):
(WTF::double_conversion::Double::UpperBoundary):
(WTF::double_conversion::Double::NormalizedBoundaries):
(WTF::double_conversion::Double::value):
(WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
(WTF::double_conversion::Double::Infinity):
(WTF::double_conversion::Double::NaN):
(WTF::double_conversion::Double::DiyFpToUint64):
* wtf/dtoa/fast-dtoa.cc: Added.
* wtf/dtoa/fast-dtoa.h: Added.
* wtf/dtoa/fixed-dtoa.cc: Added.
* wtf/dtoa/fixed-dtoa.h: Added.
* wtf/dtoa/strtod.cc: Added.
* wtf/dtoa/strtod.h: Added.
* wtf/dtoa/utils.h: Added.
(WTF::double_conversion::Max):
(WTF::double_conversion::Min):
(WTF::double_conversion::StrLength):
(WTF::double_conversion::Vector::Vector):
(WTF::double_conversion::Vector::SubVector):
(WTF::double_conversion::Vector::length):
(WTF::double_conversion::Vector::is_empty):
(WTF::double_conversion::Vector::start):
(WTF::double_conversion::Vector::operator[]):
(WTF::double_conversion::Vector::first):
(WTF::double_conversion::Vector::last):
(WTF::double_conversion::StringBuilder::StringBuilder):
(WTF::double_conversion::StringBuilder::~StringBuilder):
(WTF::double_conversion::StringBuilder::size):
(WTF::double_conversion::StringBuilder::position):
(WTF::double_conversion::StringBuilder::Reset):
(WTF::double_conversion::StringBuilder::AddCharacter):
(WTF::double_conversion::StringBuilder::AddString):
(WTF::double_conversion::StringBuilder::AddSubstring):
(WTF::double_conversion::StringBuilder::AddPadding):
(WTF::double_conversion::StringBuilder::Finalize):
(WTF::double_conversion::StringBuilder::is_finalized):
(WTF::double_conversion::BitCast):
* wtf/wtf.pri:

Source/WebCore:

No new tests.

Added new dtoa library at http://code.google.com/p/double-conversion/.
Replaced old call to dtoa.  The new library is much faster than the old one.
We still use the old dtoa for some stuff in WebCore as well as the old strtod,
but we can phase these out eventually as well.

* ForwardingHeaders/wtf/dtoa/double-conversion.h: Added.
* WebCore.vcproj/copyForwardingHeaders.cmd:
* css/CSSPrimitiveValue.cpp:
(WebCore::formatNumber):
* html/parser/HTMLParserIdioms.cpp:
(WebCore::serializeForNumberType):
* inspector/InspectorValues.cpp:
(WebCore::InspectorBasicValue::writeJSON):
* platform/graphics/Color.cpp:
(WebCore::Color::serialized):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94452 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67494

Reviewed by Gavin Barraclough.

Switch to a bump allocator for the initial out of line
property storage.  This gives us slightly faster allocation
for short lived objects that need out of line storage at
the cost of an additional memcpy when the object survives
a GC pass.

No performance impact.

* JavaScriptCore.exp:
* heap/Heap.cpp:
(JSC::Heap::collect):
* heap/Heap.h:
(JSC::Heap::allocatePropertyStorage):
(JSC::Heap::inPropertyStorageNursary):
* heap/NewSpace.cpp:
(JSC::NewSpace::NewSpace):
* heap/NewSpace.h:
(JSC::NewSpace::resetPropertyStorageNursary):
(JSC::NewSpace::allocatePropertyStorage):
(JSC::NewSpace::inPropertyStorageNursary):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::allocatePropertyStorage):
* runtime/JSObject.h:
(JSC::JSObject::~JSObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
(JSC::JSObject::putDirectFunctionWithoutTransition):
(JSC::JSObject::transitionTo):
(JSC::JSObject::visitChildrenDirect):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94445 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67174

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-09-01
Reviewed by Oliver Hunt.

Source/JavaScriptCore:

Completed the fourth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
(JSC::JSCallbackConstructor::finishCreation):
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.h:
(JSC::JSCallbackObject::create):
* API/JSCallbackObjectFunctions.h:
(JSC::::JSCallbackObject):
(JSC::::finishCreation):
* JavaScriptCore.JSVALUE64only.exp:
* JavaScriptCore.exp:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::DebuggerActivation):
(JSC::DebuggerActivation::create):
* debugger/DebuggerActivation.h:
* runtime/Arguments.h:
(JSC::Arguments::create):
(JSC::Arguments::createNoParameters):
(JSC::Arguments::Arguments):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::ArrayPrototype):
(JSC::ArrayPrototype::finishCreation):
* runtime/ArrayPrototype.h:
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::BooleanObject):
(JSC::BooleanObject::finishCreation):
* runtime/BooleanObject.h:
* runtime/DateInstance.cpp:
(JSC::DateInstance::DateInstance):
(JSC::DateInstance::finishCreation):
* runtime/DateInstance.h:
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::create):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::ErrorPrototype):
(JSC::ErrorPrototype::finishCreation):
* runtime/ErrorPrototype.h:
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::InterruptedExecutionError::create):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
(JSC::TerminatedExecutionError::create):
* runtime/Executable.cpp:
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):
* runtime/Executable.h:
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::NativeExecutable):
(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::create):
(JSC::FunctionExecutable::create):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
(JSC::InternalFunction::finishCreation):
* runtime/InternalFunction.h:
* runtime/JSActivation.cpp:
(JSC::JSActivation::JSActivation):
(JSC::JSActivation::finishCreation):
* runtime/JSActivation.h:
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
* runtime/JSArray.h:
(JSC::JSArray::create):
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::JSByteArray):
* runtime/JSByteArray.h:
(JSC::JSByteArray::create):
* runtime/JSFunction.cpp:
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::finishCreation):
* runtime/JSFunction.h:
(JSC::JSFunction::create):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::finishCreation):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::JSNotAnObject):
(JSC::JSNotAnObject::create):
* runtime/JSONObject.cpp:
(JSC::JSONObject::JSONObject):
(JSC::JSONObject::finishCreation):
* runtime/JSONObject.h:
* runtime/JSObjectWithGlobalObject.cpp:
(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
* runtime/JSObjectWithGlobalObject.h:
* runtime/JSStaticScopeObject.h:
(JSC::JSStaticScopeObject::create):
(JSC::JSStaticScopeObject::finishCreation):
(JSC::JSStaticScopeObject::JSStaticScopeObject):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::JSVariableObject):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::JSWrapperObject):
* runtime/MathObject.cpp:
(JSC::MathObject::MathObject):
(JSC::MathObject::finishCreation):
* runtime/MathObject.h:
* runtime/NumberObject.cpp:
(JSC::NumberObject::NumberObject):
(JSC::NumberObject::finishCreation):
* runtime/NumberObject.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
* runtime/ObjectPrototype.h:
(JSC::ObjectPrototype::create):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpMatchesArray::RegExpMatchesArray):
(JSC::RegExpMatchesArray::finishCreation):
* runtime/RegExpMatchesArray.h:
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::RegExpObject):
(JSC::RegExpObject::finishCreation):
* runtime/RegExpObject.h:
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::StrictEvalActivation):
* runtime/StrictEvalActivation.h:
(JSC::StrictEvalActivation::create):
* runtime/StringObject.cpp:
(JSC::StringObject::StringObject):
(JSC::StringObject::finishCreation):
* runtime/StringObject.h:

Source/JavaScriptGlue:

Completed the fourth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* UserObjectImp.cpp:
(UserObjectImp::UserObjectImp):
* UserObjectImp.h:
(UserObjectImp::create):

Source/WebCore:

No new tests.

Completed the fourth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::JSDOMWindowShell):
(WebCore::JSDOMWindowShell::create):
* bindings/js/JSDOMWindowShell.h:
* bindings/js/JSDOMWrapper.h:
(WebCore::JSDOMWrapper::JSDOMWrapper):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::createWindowShell):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
* bindings/scripts/test/JS/JSTestInterface.h:
(WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
(WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
* bindings/scripts/test/JS/JSTestObj.h:
(WebCore::JSTestObjPrototype::JSTestObjPrototype):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
(WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
* bridge/objc/objc_runtime.h:
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
(JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::RuntimeArray):
(JSC::RuntimeArray::finishCreation):
* bridge/runtime_array.h:
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::RuntimeObject):
(JSC::Bindings::RuntimeObject::finishCreation):
* bridge/runtime_object.h:

Source/WebKit2:

Completed the fourth level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::JSNPObject):
(WebKit::JSNPObject::finishCreation):
* WebProcess/Plugins/Netscape/JSNPObject.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67340

In preparation to allowing StringImpl to be backed by 8 bit 
characters when appropriate, we need to eliminate or change the
usage of StringImpl::characters().  Most of the changes below
change s->characters()[0] to s[0].

Reviewed by Geoffrey Garen.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::keyForCharacterSwitch):
* bytecompiler/NodesCodegen.cpp:
(JSC::processClauseList):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Identifier.cpp:
(JSC::Identifier::addSlowCase):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::jsToNumber):
(JSC::parseFloat):
* runtime/JSString.cpp:
(JSC::JSString::substringFromRope):
* runtime/JSString.h:
(JSC::jsSingleCharacterSubstring):
(JSC::jsString):
(JSC::jsSubstring):
(JSC::jsOwnedString):
* runtime/RegExp.cpp:
(JSC::regExpFlags):
* wtf/text/StringBuilder.h:
(WTF::StringBuilder::operator[]):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94336 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67178

Reviewed by Gavin Barraclough.

../../../../Volumes/Data/git/WebKit/OpenSource/LayoutTests:

Add test to ensure that we create a non-signalling nan when reading
a singaling nan from a typed array.

* fast/canvas/webgl/webgl-array-invalid-ranges-expected.txt:
* fast/canvas/webgl/webgl-array-invalid-ranges.html:

../../../../Volumes/Data/git/WebKit/OpenSource/Source/JavaScriptCore:

Add a couple of assertions to jsNumber() to ensure that
we block signaling NaNs

* runtime/JSValue.h:
(JSC::jsDoubleNumber):
(JSC::jsNumber):

../../../../Volumes/Data/git/WebKit/OpenSource/Source/WebCore:

Ensure that we convert singaling nans to silent nans when loading
from a typed array.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94095 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67064

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-08-29
Reviewed by Darin Adler.

Source/JavaScriptCore:

Completed the third level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* debugger/DebuggerActivation.cpp:
(JSC::DebuggerActivation::DebuggerActivation):
(JSC::DebuggerActivation::finishCreation):
* debugger/DebuggerActivation.h:
(JSC::DebuggerActivation::create):
* runtime/Arguments.h:
(JSC::Arguments::create):
(JSC::Arguments::createNoParameters):
(JSC::Arguments::Arguments):
(JSC::Arguments::finishCreation):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::ErrorInstance):
* runtime/ErrorInstance.h:
(JSC::ErrorInstance::finishCreation):
* runtime/ExceptionHelpers.cpp:
(JSC::InterruptedExecutionError::InterruptedExecutionError):
(JSC::TerminatedExecutionError::TerminatedExecutionError):
* runtime/Executable.cpp:
(JSC::EvalExecutable::EvalExecutable):
(JSC::ProgramExecutable::ProgramExecutable):
(JSC::FunctionExecutable::FunctionExecutable):
Moved the assignment of m_firstLine and m_lastLine into the
FunctionExecutable::finishCreation() method in Executable.h
* runtime/Executable.h:
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::EvalExecutable::create):
(JSC::ProgramExecutable::create):
(JSC::FunctionExecutable::create):
(JSC::FunctionExecutable::finishCreation):
* runtime/JSArray.cpp:
(JSC::JSArray::JSArray):
(JSC::JSArray::finishCreation):
* runtime/JSArray.h:
* runtime/JSByteArray.cpp:
(JSC::JSByteArray::JSByteArray):
* runtime/JSByteArray.h:
(JSC::JSByteArray::finishCreation):
* runtime/JSNotAnObject.h:
(JSC::JSNotAnObject::JSNotAnObject):
* runtime/JSObject.h:
(JSC::JSNonFinalObject::JSNonFinalObject):
* runtime/JSObjectWithGlobalObject.cpp:
(JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
(JSC::JSObjectWithGlobalObject::finishCreation):
* runtime/JSObjectWithGlobalObject.h:
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::JSVariableObject):
(JSC::JSVariableObject::finishCreation):
* runtime/JSWrapperObject.h:
(JSC::JSWrapperObject::JSWrapperObject):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::ObjectPrototype):
(JSC::ObjectPrototype::finishCreation):
* runtime/ObjectPrototype.h:
* runtime/StrictEvalActivation.cpp:
(JSC::StrictEvalActivation::StrictEvalActivation):

Source/JavaScriptGlue:

Completed the third level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* UserObjectImp.cpp:
(UserObjectImp::UserObjectImp):

Source/WebCore:

No new tests.

Completed the third level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

This primarily consists of pushing the calls to finishCreation() down
into the constructors of the subclasses of the second level of the hierarchy
as well as pulling the finishCreation() calls out into the class's corresponding
create() method if it has one.  Doing both simultaneously allows us to
maintain the invariant that the finishCreation() method chain is called exactly
once during the creation of an object, since calling it any other number of
times (0, 2, or more) will cause an assertion failure.

* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::JSDOMWindowShell):
(WebCore::JSDOMWindowShell::finishCreation):
* bindings/js/JSDOMWindowShell.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94035 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67133

Reviewed by Darin Adler.

Source/JavaScriptCore: 

Add a minimum table size to the HashTraits, instead of having it hard coded.
The default value remains at 64, but can now be specialized.

* runtime/StructureTransitionTable.h:
* wtf/HashTable.h:
(WTF::HashTable::shouldShrink):
(WTF::::expand):
(WTF::::checkTableConsistencyExceptSize):
* wtf/HashTraits.h:

Source/WebCore: 

Specialize the HashMap used to store registered listeners on an EventTarget
to have a minimum size of 32 (rather than the default 64.)
It's very rare for pages to register listeners for so many different events
and this cuts memory consumption in half for the common case.

As an example, for a typical post on the reddit.com front page,
this reduces memory used by ~700kB on 64-bit.

* dom/EventTarget.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93990 268f45cc-cd09-0410-ab3c-d52691b4dbfc

and destructors for releasing memory
https://bugs.webkit.org/show_bug.cgi?id=67072

Reviewed by Darin Adler.

Moved more of the destruction of Executable state into the finalizer,
which also resulted in an opportunity to mostly combine this with
discardCode().  This also means that the finalizer is now enabled even
when the JIT is turned off.  This is performance neutral on SunSpider,
V8, and Kraken.

* runtime/Executable.cpp:
(JSC::ExecutableBase::clearCode):
(JSC::ExecutableFinalizer::finalize):
(JSC::EvalExecutable::clearCode):
(JSC::ProgramExecutable::clearCode):
(JSC::FunctionExecutable::discardCode):
(JSC::FunctionExecutable::clearCode):
* runtime/Executable.h:
(JSC::ExecutableBase::finishCreation):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93947 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66957

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-08-26
Reviewed by Darin Adler.

Completed the second level of the refactoring to add finishCreation()
methods to all classes within the JSCell hierarchy with non-trivial
constructor bodies.

* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::create):
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::finishCreation):
(JSC::NativeExecutable::NativeExecutable):
(JSC::ScriptExecutable::ScriptExecutable):
(JSC::ScriptExecutable::finishCreation):
* runtime/GetterSetter.h:
(JSC::GetterSetter::GetterSetter):
(JSC::GetterSetter::create):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::create):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSObject.h:
(JSC::JSNonFinalObject::JSNonFinalObject):
(JSC::JSNonFinalObject::finishCreation):
(JSC::JSFinalObject::create):
(JSC::JSFinalObject::finishCreation):
(JSC::JSFinalObject::JSFinalObject):
(JSC::JSObject::JSObject):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::JSPropertyNameIterator):
(JSC::JSPropertyNameIterator::create):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::create):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::createWithoutCaching):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
(JSC::ScopeChainNode::create):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/Structure.h:
(JSC::Structure::create):
(JSC::Structure::finishCreation):
(JSC::Structure::createStructure):
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
* runtime/StructureChain.h:
(JSC::StructureChain::create):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93920 268f45cc-cd09-0410-ab3c-d52691b4dbfc

        https://bugs.webkit.org/show_bug.cgi?id=66874

        Reviewed by Geoff Garen. V8 fixes courtesy of Dmitry Titov.

        Test: fast/frames/detached-frame-property.html

        * bindings/js/JSDOMWindowBase.cpp:
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/ScriptController.cpp: (WebCore::ScriptController::evaluateInWorld):
        * bindings/v8/ScriptController.cpp: (WebCore::ScriptController::evaluate):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::runScript):
        (WebCore::V8Proxy::callFunction):
        (WebCore::V8Proxy::newInstance):
        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        (WebCore::Frame::~Frame):
        (WebCore::Frame::pageDestroyed):
        * page/Frame.h:
        * page/Page.cpp: (WebCore::Page::~Page):
        Removed all code that dealt with the life support timer. Protect Frame inside runScript()
        and callFunction() for v8 bindings.

        * bindings/js/JSEventListener.cpp: (WebCore::JSEventListener::handleEvent):
        Replaced ref/deref calls on self with a RefPtr.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93913 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=67004

Unreviewed, release build fix.

Fixing broken build due to unused variables in ASSERTs in release build.

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-08-25

* runtime/JSObject.h:
(JSC::JSObject::finishCreation):
* runtime/JSString.h:
(JSC::RopeBuilder::finishCreation):
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::finishCreation):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93841 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66827

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-08-25
Reviewed by Geoffrey Garen.

Added finishCreation() methods to all immediately subclasses of JSCell with
non-empty constructors.  Part of a larger refactoring to "unzip" initialization
lists and constructor bodies.  Also renamed JSCell's constructorBody() method
to finishCreation().

* runtime/Executable.h:
(JSC::ExecutableBase::ExecutableBase):
(JSC::ExecutableBase::constructorBody):
* runtime/GetterSetter.h:
(JSC::GetterSetter::GetterSetter):
* runtime/JSAPIValueWrapper.h:
(JSC::JSAPIValueWrapper::constructorBody):
(JSC::JSAPIValueWrapper::JSAPIValueWrapper):
* runtime/JSCell.h:
(JSC::JSCell::JSCell::JSCell):
(JSC::JSCell::JSCell::constructorBody):
* runtime/JSObject.h:
(JSC::JSObject::constructorBody):
(JSC::JSObject::JSObject):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::constructorBody):
* runtime/JSString.h:
(JSC::RopeBuilder::JSString):
(JSC::RopeBuilder::constructorBody):
* runtime/RegExp.cpp:
(JSC::RegExp::RegExp):
(JSC::RegExp::constructorBody):
* runtime/RegExp.h:
* runtime/ScopeChain.h:
(JSC::ScopeChainNode::ScopeChainNode):
(JSC::ScopeChainNode::constructorBody):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/StructureChain.cpp:
(JSC::StructureChain::StructureChain):
* runtime/StructureChain.h:
(JSC::StructureChain::create):
(JSC::StructureChain::constructorBody):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93835 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66571

Patch by Juan C. Montemayor <jmont@apple.com> on 2011-08-24
Reviewed by Geoffrey Garen.

This patch adds a TopCallFrame to JSC in order to have that information
when an error is thrown to create a stack trace. The TopCallFrame is
updated throughout select points in the Interpreter and the JSC.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::unwindCallFrame):
(JSC::Interpreter::throwException):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::privateExecute):
* interpreter/Interpreter.h:
(JSC::TopCallFrameSetter::TopCallFrameSetter):
(JSC::TopCallFrameSetter::~TopCallFrameSetter):
* jit/JIT.h:
* jit/JITInlineMethods.h:
(JSC::JIT::updateTopCallFrame):
* jit/JITStubCall.h:
(JSC::JITStubCall::call):
* jit/JITStubs.cpp:
(JSC::throwExceptionFromOpCall):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::arityCheckFor):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93755 268f45cc-cd09-0410-ab3c-d52691b4dbfc

in flight at once
https://bugs.webkit.org/show_bug.cgi?id=66845

Reviewed by Darin Adler.

The fix is simple since there is already a second create() method
that takes a UString.

* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::create):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93710 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66747

Reviewed by Geoffrey Garen.

Added facilities for the JIT to specify the kind of write barrier
being executed.  Added code for profiling the number of each kind
of barrier encountered.

* GNUmakefile.list.am:
* JavaScriptCore.exp:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
(JSC::DFG::JITCodeGenerator::cachedPutById):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::emitCount):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::emitCount):
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryCachePutByID):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* heap/Heap.h:
(JSC::Heap::writeBarrier):
* heap/WriteBarrierSupport.cpp: Added.
(JSC::WriteBarrierCounters::initialize):
* heap/WriteBarrierSupport.h: Added.
(JSC::WriteBarrierCounters::WriteBarrierCounters):
(JSC::WriteBarrierCounters::jitCounterFor):
(JSC::WriteBarrierCounters::countWriteBarrier):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var):
(JSC::JIT::emitWriteBarrier):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::emit_op_put_scoped_var):
(JSC::JIT::emit_op_put_global_var):
(JSC::JIT::emitWriteBarrier):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::setWithoutWriteBarrier):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93698 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=65288

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-08-23
Reviewed by Darin Adler.

Source/JavaScriptCore:

Adding the new validation functionality.  In its current state, it will performs checks,
but they don't fail unless you do allocation in the arguments to the parent constructor in the
initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new
allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still
allowed in constructor bodies while other refactoring efforts continue.

* runtime/JSCell.h:
(JSC::JSCell::JSCell::constructorBody):
(JSC::JSCell::JSCell::JSCell):
(JSC::JSCell::allocateCell):
* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData):
* runtime/JSGlobalData.h:
(JSC::JSGlobalData::isInitializingObject):
(JSC::JSGlobalData::setInitializingObject):
* runtime/StringObjectThatMasqueradesAsUndefined.h:
(JSC::StringObjectThatMasqueradesAsUndefined::create):

Source/WebCore:

No new tests.

Adding the new validation functionality.  In its current state, it will performs checks,
but they don't fail unless you do allocation in the arguments to the parent constructor in the
initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new
allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still
allowed in constructor bodies while other refactoring efforts continue.

* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::operator new):
* bindings/js/JSDOMWindowShell.h:

Source/WebKit/mac:

Adding the new validation functionality.  In its current state, it will performs checks,
but they don't fail unless you do allocation in the arguments to the parent constructor in the
initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new
allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still
allowed in constructor bodies while other refactoring efforts continue.

* Plugins/Hosted/ProxyRuntimeObject.h:
(WebKit::ProxyRuntimeObject::create):
* Plugins/Hosted/ProxyRuntimeObject.mm:
(WebKit::ProxyRuntimeObject::ProxyRuntimeObject):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93688 268f45cc-cd09-0410-ab3c-d52691b4dbfc

"name" and "message" enumerable on *Error.prototype

Reviewed by Sam Weinig.

Source/JavaScriptCore: 

The default value of a NativeErrorPrototype's message
property is "", not the name of the error.

* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::NativeErrorConstructor):
* runtime/NativeErrorConstructor.h:
(JSC::NativeErrorConstructor::create):
(JSC::NativeErrorConstructor::constructorBody):
* runtime/NativeErrorPrototype.cpp:
(JSC::NativeErrorPrototype::NativeErrorPrototype):
(JSC::NativeErrorPrototype::constructorBody):
* runtime/NativeErrorPrototype.h:
(JSC::NativeErrorPrototype::create):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::StringPrototype):
* runtime/StringPrototype.h:
(JSC::StringPrototype::create):

LayoutTests: 

* fast/js/exception-properties-expected.txt:
* fast/js/script-tests/exception-properties.js:
    - Add tests for value of RangeError.__proto__.{name|message}



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93624 268f45cc-cd09-0410-ab3c-d52691b4dbfc

        Unreviewed build fix for compile error on Windows for r93560.

        * runtime/SamplingCounter.h:




git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93585 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=66724

Reviewed by Darin Adler.

Moved SamplingCounter to a separate header in runtime/.

* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/SamplingTool.cpp:
* bytecode/SamplingTool.h:
* runtime/SamplingCounter.cpp: Added.
(JSC::AbstractSamplingCounter::dump):
* runtime/SamplingCounter.h: Added.
(JSC::AbstractSamplingCounter::count):
(JSC::AbstractSamplingCounter::addressOfCounter):
(JSC::AbstractSamplingCounter::init):
(JSC::SamplingCounter::SamplingCounter):
(JSC::GlobalSamplingCounter::name):
(JSC::DeletableSamplingCounter::DeletableSamplingCounter):
(JSC::DeletableSamplingCounter::~DeletableSamplingCounter):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93560 268f45cc-cd09-0410-ab3c-d52691b4dbfc