1. 01 Aug, 2013 1 commit
    • barraclough@apple.com's avatar
      More cleanup in PropertySlot · b8c4f432
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119359
      
      Reviewed by Geoff Garen.
      
      m_slotBase is overloaded to store the (receiver) thisValue and the object that contains the property,
      This is confusing, and means that slotBase cannot be typed correctly (can only be a JSObject).
      
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
          - No need to ASSERT slotBase is an object.
      * jit/JITStubs.cpp:
      (JSC::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
          - No need to ASSERT slotBase is an object.
      * runtime/JSObject.cpp:
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::fillGetterPropertySlot):
          - Pass an object through to setGetterSlot.
      * runtime/JSObject.h:
      (JSC::PropertySlot::getValue):
          - Moved from PropertySlot (need to know anout JSObject).
      * runtime/PropertySlot.cpp:
      (JSC::PropertySlot::functionGetter):
          - update per member name changes
      * runtime/PropertySlot.h:
      (JSC::PropertySlot::PropertySlot):
          - Argument to constructor set to 'thisValue'.
      (JSC::PropertySlot::slotBase):
          - This returns a JSObject*.
      (JSC::PropertySlot::setValue):
      (JSC::PropertySlot::setCustom):
      (JSC::PropertySlot::setCacheableCustom):
      (JSC::PropertySlot::setCustomIndex):
      (JSC::PropertySlot::setGetterSlot):
      (JSC::PropertySlot::setCacheableGetterSlot):
          - slotBase is a JSObject*, make setGetterSlot set slotBase for consistency.
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayEntry::get):
          - Pass an object through to setGetterSlot.
      * runtime/SparseArrayValueMap.h:
          - Pass an object through to setGetterSlot.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153556 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b8c4f432
  2. 31 Jul, 2013 1 commit
    • barraclough@apple.com's avatar
      Some cleanup in JSValue::get · ab7b6096
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119343
      
      Reviewed by Geoff Garen.
      
      Source/JavaScriptCore: 
      
      JSValue::get is implemented to:
          1) Check if the value is a cell – if not, synthesize a prototype to search,
          2) call getOwnPropertySlot on the cell,
          3) if this returns false, cast to JSObject to get the prototype, and walk the prototype chain.
      By all rights this should crash when passed a string and accessing a property that does not exist, because
      the string is a cell, getOwnPropertySlot should return false, and the cast to JSObject should be unsafe.
      To work around this, JSString::getOwnPropertySlot actually implements 'get' functionality - searching the
      prototype chain, and faking out a return value of undefined if no property is found.
      
      This is a huge hazard, since fixing JSString::getOwnPropertySlot or calling getOwnPropertySlot on cells
      from elsewhere would introduce bugs. Fortunately it is only ever called in this one place.
      
      The fix here is to move getOwnPropertySlot onto JSObjecte and end this madness - cells don't have property
      slots anyway.
      
      Interesting changes are in JSCJSValueInlines.h, JSString.cpp - the rest is pretty much all JSCell -> JSObject.
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertySlotByIndex):
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::getOwnPropertySlot):
      * bridge/runtime_method.h:
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      * bridge/runtime_object.h:
          - getOwnPropertySlot, JSCell -> JSObject
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getOwnPropertySlot):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
          - getOwnPropertySlot, JSCell -> JSObject
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153532 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ab7b6096
  3. 25 Jul, 2013 3 commits
    • oliver@apple.com's avatar
      fourthTier: The Math object should not be polymorphic · 524161ed
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117576
      
      Reviewed by Oliver Hunt.
      
      Fill in the Math object eagerly, to avoid its structure changing during
      execution. There are lots of ways to skin this cat; this one seemed
      easiest, and justified given the relative hotness of math operations.
      
      20% speedup on DSP-filtrr tests, small speedups on a few Kraken tests.
      
      * DerivedSources.make:
      * JavaScriptCore.order:
      * create_hash_table:
      * interpreter/CallFrame.h:
      (JSC::ExecState::jsonTable): Removed the Math object's static table.
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectNativeFunctionWithoutTransition):
      * runtime/JSObject.h:
      * runtime/MathObject.cpp:
      (JSC::MathObject::finishCreation):
      * runtime/MathObject.h:
      (JSC::MathObject::create): Set up the Math object at construction time.
      
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::VM::~VM):
      * runtime/VM.h: Removed the Math object's static table.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153223 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      524161ed
    • oliver@apple.com's avatar
      fourthTier: It should be possible to record heap operations (both FastMalloc and JSC GC) · a03796ac
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=116848
      
      Source/JavaScriptCore:
      
      Reviewed by Mark Hahnenberg.
      
      Record GC heap operations if ENABLE(ALLOCATION_LOGGING).
      
      * API/JSManagedValue.mm:
      * dfg/DFGOperations.cpp:
      * heap/Heap.cpp:
      (JSC::Heap::collect):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::allocateWithNormalDestructor):
      (JSC::Heap::allocateWithImmortalStructureDestructor):
      (JSC::Heap::allocateWithoutDestructor):
      (JSC::Heap::tryAllocateStorage):
      (JSC::Heap::tryReallocateStorage):
      (JSC):
      (JSC::Heap::ascribeOwner):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::append):
      (JSC::SlotVisitor::internalAppend):
      * heap/SlotVisitor.h:
      (SlotVisitor):
      * heap/SlotVisitorInlines.h:
      (JSC::SlotVisitor::append):
      (JSC::SlotVisitor::appendUnbarrieredPointer):
      (JSC::SlotVisitor::appendUnbarrieredValue):
      (JSC::SlotVisitor::appendUnbarrieredWeak):
      (JSC::SlotVisitor::internalAppend):
      (JSC):
      (JSC::SlotVisitor::appendValues):
      * jit/JITWriteBarrier.h:
      (JSC::SlotVisitor::append):
      * llint/LLIntCommon.h:
      * runtime/Butterfly.h:
      (Butterfly):
      * runtime/ButterflyInlines.h:
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::createOrGrowArrayRight):
      (JSC):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::unshiftCountSlowCase):
      * runtime/JSArray.h:
      (JSC::createContiguousArrayButterfly):
      (JSC::createArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSObject.cpp:
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::growOutOfLineStorage):
      * runtime/JSObject.h:
      (JSC::JSObject::JSObject):
      * runtime/Operations.h:
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::create):
      * runtime/StructureInlines.h:
      (JSC):
      * runtime/WriteBarrier.h:
      (JSC):
      
      Source/WTF:
      
      Reviewed by Mark Hahnenberg.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/DataLog.cpp:
      (WTF):
      (WTF::initializeLogFileOnce):
      * wtf/FastMalloc.cpp:
      (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
      * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153189 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a03796ac
    • oliver@apple.com's avatar
      fourthTier: Rationalized 'this' conversion, includes subsequent FTL branch fixes · e2fe4ceb
      oliver@apple.com authored
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
          This fixes a bunch of Sputnik tests, and some bad pointer access.
      
          The new model is that the callee always performs 'this' value conversion.
      
          My ultimate goal is to break up resolve_with_this into single-result
          opcodes. This step avoids having to add a special form of convert_this
          that distinguishes callers vs callees.
      
          Only the callee knows whether it uses 'this' and/or whether 'this'
          conversion should use StrictMode, so it's most natural to perform
          convert_this in the callee.
      
          * API/JSCallbackFunction.cpp:
          (JSC::JSCallbackFunction::call): Perform 'this' value conversion for
          our callee, since it may observe 'this'.
      
          * API/JSCallbackObjectFunctions.h:
          (JSC::::call): Ditto.
      
          * API/JSContextRef.cpp:
          (JSGlobalContextCreateInGroup): Use a proxy 'this' object in global scope
          even when we're not in the browser. This eliminates some odd cases where
          API clients used to be able to get a direct reference to an environment
          record. Now, any reference to an environment record unambiguously means
          that the VM resolved that record in the scope chain.
      
          (JSContextGetGlobalObject): Removed an incorrect comment. Now that JSC
          participates in the proxy 'this' object scheme, the behavior is not
          WebCore-only.
      
          * API/JSObjectRef.cpp:
          (JSObjectSetPrototype):
          (JSObjectCallAsFunction): Don't perform 'this' value conversion in the
          caller; the callee will do it if needed.
      
          * JavaScriptCore.order: Order!
      
          * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
          * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
          What are the chances that this will work?
      
          * bytecode/CodeBlock.cpp:
          (JSC::CodeBlock::dumpBytecode):
          (JSC::CodeBlock::CodeBlock): Renamed convert_this to to_this, to match our
          other conversion opcodes.
      
          * bytecode/CodeOrigin.h:
          (CodeOrigin):
          (InlineCallFrame):
          (JSC::CodeOrigin::codeOriginOwner): Use the more precise type for our
          executable, so compilation can discover where we're in strict mode.
      
          * bytecode/Opcode.h:
          (JSC::padOpcodeName): Updated for rename.
      
          * bytecompiler/BytecodeGenerator.cpp:
          (JSC::BytecodeGenerator::BytecodeGenerator): Always emit to_this when
          'this' is in use -- strict mode still needs to convert environment
          records to 'undefined'.
      
          * dfg/DFGAbstractState.cpp:
          (JSC::DFG::AbstractState::executeEffects):
          * dfg/DFGByteCodeParser.cpp:
          (JSC::DFG::ByteCodeParser::parseBlock):
          * dfg/DFGCapabilities.h:
          (JSC::DFG::canCompileOpcode): Updated for renames.
      
          * dfg/DFGFixupPhase.cpp:
          (JSC::DFG::FixupPhase::fixupNode): Tightened up this code to consider
          strict mode (a new requirement) and to consider the global object (which
          was always a requirement).
      
          * dfg/DFGGraph.h:
          (JSC::DFG::Graph::globalThisObjectFor):
          (JSC::DFG::Graph::executableFor):
          * dfg/DFGNodeType.h:
          * dfg/DFGOperations.cpp:
          * dfg/DFGOperations.h:
          * dfg/DFGPredictionPropagationPhase.cpp:
          (JSC::DFG::PredictionPropagationPhase::propagate):
          * dfg/DFGSpeculativeJIT32_64.cpp:
          (JSC::DFG::SpeculativeJIT::compile):
          * dfg/DFGSpeculativeJIT64.cpp:
          (JSC::DFG::SpeculativeJIT::compile): Ditto.
      
          * interpreter/Interpreter.cpp:
          (JSC::eval):
          (JSC::Interpreter::execute):
          (JSC::Interpreter::executeCall):
          * interpreter/Interpreter.h: Don't ASSERT about 'this' -- it's our job
          to fix it up if needed.
      
          * jit/JIT.cpp:
          (JSC::JIT::privateCompileMainPass):
          (JSC::JIT::privateCompileSlowCases):
          * jit/JIT.h:
          (JIT):
          * jit/JITOpcodes.cpp:
          (JSC::JIT::emit_op_to_this):
          (JSC::JIT::emitSlow_op_to_this):
          * jit/JITOpcodes32_64.cpp:
          (JSC::JIT::emit_op_to_this):
          (JSC::JIT::emitSlow_op_to_this):
          * jit/JITStubs.cpp:
          (JSC::DEFINE_STUB_FUNCTION):
          * jit/JITStubs.h: Removed special-case code for various kinds of
          conversions. The baseline fast path is now final objects only. It hurt
          my brain to think through how to keep the other fast paths working, and
          our benchmarks do not object.
      
          * llint/LLIntData.cpp:
          (JSC::LLInt::Data::performAssertions):
          * llint/LLIntSlowPaths.cpp:
          (JSC::LLInt::LLINT_SLOW_PATH_DECL):
          * llint/LLIntSlowPaths.h:
          (LLInt):
          * llint/LowLevelInterpreter.asm:
          * llint/LowLevelInterpreter32_64.asm:
          * llint/LowLevelInterpreter64.asm: Updated for renames. Removed some
          special case code, as in the JIT above.
      
          * profiler/ProfileGenerator.cpp:
          (JSC::ProfileGenerator::addParentForConsoleStart):
          * runtime/CallData.cpp:
          (JSC::call):
          * runtime/ClassInfo.h:
          (MethodTable):
          * runtime/Completion.cpp:
          (JSC::evaluate):
          * runtime/DatePrototype.cpp:
          (JSC::dateProtoFuncToJSON): The callee performs 'this' conversion, not
          the caller.
      
          * runtime/GetterSetter.cpp:
          (JSC::callGetter):
          (JSC::callSetter):
          * runtime/GetterSetter.h: Added helper functions for invoking getters
          and setters from C++ code, since this was duplicated in a bunch of
          places.
      
          * runtime/JSActivation.cpp:
          (JSC::JSActivation::toThis):
          * runtime/JSActivation.h:
          (JSActivation):
          * runtime/JSCJSValue.cpp:
          (JSC::JSValue::toThisSlowCase):
          (JSC::JSValue::putToPrimitive):
          * runtime/JSCJSValue.h:
          (JSValue):
          * runtime/JSCJSValueInlines.h:
          (JSC::JSValue::toThis):
          * runtime/JSCell.cpp:
          (JSC::JSCell::toThis):
          * runtime/JSCell.h:
          (JSCell):
          * runtime/JSGlobalObject.cpp:
          (JSC::JSGlobalObject::toThis):
          * runtime/JSGlobalObject.h:
          (JSGlobalObject): Filled out runtime support for converting 'this'
          values as needed, according to the appropriate strictness, using
          helper functions where getter/setter code was duplicated.
      
          * runtime/JSGlobalObjectFunctions.cpp:
          (JSC::globalFuncProtoGetter):
          (JSC::globalFuncProtoSetter): Perform 'this' value conversion, since we
          observe 'this'.
      
          * runtime/JSNameScope.cpp:
          (JSC::JSNameScope::toThis):
          * runtime/JSNameScope.h:
          (JSNameScope): Same as JSActivation.
      
          * runtime/JSObject.cpp:
          (JSC::JSObject::put):
          (JSC::JSObject::setPrototypeWithCycleCheck): Bug fix. Don't peform
          'this' value conversion in this helper function. The __proto__
          setter does this for us, since it's the function that logically observes
          'this' -- and we can ASSERT so. Also, the previous code used
          "globalExec()->thisValue()", which is a read past the beginning of a
          buffer! I don't think this ever worked on purpose.
      
          (JSC::JSObject::toThis):
          (JSC::JSObject::fillGetterPropertySlot):
          * runtime/JSObject.h:
          (JSC::JSObject::inlineGetOwnPropertySlot):
          * runtime/JSScope.cpp:
          (JSC::JSScope::resolveWithThis):
          * runtime/JSString.cpp:
          (JSC::JSString::toThis):
          * runtime/JSString.h:
          (JSString):
          * runtime/PropertySlot.cpp:
          (JSC::PropertySlot::functionGetter):
          * runtime/PropertySlot.h:
          (JSC):
          (JSC::PropertySlot::setGetterSlot):
          (JSC::PropertySlot::setCacheableGetterSlot):
          * runtime/SparseArrayValueMap.cpp:
          (JSC::SparseArrayEntry::get):
          (JSC::SparseArrayEntry::put):
          * runtime/StrictEvalActivation.cpp:
          (JSC::StrictEvalActivation::toThis):
          * runtime/StrictEvalActivation.h:
          (StrictEvalActivation): Ditto.
      
      Source/WebCore:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      Source/WebKit/mac:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      Source/WebKit2:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      LayoutTests:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153145 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e2fe4ceb
  4. 14 Jun, 2013 1 commit
    • rniwa@webkit.org's avatar
      Function names on Object.prototype should be common identifiers · 62475f81
      rniwa@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=117614
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      Patch written by Sam Weinig. Make Object's prototype function names common identififers since they're used frequently.
      
      * runtime/CommonIdentifiers.h:
      * runtime/FunctionConstructor.cpp:
      (JSC::constructFunction):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSObject.h:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::finishCreation):
      
      Source/WebCore: 
      
      Use the added common identifiers.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::JSDOMWindowBase::updateDocument):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@151605 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62475f81
  5. 02 May, 2013 1 commit
  6. 18 Apr, 2013 1 commit
    • ggaren@apple.com's avatar
      Renamed JSGlobalData to VM · 9a9a4b52
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114777
      
      Reviewed by Phil Pizlo.
      
      ../JavaScriptCore: 
      
      * API/APICast.h:
      (JSC):
      (toJS):
      (toRef):
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APICallbackShim::APICallbackShim):
      (JSC::APICallbackShim::~APICallbackShim):
      (APICallbackShim):
      * API/JSAPIWrapperObject.h:
      (JSAPIWrapperObject):
      * API/JSAPIWrapperObject.mm:
      (JSC::::createStructure):
      (JSC::JSAPIWrapperObject::JSAPIWrapperObject):
      (JSC::JSAPIWrapperObject::finishCreation):
      (JSC::JSAPIWrapperObject::visitChildren):
      * API/JSBase.cpp:
      (JSGarbageCollect):
      (JSReportExtraMemoryCost):
      (JSSynchronousGarbageCollectForDebugging):
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::create):
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObjectData::setPrivateProperty):
      (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
      (JSCallbackObject):
      (JSC::JSCallbackObject::setPrivateProperty):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::JSCallbackObject):
      (JSC::::finishCreation):
      (JSC::::put):
      (JSC::::staticFunctionGetter):
      * API/JSClassRef.cpp:
      (OpaqueJSClassContextData::OpaqueJSClassContextData):
      (OpaqueJSClass::contextData):
      (OpaqueJSClass::prototype):
      * API/JSClassRef.h:
      (OpaqueJSClassContextData):
      * API/JSContext.mm:
      (-[JSContext setException:]):
      (-[JSContext initWithGlobalContextRef:]):
      (+[JSContext contextWithGlobalContextRef:]):
      * API/JSContextRef.cpp:
      (JSContextGroupCreate):
      (JSContextGroupRelease):
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRetain):
      (JSGlobalContextRelease):
      (JSContextGetGroup):
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMake):
      (JSObjectMakeConstructor):
      (JSObjectMakeFunction):
      (JSObjectSetPrototype):
      (JSObjectHasProperty):
      (JSObjectGetProperty):
      (JSObjectSetProperty):
      (JSObjectDeleteProperty):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
      (OpaqueJSPropertyNameArray):
      (JSObjectCopyPropertyNames):
      (JSPropertyNameArrayRelease):
      (JSPropertyNameAccumulatorAddName):
      * API/JSScriptRef.cpp:
      (OpaqueJSScript::create):
      (OpaqueJSScript::vm):
      (OpaqueJSScript::OpaqueJSScript):
      (OpaqueJSScript):
      (parseScript):
      * API/JSVirtualMachine.mm:
      (scanExternalObjectGraph):
      * API/JSVirtualMachineInternal.h:
      (JSC):
      * API/JSWrapperMap.mm:
      (makeWrapper):
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * API/ObjCCallbackFunction.mm:
      (JSC::ObjCCallbackFunction::create):
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::identifier):
      * API/OpaqueJSString.h:
      (JSC):
      (OpaqueJSString):
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * KeywordLookupGenerator.py:
      (Trie.printSubTreeAsC):
      * Target.pri:
      * assembler/ARMAssembler.cpp:
      (JSC::ARMAssembler::executableCopy):
      * assembler/ARMAssembler.h:
      (ARMAssembler):
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/AssemblerBufferWithConstantPool.h:
      (JSC::AssemblerBufferWithConstantPool::executableCopy):
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::linkCode):
      * assembler/LinkBuffer.h:
      (JSC):
      (JSC::LinkBuffer::LinkBuffer):
      (LinkBuffer):
      * assembler/MIPSAssembler.h:
      (JSC::MIPSAssembler::executableCopy):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CallLinkInfo.h:
      (CallLinkInfo):
      * bytecode/CodeBlock.cpp:
      (JSC::dumpStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::findClosureCallForReturnPC):
      (JSC::ProgramCodeBlock::jettisonImpl):
      (JSC::EvalCodeBlock::jettisonImpl):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::predictedMachineCodeSize):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendWeakReference):
      (JSC::CodeBlock::appendWeakReferenceTransition):
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::setGlobalData):
      (JSC::CodeBlock::vm):
      (JSC::CodeBlock::valueProfileForBytecodeOffset):
      (JSC::CodeBlock::addConstant):
      (JSC::CodeBlock::setConstantRegisters):
      (CodeBlock):
      (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
      * bytecode/EvalCodeCache.h:
      (JSC::EvalCodeCache::getSlow):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC::GetByIdStatus::computeForChain):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/ObjectAllocationProfile.h:
      (JSC::ObjectAllocationProfile::initialize):
      (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
      * bytecode/PolymorphicAccessStructureList.h:
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      * bytecode/PreciseJumpTargets.cpp:
      (JSC::computePreciseJumpTargets):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (JSC):
      (PutByIdStatus):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingTool::notifyOfScope):
      * bytecode/SamplingTool.h:
      (JSC::ScriptSampleRecord::ScriptSampleRecord):
      (SamplingTool):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::initGetByIdSelf):
      (JSC::StructureStubInfo::initGetByIdProto):
      (JSC::StructureStubInfo::initGetByIdChain):
      (JSC::StructureStubInfo::initPutByIdTransition):
      (JSC::StructureStubInfo::initPutByIdReplace):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::link):
      (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::create):
      (UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::finishCreation):
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedCodeBlock::addRegExp):
      (JSC::UnlinkedCodeBlock::addConstant):
      (JSC::UnlinkedCodeBlock::addFunctionDecl):
      (JSC::UnlinkedCodeBlock::addFunctionExpr):
      (JSC::UnlinkedCodeBlock::vm):
      (UnlinkedCodeBlock):
      (JSC::UnlinkedCodeBlock::finishCreation):
      (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::create):
      (JSC::UnlinkedProgramCodeBlock::addFunctionDeclaration):
      (JSC::UnlinkedProgramCodeBlock::UnlinkedProgramCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::create):
      (JSC::UnlinkedEvalCodeBlock::UnlinkedEvalCodeBlock):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::create):
      (JSC::UnlinkedFunctionCodeBlock::UnlinkedFunctionCodeBlock):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::addConstant):
      (JSC::BytecodeGenerator::emitLoad):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::addStringConstant):
      (JSC::BytecodeGenerator::expectedFunctionForIdentifier):
      (JSC::BytecodeGenerator::emitThrowReferenceError):
      (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::vm):
      (JSC::BytecodeGenerator::propertyNames):
      (JSC::BytecodeGenerator::makeFunction):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::ArrayNode::toArgumentList):
      (JSC::ApplyFunctionCallDotNode::emitBytecode):
      (JSC::InstanceOfNode::emitBytecode):
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      (JSC::evaluateInGlobalCallFrame):
      * debugger/Debugger.h:
      (JSC):
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::DebuggerActivation):
      (JSC::DebuggerActivation::finishCreation):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::create):
      (JSC::DebuggerActivation::createStructure):
      (DebuggerActivation):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::evaluate):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::vm):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGByteCodeParser.h:
      (JSC):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::CCallHelpers):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::reportToProfiler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      (JSC::DFG::operationPutByValInternal):
      (JSC::getHostCallReturnValueWithExecState):
      * dfg/DFGPhase.h:
      (JSC::DFG::Phase::vm):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      (JSC::DFG::linkSlowFor):
      (JSC::DFG::dfgLinkFor):
      (JSC::DFG::dfgLinkSlowFor):
      (JSC::DFG::dfgLinkClosureCall):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::compileFromCharCode):
      (JSC::DFG::SpeculativeJIT::compileMakeRope):
      (JSC::DFG::SpeculativeJIT::compileStringEquality):
      (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::linkForThunkGenerator):
      (JSC::DFG::linkCallThunkGenerator):
      (JSC::DFG::linkConstructThunkGenerator):
      (JSC::DFG::linkClosureCallThunkGenerator):
      (JSC::DFG::virtualForThunkGenerator):
      (JSC::DFG::virtualCallThunkGenerator):
      (JSC::DFG::virtualConstructThunkGenerator):
      * dfg/DFGThunks.h:
      (JSC):
      (DFG):
      * heap/BlockAllocator.h:
      (JSC):
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      (JSC::CopiedSpace::tryReallocate):
      * heap/CopiedSpaceInlines.h:
      (JSC::CopiedSpace::tryAllocate):
      * heap/GCThreadSharedData.cpp:
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      * heap/GCThreadSharedData.h:
      (JSC):
      (GCThreadSharedData):
      * heap/HandleSet.cpp:
      (JSC::HandleSet::HandleSet):
      (JSC::HandleSet::~HandleSet):
      (JSC::HandleSet::grow):
      * heap/HandleSet.h:
      (JSC):
      (HandleSet):
      (JSC::HandleSet::vm):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC):
      (JSC::Heap::lastChanceToFinalize):
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::stack):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::collect):
      (JSC::Heap::isValidAllocation):
      * heap/Heap.h:
      (JSC):
      (Heap):
      (JSC::Heap::vm):
      * heap/HeapTimer.cpp:
      (JSC::HeapTimer::HeapTimer):
      (JSC::HeapTimer::timerDidFire):
      (JSC::HeapTimer::timerEvent):
      * heap/HeapTimer.h:
      (JSC):
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/Local.h:
      (Local):
      (JSC::::Local):
      (JSC::LocalStack::LocalStack):
      (JSC::LocalStack::push):
      (LocalStack):
      * heap/LocalScope.h:
      (JSC):
      (LocalScope):
      (JSC::LocalScope::LocalScope):
      * heap/MachineStackMarker.cpp:
      (JSC::MachineThreads::addCurrentThread):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::vm):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::SlotVisitor):
      (JSC::SlotVisitor::setup):
      * heap/Strong.h:
      (JSC):
      (Strong):
      (JSC::Strong::operator=):
      * heap/StrongInlines.h:
      (JSC::::Strong):
      (JSC::::set):
      * heap/SuperRegion.h:
      (JSC):
      * heap/WeakSet.cpp:
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::WeakSet):
      (JSC::WeakSet::vm):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (JSC):
      (AbstractPC):
      * interpreter/CachedCall.h:
      (JSC::CachedCall::CachedCall):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::clearException):
      (JSC::ExecState::clearSupplementaryExceptionInfo):
      (JSC::ExecState::exception):
      (JSC::ExecState::hadException):
      (JSC::ExecState::propertyNames):
      (JSC::ExecState::emptyList):
      (JSC::ExecState::interpreter):
      (JSC::ExecState::heap):
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::jsonTable):
      (JSC::ExecState::mathTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectConstructorTable):
      (JSC::ExecState::privateNamePrototypeTable):
      (JSC::ExecState::regExpTable):
      (JSC::ExecState::regExpConstructorTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable):
      (JSC::ExecState::abstractReturnPC):
      * interpreter/CallFrameClosure.h:
      (CallFrameClosure):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::eval):
      (JSC::loadVarargs):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::appendSourceToError):
      (JSC::getCallerInfo):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::addStackTraceIfNecessary):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      (JSC::Interpreter::retrieveCallerFromVMCode):
      * interpreter/Interpreter.h:
      (JSC):
      (JSC::TopCallFrameSetter::TopCallFrameSetter):
      (JSC::TopCallFrameSetter::~TopCallFrameSetter):
      (TopCallFrameSetter):
      (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
      (Interpreter):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      * interpreter/JSStack.h:
      (JSC):
      * jit/ClosureCallStubRoutine.cpp:
      (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
      * jit/ClosureCallStubRoutine.h:
      (ClosureCallStubRoutine):
      * jit/ExecutableAllocator.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/ExecutableAllocator.h:
      (JSC):
      (ExecutableAllocator):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/GCAwareJITStubRoutine.cpp:
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h:
      (GCAwareJITStubRoutine):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompile):
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JIT.h:
      (JSC::JIT::compile):
      (JSC::JIT::compileClosureCall):
      (JSC::JIT::compileGetByIdProto):
      (JSC::JIT::compileGetByIdSelfList):
      (JSC::JIT::compileGetByIdProtoList):
      (JSC::JIT::compileGetByIdChainList):
      (JSC::JIT::compileGetByIdChain):
      (JSC::JIT::compilePutByIdTransition):
      (JSC::JIT::compileGetByVal):
      (JSC::JIT::compilePutByVal):
      (JSC::JIT::compileCTINativeCall):
      (JSC::JIT::compilePatchGetArrayLength):
      (JIT):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCode.h:
      (JSC):
      (JSC::JITCode::execute):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      (JSC::jitThrow):
      * jit/JITExceptions.h:
      (JSC):
      * jit/JITInlines.h:
      (JSC::JIT::emitLoadCharacterString):
      (JSC::JIT::updateTopCallFrame):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emitSlow_op_eq):
      (JSC::JIT::emitSlow_op_neq):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      (JSC::ctiTrampoline):
      (JSC):
      (JSC::performPlatformSpecificJITAssertions):
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::returnToThrowTrampoline):
      (JSC::throwExceptionFromOpCall):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      (JSC::putByVal):
      * jit/JITStubs.h:
      (JSC):
      (JITStackFrame):
      * jit/JITThunks.cpp:
      (JSC::JITThunks::ctiNativeCall):
      (JSC::JITThunks::ctiNativeConstruct):
      (JSC::JITThunks::ctiStub):
      (JSC::JITThunks::hostFunctionStub):
      * jit/JITThunks.h:
      (JSC):
      (JITThunks):
      * jit/JITWriteBarrier.h:
      (JSC):
      (JSC::JITWriteBarrierBase::set):
      (JSC::JITWriteBarrier::set):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadJSStringArgument):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerator.h:
      (JSC):
      * jit/ThunkGenerators.cpp:
      (JSC::generateSlowCaseFor):
      (JSC::linkForGenerator):
      (JSC::linkCallGenerator):
      (JSC::linkConstructGenerator):
      (JSC::linkClosureCallGenerator):
      (JSC::virtualForGenerator):
      (JSC::virtualCallGenerator):
      (JSC::virtualConstructGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::nativeCallGenerator):
      (JSC::nativeConstructGenerator):
      (JSC::stringCharLoad):
      (JSC::charToString):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * jit/ThunkGenerators.h:
      (JSC):
      * jsc.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      (functionDumpCallFrame):
      (functionJSCStack):
      (functionReleaseExecutableMemory):
      (functionRun):
      (main):
      (runWithScripts):
      (jscmain):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntData.h:
      (JSC):
      (Data):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h:
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/cloop.rb:
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::ASTBuilder):
      (JSC::ASTBuilder::createSourceElements):
      (JSC::ASTBuilder::createCommaExpr):
      (JSC::ASTBuilder::createLogicalNot):
      (JSC::ASTBuilder::createUnaryPlus):
      (JSC::ASTBuilder::createVoid):
      (JSC::ASTBuilder::thisExpr):
      (JSC::ASTBuilder::createResolve):
      (JSC::ASTBuilder::createObjectLiteral):
      (JSC::ASTBuilder::createArray):
      (JSC::ASTBuilder::createNumberExpr):
      (JSC::ASTBuilder::createString):
      (JSC::ASTBuilder::createBoolean):
      (JSC::ASTBuilder::createNull):
      (JSC::ASTBuilder::createBracketAccess):
      (JSC::ASTBuilder::createDotAccess):
      (JSC::ASTBuilder::createRegExp):
      (JSC::ASTBuilder::createNewExpr):
      (JSC::ASTBuilder::createConditionalExpr):
      (JSC::ASTBuilder::createAssignResolve):
      (JSC::ASTBuilder::createFunctionExpr):
      (JSC::ASTBuilder::createFunctionBody):
      (JSC::ASTBuilder::createGetterOrSetterProperty):
      (JSC::ASTBuilder::createArguments):
      (JSC::ASTBuilder::createArgumentsList):
      (JSC::ASTBuilder::createProperty):
      (JSC::ASTBuilder::createPropertyList):
      (JSC::ASTBuilder::createElementList):
      (JSC::ASTBuilder::createFormalParameterList):
      (JSC::ASTBuilder::createClause):
      (JSC::ASTBuilder::createClauseList):
      (JSC::ASTBuilder::createFuncDeclStatement):
      (JSC::ASTBuilder::createBlockStatement):
      (JSC::ASTBuilder::createExprStatement):
      (JSC::ASTBuilder::createIfStatement):
      (JSC::ASTBuilder::createForLoop):
      (JSC::ASTBuilder::createForInLoop):
      (JSC::ASTBuilder::createEmptyStatement):
      (JSC::ASTBuilder::createVarStatement):
      (JSC::ASTBuilder::createReturnStatement):
      (JSC::ASTBuilder::createBreakStatement):
      (JSC::ASTBuilder::createContinueStatement):
      (JSC::ASTBuilder::createTryStatement):
      (JSC::ASTBuilder::createSwitchStatement):
      (JSC::ASTBuilder::createWhileStatement):
      (JSC::ASTBuilder::createDoWhileStatement):
      (JSC::ASTBuilder::createLabelStatement):
      (JSC::ASTBuilder::createWithStatement):
      (JSC::ASTBuilder::createThrowStatement):
      (JSC::ASTBuilder::createDebugger):
      (JSC::ASTBuilder::createConstStatement):
      (JSC::ASTBuilder::appendConstDecl):
      (JSC::ASTBuilder::addVar):
      (JSC::ASTBuilder::combineCommaNodes):
      (JSC::ASTBuilder::Scope::Scope):
      (JSC::ASTBuilder::createNumber):
      (ASTBuilder):
      (JSC::ASTBuilder::makeTypeOfNode):
      (JSC::ASTBuilder::makeDeleteNode):
      (JSC::ASTBuilder::makeNegateNode):
      (JSC::ASTBuilder::makeBitwiseNotNode):
      (JSC::ASTBuilder::makeMultNode):
      (JSC::ASTBuilder::makeDivNode):
      (JSC::ASTBuilder::makeModNode):
      (JSC::ASTBuilder::makeAddNode):
      (JSC::ASTBuilder::makeSubNode):
      (JSC::ASTBuilder::makeLeftShiftNode):
      (JSC::ASTBuilder::makeRightShiftNode):
      (JSC::ASTBuilder::makeURightShiftNode):
      (JSC::ASTBuilder::makeBitOrNode):
      (JSC::ASTBuilder::makeBitAndNode):
      (JSC::ASTBuilder::makeBitXOrNode):
      (JSC::ASTBuilder::makeFunctionCallNode):
      (JSC::ASTBuilder::makeBinaryNode):
      (JSC::ASTBuilder::makeAssignNode):
      (JSC::ASTBuilder::makePrefixNode):
      (JSC::ASTBuilder::makePostfixNode):
      * parser/Lexer.cpp:
      (JSC::Keywords::Keywords):
      (JSC::::Lexer):
      (JSC::::parseIdentifier):
      (JSC::::parseIdentifierSlowCase):
      * parser/Lexer.h:
      (JSC::Keywords::isKeyword):
      (JSC::Keywords::getKeyword):
      (Keywords):
      (Lexer):
      (JSC::::makeIdentifier):
      (JSC::::makeRightSizedIdentifier):
      (JSC::::makeIdentifierLCharFromUChar):
      (JSC::::makeLCharIdentifier):
      * parser/NodeConstructors.h:
      (JSC::ParserArenaFreeable::operator new):
      (JSC::ParserArenaDeletable::operator new):
      (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
      (JSC::PropertyNode::PropertyNode):
      (JSC::ContinueNode::ContinueNode):
      (JSC::BreakNode::BreakNode):
      (JSC::ForInNode::ForInNode):
      * parser/Nodes.cpp:
      (JSC::ScopeNode::ScopeNode):
      (JSC::ProgramNode::ProgramNode):
      (JSC::ProgramNode::create):
      (JSC::EvalNode::EvalNode):
      (JSC::EvalNode::create):
      (JSC::FunctionBodyNode::FunctionBodyNode):
      (JSC::FunctionBodyNode::create):
      * parser/Nodes.h:
      (ParserArenaFreeable):
      (ParserArenaDeletable):
      (ParserArenaRefCounted):
      (ArrayNode):
      (ForInNode):
      (ContinueNode):
      (BreakNode):
      (ScopeNode):
      (ProgramNode):
      (EvalNode):
      (FunctionBodyNode):
      * parser/Parser.cpp:
      (JSC::::Parser):
      (JSC::::parseInner):
      (JSC::::parseSourceElements):
      (JSC::::parseTryStatement):
      (JSC::::parseFunctionBody):
      (JSC::::parseFunctionInfo):
      (JSC::::parseAssignmentExpression):
      (JSC::::parseProperty):
      (JSC::::parsePrimaryExpression):
      (JSC::::parseMemberExpression):
      (JSC::::parseUnaryExpression):
      * parser/Parser.h:
      (JSC):
      (JSC::Scope::Scope):
      (JSC::Scope::declareVariable):
      (JSC::Scope::declareParameter):
      (Scope):
      (Parser):
      (JSC::Parser::pushScope):
      (JSC::::parse):
      (JSC::parse):
      * parser/ParserArena.h:
      (IdentifierArena):
      (JSC::IdentifierArena::makeIdentifier):
      (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
      (JSC::IdentifierArena::makeNumericIdentifier):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::SyntaxChecker):
      (JSC::SyntaxChecker::createProperty):
      (JSC::SyntaxChecker::createGetterOrSetterProperty):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::startProfiling):
      (JSC::LegacyProfiler::stopProfiling):
      * profiler/LegacyProfiler.h:
      (JSC):
      * profiler/ProfilerBytecode.cpp:
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      (JSC::Profiler::BytecodeSequence::addSequenceProperties):
      * profiler/ProfilerBytecodes.cpp:
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerCompilation.cpp:
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompiledBytecode.cpp:
      (JSC::Profiler::CompiledBytecode::toJS):
      * profiler/ProfilerDatabase.cpp:
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::toJS):
      (JSC::Profiler::Database::toJSON):
      * profiler/ProfilerDatabase.h:
      (Database):
      * profiler/ProfilerOSRExit.cpp:
      (JSC::Profiler::OSRExit::toJS):
      * profiler/ProfilerOrigin.cpp:
      (JSC::Profiler::Origin::toJS):
      * profiler/ProfilerProfiledBytecodes.cpp:
      (JSC::Profiler::ProfiledBytecodes::toJS):
      * runtime/ArgList.h:
      (MarkedArgumentBuffer):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      (JSC::Arguments::tearOff):
      (JSC::Arguments::didTearOffActivation):
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      (JSC::Arguments::createStructure):
      (Arguments):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::trySetArgument):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BatchedTransitionOptimizer.h:
      (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
      (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
      (BatchedTransitionOptimizer):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      (JSC::constructBoolean):
      (JSC::constructBooleanFromImmediateBoolean):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::BooleanObject):
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (BooleanObject):
      (JSC::BooleanObject::create):
      (JSC::BooleanObject::createStructure):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/Butterfly.h:
      (JSC):
      (Butterfly):
      * runtime/ButterflyInlines.h:
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::createOrGrowArrayRight):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
      * runtime/CodeCache.h:
      (JSC):
      (JSC::SourceCodeValue::SourceCodeValue):
      (CodeCache):
      * runtime/CommonIdentifiers.cpp:
      (JSC):
      (JSC::CommonIdentifiers::CommonIdentifiers):
      * runtime/CommonIdentifiers.h:
      (CommonIdentifiers):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::DateInstance):
      (JSC::DateInstance::finishCreation):
      (JSC::DateInstance::calculateGregorianDateTime):
      (JSC::DateInstance::calculateGregorianDateTimeUTC):
      * runtime/DateInstance.h:
      (DateInstance):
      (JSC::DateInstance::create):
      (JSC::DateInstance::createStructure):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncToJSON):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.cpp:
      (JSC::createError):
      (JSC::createEvalError):
      (JSC::createRangeError):
      (JSC::createReferenceError):
      (JSC::createSyntaxError):
      (JSC::createTypeError):
      (JSC::createURIError):
      (JSC::addErrorInfo):
      (JSC::throwError):
      * runtime/Error.h:
      (JSC):
      (JSC::StrictModeTypeErrorFunction::create):
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::ErrorInstance):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      (JSC::ErrorInstance::create):
      (ErrorInstance):
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::createInterruptedExecutionException):
      (JSC::createTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC):
      (JSC::InterruptedExecutionError::InterruptedExecutionError):
      (JSC::InterruptedExecutionError::create):
      (JSC::InterruptedExecutionError::createStructure):
      (JSC::TerminatedExecutionError::TerminatedExecutionError):
      (JSC::TerminatedExecutionError::create):
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC::EvalExecutable::EvalExecutable):
      (JSC::ProgramExecutable::ProgramExecutable):
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::checkSyntax):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::initializeGlobalProperties):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
      (JSC::FunctionExecutable::fromGlobalCode):
      * runtime/Executable.h:
      (JSC::ExecutableBase::ExecutableBase):
      (JSC::ExecutableBase::finishCreation):
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::create):
      (JSC::NativeExecutable::createStructure):
      (JSC::NativeExecutable::finishCreation):
      (JSC::NativeExecutable::NativeExecutable):
      (JSC::ScriptExecutable::ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::compile):
      (EvalExecutable):
      (JSC::EvalExecutable::create):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (JSC::ProgramExecutable::compile):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::create):
      (JSC::FunctionExecutable::compileForCall):
      (FunctionExecutable):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      (JSC::FunctionExecutable::createStructure):
      (JSC::JSFunction::JSFunction):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::GCActivityCallback):
      * runtime/GCActivityCallbackBlackBerry.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::GetterSetter):
      (JSC::GetterSetter::create):
      (JSC::GetterSetter::setGetter):
      (JSC::GetterSetter::setSetter):
      (JSC::GetterSetter::createStructure):
      * runtime/Identifier.cpp:
      (JSC::Identifier::add):
      (JSC::Identifier::add8):
      (JSC::Identifier::addSlowCase):
      (JSC::Identifier::from):
      (JSC::Identifier::checkCurrentIdentifierTable):
      * runtime/Identifier.h:
      (JSC::Identifier::Identifier):
      (JSC::Identifier::createLCharFromUChar):
      (Identifier):
      (JSC::Identifier::add):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::InternalFunction):
      (JSC::InternalFunction::finishCreation):
      (JSC::InternalFunction::name):
      (JSC::InternalFunction::displayName):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (InternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      (JSC::JSAPIValueWrapper::finishCreation):
      (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::create):
      (JSC::JSActivation::createStructure):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::ContiguousTypeAccessor::setWithValue):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sortVector):
      * runtime/JSArray.h:
      (JSC::JSArray::JSArray):
      (JSArray):
      (JSC::JSArray::shiftCountForShift):
      (JSC::JSArray::unshiftCountForShift):
      (JSC::JSArray::createStructure):
      (JSC::createContiguousArrayButterfly):
      (JSC::createArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      (JSC::constructArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::JSBoundFunction):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::toStringSlowCase):
      * runtime/JSCJSValue.h:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::allocateCell):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSDateMath.cpp:
      (JSC::getDSTOffset):
      (JSC::getUTCOffset):
      (JSC::parseDate):
      * runtime/JSDestructibleObject.h:
      (JSC::JSDestructibleObject::JSDestructibleObject):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::createAllocationProfile):
      (JSC::JSFunction::name):
      (JSC::JSFunction::displayName):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::deleteProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      (JSC::JSFunction::create):
      (JSC::JSFunction::setScope):
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalData.cpp: Removed.
      * runtime/JSGlobalData.h: Removed.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::setGlobalThis):
      (JSC::JSGlobalObject::init):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::resetPrototype):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
      (JSC::JSGlobalObject::createProgramCodeBlock):
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::create):
      (JSGlobalObject):
      (JSC::JSGlobalObject::finishCreation):
      (JSC::JSGlobalObject::vm):
      (JSC::JSGlobalObject::createStructure):
      (JSC::ExecState::dynamicGlobalObject):
      (JSC::constructEmptyArray):
      (DynamicGlobalObjectScope):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoSetter):
      * runtime/JSLock.cpp:
      (JSC::JSLockHolder::JSLockHolder):
      (JSC::JSLockHolder::init):
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::willDestroyGlobalData):
      (JSC::JSLock::lock):
      (JSC::JSLock::unlock):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (JSLockHolder):
      (JSLock):
      (JSC::JSLock::vm):
      (DropAllLocks):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      (JSC::JSNameScope::finishCreation):
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::JSNotAnObject):
      (JSC::JSNotAnObject::create):
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::JSONObject):
      (JSC::JSONObject::finishCreation):
      (Holder):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::stringify):
      (JSC::Stringifier::toJSON):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::Walker):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      (JSC::JSONStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::rageConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::convertUndecidedForValue):
      (JSC::JSObject::convertInt32ForValue):
      (JSC::JSObject::setIndexQuicklyToUndecided):
      (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
      (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::rageEnsureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::setPrototypeWithCycleCheck):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::seal):
      (JSC::JSObject::freeze):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::reifyStaticFunctionsForDelete):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::putDirectNativeFunction):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
      (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
      (DefineOwnPropertyScope):
      (JSC::JSObject::defineOwnNonIndexProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::putByIndexInline):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectOffset):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::isSealed):
      (JSC::JSObject::isFrozen):
      (JSC::JSObject::flattenDictionaryObject):
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::rageEnsureContiguous):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSObject::ensureLength):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::createStructure):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSFinalObject::JSFinalObject):
      (JSC::JSFinalObject::create):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      (JSC::JSPropertyNameIterator::setCachedStructure):
      (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
      (JSC::JSPropertyNameIterator::finishCreation):
      (JSC::StructureRareData::setEnumerationCache):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget):
      * runtime/JSProxy.h:
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSC::JSProxy::JSProxy):
      (JSC::JSProxy::finishCreation):
      (JSProxy):
      * runtime/JSScope.cpp:
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      * runtime/JSScope.h:
      (JSScope):
      (JSC::JSScope::JSScope):
      (JSC::JSScope::vm):
      (JSC::ExecState::vm):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSString.cpp:
      (JSC::JSRopeString::RopeBuilder::expand):
      (JSC::StringObject::create):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      (JSC::JSString::JSString):
      (JSC::JSString::finishCreation):
      (JSC::JSString::create):
      (JSC::JSString::createHasOtherOwner):
      (JSC::JSString::createStructure):
      (JSRopeString):
      (JSC::JSRopeString::RopeBuilder::RopeBuilder):
      (JSC::JSRopeString::RopeBuilder::append):
      (RopeBuilder):
      (JSC::JSRopeString::JSRopeString):
      (JSC::JSRopeString::finishCreation):
      (JSC::JSRopeString::append):
      (JSC::JSRopeString::createNull):
      (JSC::JSRopeString::create):
      (JSC::jsEmptyString):
      (JSC::jsSingleCharacterString):
      (JSC::jsSingleCharacterSubstring):
      (JSC::jsNontrivialString):
      (JSC::jsString):
      (JSC::jsSubstring):
      (JSC::jsSubstring8):
      (JSC::jsOwnedString):
      (JSC::jsStringBuilder):
      (JSC::inlineJSValueNotStringtoString):
      * runtime/JSStringJoiner.cpp:
      (JSC::JSStringJoiner::build):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::createStructure):
      (JSC::JSWithScope::JSWithScope):
      * runtime/JSWrapperObject.h:
      (JSWrapperObject):
      (JSC::JSWrapperObject::createStructure):
      (JSC::JSWrapperObject::JSWrapperObject):
      (JSC::JSWrapperObject::setInternalValue):
      * runtime/LiteralParser.cpp:
      (JSC::::tryJSONPParse):
      (JSC::::makeIdentifier):
      (JSC::::parse):
      * runtime/Lookup.cpp:
      (JSC::HashTable::createTable):
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::initializeIfNeeded):
      (JSC::HashTable::entry):
      (JSC::HashTable::begin):
      (JSC::HashTable::end):
      (HashTable):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::MathObject):
      (JSC::MathObject::finishCreation):
      (JSC::mathProtoFuncSin):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/MemoryStatistics.cpp:
      * runtime/MemoryStatistics.h:
      * runtime/NameConstructor.cpp:
      (JSC::NameConstructor::finishCreation):
      (JSC::constructPrivateName):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.cpp:
      (JSC::NameInstance::NameInstance):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::create):
      (NameInstance):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::NamePrototype):
      (JSC::NamePrototype::finishCreation):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NativeErrorPrototype.cpp:
      (JSC::NativeErrorPrototype::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      (JSC::constructWithNumberConstructor):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::NumberObject):
      (JSC::NumberObject::finishCreation):
      (JSC::constructNumber):
      * runtime/NumberObject.h:
      (NumberObject):
      (JSC::NumberObject::create):
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::finishCreation):
      (JSC::integerValueToString):
      (JSC::numberProtoFuncToString):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      (JSC::constructEmptyObject):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::objectProtoFuncToString):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      * runtime/Operations.h:
      (JSC):
      (JSC::jsString):
      (JSC::jsStringFromArguments):
      (JSC::normalizePrototypeChainForChainAccess):
      (JSC::normalizePrototypeChain):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      (JSC::PropertyTable::createStructure):
      (PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyNameArray.h:
      (JSC::PropertyNameArray::PropertyNameArray):
      (JSC::PropertyNameArray::vm):
      (JSC::PropertyNameArray::addKnownUnique):
      (PropertyNameArray):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      * runtime/RegExp.cpp:
      (JSC::RegExp::RegExp):
      (JSC::RegExp::finishCreation):
      (JSC::RegExp::createWithoutCaching):
      (JSC::RegExp::create):
      (JSC::RegExp::compile):
      (JSC::RegExp::compileIfNecessary):
      (JSC::RegExp::match):
      (JSC::RegExp::compileMatchOnly):
      (JSC::RegExp::compileIfNecessaryMatchOnly):
      * runtime/RegExp.h:
      (JSC):
      (RegExp):
      (JSC::RegExp::createStructure):
      * runtime/RegExpCache.cpp:
      (JSC::RegExpCache::lookupOrCreate):
      (JSC::RegExpCache::RegExpCache):
      (JSC::RegExpCache::addToStrongCache):
      * runtime/RegExpCache.h:
      (RegExpCache):
      * runtime/RegExpCachedResult.cpp:
      (JSC::RegExpCachedResult::lastResult):
      (JSC::RegExpCachedResult::setInput):
      * runtime/RegExpCachedResult.h:
      (JSC::RegExpCachedResult::RegExpCachedResult):
      (JSC::RegExpCachedResult::record):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::RegExpConstructor):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (RegExpConstructor):
      (JSC::RegExpConstructor::performMatch):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      (JSC::RegExpMatchesArray::reifyAllProperties):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::RegExpObject):
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::match):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::create):
      (JSC::RegExpObject::setRegExp):
      (JSC::RegExpObject::setLastIndex):
      (JSC::RegExpObject::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SmallStrings.cpp:
      (JSC::SmallStrings::initializeCommonStrings):
      (JSC::SmallStrings::createEmptyString):
      (JSC::SmallStrings::createSingleCharacterString):
      (JSC::SmallStrings::initialize):
      * runtime/SmallStrings.h:
      (JSC):
      (JSC::SmallStrings::singleCharacterString):
      (SmallStrings):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::put):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation):
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::create):
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::StringObject):
      (JSC::StringObject::finishCreation):
      (JSC::constructString):
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      (JSC::StringObject::createStructure):
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::StringPrototype):
      (JSC::StringPrototype::finishCreation):
      (JSC::removeUsingRegExpSearch):
      (JSC::replaceUsingRegExpSearch):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      (JSC::StringRecursionChecker::~StringRecursionChecker):
      * runtime/Structure.cpp:
      (JSC::StructureTransitionTable::add):
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::toCacheableDictionaryTransition):
      (JSC::Structure::toUncacheableDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::allocateRareData):
      (JSC::Structure::cloneRareDataFrom):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::finishCreation):
      (JSC::Structure::setPrototypeWithoutTransition):
      (JSC::Structure::setGlobalObject):
      (JSC::Structure::setObjectToStringValue):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::setPreviousID):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::StructureChain):
      * runtime/StructureChain.h:
      (JSC::StructureChain::create):
      (JSC::StructureChain::createStructure):
      (JSC::StructureChain::finishCreation):
      (StructureChain):
      * runtime/StructureInlines.h:
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      (JSC::Structure::get):
      (JSC::Structure::setEnumerationCache):
      (JSC::Structure::prototypeChain):
      (JSC::Structure::propertyTable):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::create):
      (JSC::StructureRareData::clone):
      (JSC::StructureRareData::StructureRareData):
      * runtime/StructureRareData.h:
      (StructureRareData):
      * runtime/StructureRareDataInlines.h:
      (JSC::StructureRareData::setPreviousID):
      (JSC::StructureRareData::setObjectToStringValue):
      * runtime/StructureTransitionTable.h:
      (StructureTransitionTable):
      (JSC::StructureTransitionTable::setSingleTransition):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::create):
      (JSC::SharedSymbolTable::createStructure):
      (JSC::SharedSymbolTable::SharedSymbolTable):
      * runtime/VM.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalData.cpp.
      (JSC::VM::VM):
      (JSC::VM::~VM):
      (JSC::VM::createContextGroup):
      (JSC::VM::create):
      (JSC::VM::createLeaked):
      (JSC::VM::sharedInstanceExists):
      (JSC::VM::sharedInstance):
      (JSC::VM::sharedInstanceInternal):
      (JSC::VM::getHostFunction):
      (JSC::VM::ClientData::~ClientData):
      (JSC::VM::resetDateCache):
      (JSC::VM::startSampling):
      (JSC::VM::stopSampling):
      (JSC::VM::discardAllCode):
      (JSC::VM::dumpSampleData):
      (JSC::VM::addSourceProviderCache):
      (JSC::VM::clearSourceProviderCaches):
      (JSC::VM::releaseExecutableMemory):
      (JSC::releaseExecutableMemory):
      (JSC::VM::gatherConservativeRoots):
      (JSC::VM::addRegExpToTrace):
      (JSC::VM::dumpRegExpTrace):
      * runtime/VM.h: Copied from Source/JavaScriptCore/runtime/JSGlobalData.h.
      (VM):
      (JSC::VM::isSharedInstance):
      (JSC::VM::usingAPI):
      (JSC::VM::isInitializingObject):
      (JSC::VM::setInitializingObjectClass):
      (JSC::WeakSet::heap):
      * runtime/WriteBarrier.h:
      (JSC):
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::setMayBeNull):
      (JSC::WriteBarrierBase::setEarlyValue):
      (JSC::WriteBarrier::WriteBarrier):
      * testRegExp.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (main):
      (testOneRegExp):
      (parseRegExpLine):
      (runFromFiles):
      (realMain):
      * yarr/YarrInterpreter.h:
      (BytecodePattern):
      * yarr/YarrJIT.cpp:
      (YarrGenerator):
      (JSC::Yarr::YarrGenerator::compile):
      (JSC::Yarr::jitCompile):
      * yarr/YarrJIT.h:
      (JSC):
      
      ../WebCore: 
      
      * ForwardingHeaders/runtime/JSGlobalData.h: Removed.
      * ForwardingHeaders/runtime/VM.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalData.h.
      * WebCore.exp.in:
      * WebCore.order:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * bindings/js/DOMObjectHashTableMap.cpp:
      (WebCore::DOMObjectHashTableMap::mapFor):
      * bindings/js/DOMObjectHashTableMap.h:
      (JSC):
      (DOMObjectHashTableMap):
      * bindings/js/DOMWrapperWorld.cpp:
      (WebCore::DOMWrapperWorld::DOMWrapperWorld):
      (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
      (WebCore::normalWorld):
      (WebCore::mainThreadNormalWorld):
      * bindings/js/DOMWrapperWorld.h:
      (WebCore::DOMWrapperWorld::create):
      (WebCore::DOMWrapperWorld::vm):
      (DOMWrapperWorld):
      (WebCore):
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::get):
      (WebCore::set):
      (WebCore::deserializeIDBValue):
      (WebCore::deserializeIDBValueBuffer):
      (WebCore::idbKeyToScriptValue):
      * bindings/js/JSCallbackData.h:
      (WebCore::JSCallbackData::JSCallbackData):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver):
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::getHashTableForGlobalData):
      (WebCore::reportException):
      (WebCore::cacheDOMStructure):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::DOMConstructorWithDocument::finishCreation):
      (WebCore::getDOMStructure):
      (WebCore::setInlineCachedWrapper):
      (WebCore):
      (WebCore::jsStringWithCache):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::finishCreation):
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::JSDOMWindowBase::updateDocument):
      (WebCore::JSDOMWindowBase::commonVM):
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::setLocation):
      (WebCore::DialogHandler::dialogCreated):
      (WebCore::DialogHandler::returnValue):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::finishCreation):
      (WebCore::JSDOMWindowShell::setWindow):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::create):
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSDOMWrapper.h:
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::createAccelerationObject):
      (WebCore::createRotationRateObject):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDictionary.h:
      (WebCore::JSDictionary::JSDictionary):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::setWrapper):
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::all):
      (WebCore::JSHTMLDocument::setAll):
      * bindings/js/JSHTMLTemplateElementCustom.cpp:
      (WebCore::JSHTMLTemplateElement::content):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::state):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::functionDetails):
      (WebCore::getJSListenerFunctions):
      (WebCore::JSInjectedScriptHost::getEventListeners):
      (WebCore::JSInjectedScriptHost::inspect):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::JSMessageEvent::data):
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSMutationCallback.cpp:
      (WebCore::JSMutationCallback::call):
      * bindings/js/JSMutationObserverCustom.cpp:
      (WebCore::JSMutationObserverConstructor::constructJSMutationObserver):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCondition.h:
      (WebCore::JSNodeFilterCondition::create):
      (JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::toNodeFilter):
      * bindings/js/JSPopStateEventCustom.cpp:
      (WebCore::cacheState):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JSSQLResultSetRowListCustom.cpp:
      (WebCore::JSSQLResultSetRowList::item):
      * bindings/js/JSWorkerContextBase.cpp:
      (WebCore::JSWorkerContextBase::JSWorkerContextBase):
      (WebCore::JSWorkerContextBase::finishCreation):
      * bindings/js/JSWorkerContextBase.h:
      (WebCore::JSWorkerContextBase::createStructure):
      (JSWorkerContextBase):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::ScheduledAction):
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScheduledAction.h:
      (WebCore::ScheduledAction::ScheduledAction):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      (WebCore::createScriptArguments):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::createWindowShell):
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::createWorld):
      (WebCore::ScriptController::getAllWorlds):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::clearScriptObjects):
      (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandler):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptGCEvent.cpp:
      (WebCore::ScriptGCEvent::getHeapSize):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptObject::ScriptObject):
      (WebCore::ScriptGlobalObject::set):
      * bindings/js/ScriptState.h:
      (WebCore):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::deserialize):
      * bindings/js/ScriptValue.h:
      (WebCore::ScriptValue::ScriptValue):
      * bindings/js/ScriptWrappable.h:
      (JSC):
      (ScriptWrappable):
      * bindings/js/ScriptWrappableInlines.h:
      (WebCore::ScriptWrappable::setWrapper):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::readTerminal):
      (WebCore::SerializedScriptValue::deserializeForInspector):
      (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
      * bindings/js/WebCoreJSClientData.h:
      (WebCoreJSClientData):
      (WebCore::initNormalWorldClientData):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::WorkerScriptController):
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::scheduleExecutionTermination):
      (WebCore::WorkerScriptController::isExecutionTerminating):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/js/WorkerScriptController.h:
      (JSC):
      (WebCore::WorkerScriptController::vm):
      (WorkerScriptController):
      * bindings/js/WorkerScriptDebugServer.cpp:
      (WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateCallbackImplementation):
      (JSValueToNative):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::getJSFloat64ArrayConstructorTable):
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::getJSFloat64ArrayPrototypeTable):
      (WebCore::getJSFloat64ArrayTable):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::createPrototype):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::create):
      (WebCore::JSFloat64Array::createStructure):
      (JSFloat64Array):
      (WebCore::JSFloat64ArrayPrototype::create):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayPrototype::JSFloat64ArrayPrototype):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::createPrototype):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::create):
      (WebCore::JSTestActiveDOMObject::createStructure):
      (JSTestActiveDOMObject):
      (WebCore::JSTestActiveDOMObjectPrototype::create):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::createPrototype):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::create):
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (JSTestCustomNamedGetter):
      (WebCore::JSTestCustomNamedGetterPrototype::create):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::create):
      (WebCore::JSTestEventConstructor::createStructure):
      (JSTestEventConstructor):
      (WebCore::JSTestEventConstructorPrototype::create):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::createPrototype):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      (WebCore::JSTestEventTarget::createStructure):
      (JSTestEventTarget):
      (WebCore::JSTestEventTargetPrototype::create):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::createPrototype):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::create):
      (WebCore::JSTestException::createStructure):
      (JSTestException):
      (WebCore::JSTestExceptionPrototype::create):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::createPrototype):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::create):
      (WebCore::JSTestInterface::createStructure):
      (JSTestInterface):
      (WebCore::JSTestInterfacePrototype::create):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::createPrototype):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::create):
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (JSTestMediaQueryListListener):
      (WebCore::JSTestMediaQueryListListenerPrototype::create):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::create):
      (WebCore::JSTestNamedConstructor::createStructure):
      (JSTestNamedConstructor):
      (WebCore::JSTestNamedConstructorPrototype::create):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::createPrototype):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::create):
      (WebCore::JSTestNode::createStructure):
      (JSTestNode):
      (WebCore::JSTestNodePrototype::create):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodePrototype::JSTestNodePrototype):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::createPrototype):
      (WebCore::jsTestObjCachedAttribute1):
      (WebCore::jsTestObjCachedAttribute2):
      (WebCore::setJSTestObjConditionalAttr4Constructor):
      (WebCore::setJSTestObjConditionalAttr5Constructor):
      (WebCore::setJSTestObjConditionalAttr6Constructor):
      (WebCore::setJSTestObjAnyAttribute):
      (WebCore::setJSTestObjReplaceableAttribute):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::create):
      (WebCore::JSTestObj::createStructure):
      (JSTestObj):
      (WebCore::JSTestObjPrototype::create):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjPrototype::JSTestObjPrototype):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::createPrototype):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::create):
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (JSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsPrototype::create):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::createPrototype):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::create):
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (JSTestSerializedScriptValueInterface):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::create):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::createPrototype):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::create):
      (WebCore::JSTestTypedefs::createStructure):
      (JSTestTypedefs):
      (WebCore::JSTestTypedefsPrototype::create):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::createStructure):
      (ObjCRuntimeMethod::finishCreation):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (JSC::RuntimeMethod::createStructure):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      (JSC::Bindings::RuntimeObject::finishCreation):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::RootObject):
      (JSC::Bindings::RootObject::gcProtect):
      (JSC::Bindings::RootObject::gcUnprotect):
      (JSC::Bindings::RootObject::updateGlobalObject):
      (JSC::Bindings::RootObject::addRuntimeObject):
      * bridge/runtime_root.h:
      (RootObject):
      * dom/Node.cpp:
      * dom/Node.h:
      (JSC):
      * dom/ScriptExecutionContext.cpp:
      (WebCore::ScriptExecutionContext::vm):
      * dom/ScriptExecutionContext.h:
      (JSC):
      (ScriptExecutionContext):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * inspector/ScriptArguments.cpp:
      (WebCore::ScriptArguments::ScriptArguments):
      * loader/icon/IconDatabaseBase.cpp:
      (WebCore):
      (WebCore::iconDatabase):
      (WebCore::setGlobalIconDatabase):
      * platform/qt/MemoryUsageSupportQt.cpp:
      (WebCore::memoryUsageKB):
      (WebCore::actualMemoryUsageKB):
      * platform/win/ClipboardUtilitiesWin.cpp:
      (WebCore::createGlobalData):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::platformStart):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      ../WebKit/blackberry: 
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebKitSupport/AboutData.cpp:
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::javaScriptObjectsCount):
      
      ../WebKit/efl: 
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::javaScriptObjectsCount):
      
      ../WebKit/gtk: 
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      ../WebKit/mac: 
      
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.h:
      (LocalObjectMap):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::LocalObjectMap::idForObject):
      (WebKit::NetscapePluginInstanceProxy::getWindowNPObject):
      (WebKit::NetscapePluginInstanceProxy::getPluginElementNPObject):
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::createStructure):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::create):
      (WebKit::ProxyRuntimeObject::createStructure):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebKit.order:
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.mm:
      (WebScriptDebugger::WebScriptDebugger):
      
      ../WebKit/qt: 
      
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::javaScriptObjectsCount):
      * WebCoreSupport/QWebFrameAdapter.cpp:
      (QWebFrameAdapter::addToJavaScriptWindowObject):
      
      ../WebKit/win: 
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      
      ../WebKit2: 
      
      * Shared/linux/WebMemorySamplerLinux.cpp:
      (WebKit::WebMemorySampler::sampleWebKit):
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      (WebKit::JSNPMethod::createStructure):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::JSNPObject):
      (WebKit::JSNPObject::finishCreation):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (WebKit::JSNPObject::create):
      (WebKit::JSNPObject::createStructure):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::create):
      (WebKit::NPJSObject::initialize):
      * WebProcess/Plugins/Netscape/NPJSObject.h:
      (JSC):
      (NPJSObject):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
      (JSC):
      (NPRuntimeObjectMap):
      * WebProcess/Plugins/PluginView.cpp:
      (WebKit::PluginView::windowScriptNPObject):
      (WebKit::PluginView::pluginElementNPObject):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148696 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a9a4b52
  7. 19 Mar, 2013 1 commit
  8. 18 Mar, 2013 2 commits
    • fpizlo@apple.com's avatar
      DFG string conversions and allocations should be inlined · 0e6e1542
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112376
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      This turns new String(), String(), String.prototype.valueOf(), and
      String.prototype.toString() into intrinsics. It gives the DFG the ability to handle
      conversions from StringObject to JSString and vice-versa, and also gives it the
      ability to handle cases where a variable may be either a StringObject or a JSString.
      To do this, I added StringObject to value profiling (and removed the stale
      distinction between Myarguments and Foreignarguments). I also cleaned up ToPrimitive
      handling, using some of the new functionality but also taking advantage of the
      existence of Identity(String:@a).
              
      This is a 2% SunSpider speed-up. Also there are some speed-ups on V8v7 and Kraken.
      On microbenchmarks that stress new String() this is a 14x speed-up.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::hasExitSite):
      (JSC):
      * bytecode/DFGExitProfile.cpp:
      (JSC::DFG::ExitProfile::hasExitSite):
      (DFG):
      * bytecode/DFGExitProfile.h:
      (ExitProfile):
      (JSC::DFG::ExitProfile::hasExitSite):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      * bytecode/ExitKind.h:
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromClassInfo):
      * bytecode/SpeculatedType.h:
      (JSC):
      (JSC::isStringObjectSpeculation):
      (JSC::isStringOrStringObjectSpeculation):
      * create_hash_table:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAbstractState.h:
      (JSC::DFG::AbstractState::filterEdgeByUse):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
      (DFG):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      * dfg/DFGEdge.h:
      (JSC::DFG::Edge::shift):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (FixupPhase):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::hasGlobalExitSite):
      (Graph):
      (JSC::DFG::Graph::hasExitSite):
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToToString):
      (Node):
      (JSC::DFG::Node::hasStructure):
      (JSC::DFG::Node::shouldSpeculateStringObject):
      (JSC::DFG::Node::shouldSpeculateStringOrStringObject):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileNewStringObject):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateStringObject):
      (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (DFG):
      (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      * interpreter/CallFrame.h:
      (JSC::ExecState::regExpPrototypeTable):
      * runtime/CommonIdentifiers.h:
      * runtime/Intrinsic.h:
      * runtime/JSDestructibleObject.h:
      (JSDestructibleObject):
      (JSC::JSDestructibleObject::classInfoOffset):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      * runtime/JSObject.h:
      (JSC):
      * runtime/JSWrapperObject.h:
      (JSC::JSWrapperObject::allocationSize):
      (JSWrapperObject):
      (JSC::JSWrapperObject::internalValueOffset):
      (JSC::JSWrapperObject::internalValueCellOffset):
      * runtime/StringPrototype.cpp:
      (JSC):
      (JSC::StringPrototype::finishCreation):
      (JSC::StringPrototype::create):
      * runtime/StringPrototype.h:
      (StringPrototype):
      
      LayoutTests: 
      
      Reviewed by Geoffrey Garen.
      
      * fast/js/dfg-to-string-bad-toString-expected.txt: Added.
      * fast/js/dfg-to-string-bad-toString.html: Added.
      * fast/js/dfg-to-string-bad-valueOf-expected.txt: Added.
      * fast/js/dfg-to-string-bad-valueOf.html: Added.
      * fast/js/dfg-to-string-int-expected.txt: Added.
      * fast/js/dfg-to-string-int-or-string-expected.txt: Added.
      * fast/js/dfg-to-string-int-or-string.html: Added.
      * fast/js/dfg-to-string-int.html: Added.
      * fast/js/dfg-to-string-side-effect-clobbers-toString-expected.txt: Added.
      * fast/js/dfg-to-string-side-effect-clobbers-toString.html: Added.
      * fast/js/dfg-to-string-side-effect-expected.txt: Added.
      * fast/js/dfg-to-string-side-effect.html: Added.
      * fast/js/dfg-to-string-toString-becomes-bad-expected.txt: Added.
      * fast/js/dfg-to-string-toString-becomes-bad-with-dictionary-string-prototype-expected.txt: Added.
      * fast/js/dfg-to-string-toString-becomes-bad-with-dictionary-string-prototype.html: Added.
      * fast/js/dfg-to-string-toString-becomes-bad.html: Added.
      * fast/js/dfg-to-string-toString-in-string-expected.txt: Added.
      * fast/js/dfg-to-string-toString-in-string.html: Added.
      * fast/js/dfg-to-string-valueOf-becomes-bad-expected.txt: Added.
      * fast/js/dfg-to-string-valueOf-becomes-bad.html: Added.
      * fast/js/dfg-to-string-valueOf-in-string-expected.txt: Added.
      * fast/js/dfg-to-string-valueOf-in-string.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/regress/script-tests/string-concat-object.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-concat-pair-object.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-concat-pair-simple.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-concat-simple.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-cons-repeat.js: Added.
      (foo):
      * fast/js/regress/script-tests/string-cons-tower.js: Added.
      (foo):
      * fast/js/regress/string-concat-object-expected.txt: Added.
      * fast/js/regress/string-concat-object.html: Added.
      * fast/js/regress/string-concat-pair-object-expected.txt: Added.
      * fast/js/regress/string-concat-pair-object.html: Added.
      * fast/js/regress/string-concat-pair-simple-expected.txt: Added.
      * fast/js/regress/string-concat-pair-simple.html: Added.
      * fast/js/regress/string-concat-simple-expected.txt: Added.
      * fast/js/regress/string-concat-simple.html: Added.
      * fast/js/regress/string-cons-repeat-expected.txt: Added.
      * fast/js/regress/string-cons-repeat.html: Added.
      * fast/js/regress/string-cons-tower-expected.txt: Added.
      * fast/js/regress/string-cons-tower.html: Added.
      * fast/js/script-tests/dfg-to-string-bad-toString.js: Added.
      (String.prototype.toString):
      (foo):
      * fast/js/script-tests/dfg-to-string-bad-valueOf.js: Added.
      (String.prototype.valueOf):
      (foo):
      * fast/js/script-tests/dfg-to-string-int-or-string.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-int.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-side-effect-clobbers-toString.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-side-effect.js: Added.
      (foo):
      * fast/js/script-tests/dfg-to-string-toString-becomes-bad-with-dictionary-string-prototype.js: Added.
      (foo):
      (.String.prototype.toString):
      * fast/js/script-tests/dfg-to-string-toString-becomes-bad.js: Added.
      (foo):
      (.String.prototype.toString):
      * fast/js/script-tests/dfg-to-string-toString-in-string.js: Added.
      (foo):
      (.argument.toString):
      * fast/js/script-tests/dfg-to-string-valueOf-becomes-bad.js: Added.
      (foo):
      (.String.prototype.valueOf):
      * fast/js/script-tests/dfg-to-string-valueOf-in-string.js: Added.
      (foo):
      (.argument.valueOf):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146089 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e6e1542
    • fpizlo@apple.com's avatar
      ObjectPrototype properties should be eagerly created rather than lazily via static tables · 85d516bd
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112539
      
      Reviewed by Oliver Hunt.
              
      This is the first part of https://bugs.webkit.org/show_bug.cgi?id=112233. Rolling this
      in first since it's the less-likely-to-be-broken part.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectConstructorTable):
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectNativeFunction):
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::create):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@146071 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85d516bd
  9. 15 Mar, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      Roll out r145838 · 871ffe65
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112458
      
      Unreviewed. Requested by Filip Pizlo.
      
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectPrototypeTable):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      * runtime/CommonIdentifiers.h:
      * runtime/JSCell.cpp:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::create):
      (ObjectPrototype):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::findWithString):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      
      LayoutTests:
      
      * fast/js/regress/script-tests/string-lookup-hit-identifier.js: Removed.
      * fast/js/regress/script-tests/string-lookup-hit.js: Removed.
      * fast/js/regress/script-tests/string-lookup-miss.js: Removed.
      * fast/js/regress/string-lookup-hit-expected.txt: Removed.
      * fast/js/regress/string-lookup-hit-identifier-expected.txt: Removed.
      * fast/js/regress/string-lookup-hit-identifier.html: Removed.
      * fast/js/regress/string-lookup-hit.html: Removed.
      * fast/js/regress/string-lookup-miss-expected.txt: Removed.
      * fast/js/regress/string-lookup-miss.html: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145945 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      871ffe65
  10. 14 Mar, 2013 1 commit
    • fpizlo@apple.com's avatar
      JSObject fast by-string access optimizations should work even on the prototype... · 10c38d3c
      fpizlo@apple.com authored
      JSObject fast by-string access optimizations should work even on the prototype chain, and even when the result is undefined
      https://bugs.webkit.org/show_bug.cgi?id=112233
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Extended the existing fast access path for String keys to work over the entire prototype chain,
      not just the self access case. This will fail as soon as it sees an object that intercepts
      getOwnPropertySlot, so this patch also ensures that ObjectPrototype does not fall into that
      category. This is accomplished by making ObjectPrototype eagerly reify all of its properties.
      This is safe for ObjectPrototype because it's so common and we expect all of its properties to
      be reified for any interesting programs anyway. A new idiom for adding native functions to
      prototypes is introduced, which ought to work well for any other prototypes that we wish to do
      this conversion for.
              
      This is a >60% speed-up in the case that you frequently do by-string lookups that "miss", i.e.
      they don't turn up anything.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::objectConstructorTable):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::getByVal):
      * runtime/CommonIdentifiers.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getByStringSlow):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC):
      (JSC::JSCell::getByStringAndKey):
      (JSC::JSCell::getByString):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectNativeFunction):
      (JSC):
      * runtime/JSObject.h:
      (JSObject):
      (JSC):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/ObjectPrototype.cpp:
      (JSC):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::ObjectPrototype::create):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::findWithString):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      (JSC):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/js/regress/script-tests/string-lookup-hit-identifier.js: Added.
      (result):
      * fast/js/regress/script-tests/string-lookup-hit.js: Added.
      (result):
      * fast/js/regress/script-tests/string-lookup-miss.js: Added.
      (result):
      * fast/js/regress/string-lookup-hit-expected.txt: Added.
      * fast/js/regress/string-lookup-hit-identifier-expected.txt: Added.
      * fast/js/regress/string-lookup-hit-identifier.html: Added.
      * fast/js/regress/string-lookup-hit.html: Added.
      * fast/js/regress/string-lookup-miss-expected.txt: Added.
      * fast/js/regress/string-lookup-miss.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145838 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10c38d3c
  11. 26 Feb, 2013 1 commit
  12. 29 Jan, 2013 3 commits
    • oliver@apple.com's avatar
      Force debug builds to do bounds checks on contiguous property storage · a0099624
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=108212
      
      Reviewed by Mark Hahnenberg.
      
      Add a ContiguousData type that we use to represent contiguous property
      storage.  In release builds it is simply a pointer to the correct type,
      but in debug builds it also carries the data length and performs bounds
      checks.  This means we don't have to add as many manual bounds assertions
      when performing operations over contiguous data.
      
      * dfg/DFGOperations.cpp:
      * runtime/ArrayStorage.h:
      (ArrayStorage):
      (JSC::ArrayStorage::vector):
      * runtime/Butterfly.h:
      (JSC::ContiguousData::ContiguousData):
      (ContiguousData):
      (JSC::ContiguousData::operator[]):
      (JSC::ContiguousData::data):
      (JSC::ContiguousData::length):
      (JSC):
      (JSC::Butterfly::contiguousInt32):
      (Butterfly):
      (JSC::Butterfly::contiguousDouble):
      (JSC::Butterfly::contiguous):
      * runtime/JSArray.cpp:
      (JSC::JSArray::sortNumericVector):
      (ContiguousTypeAccessor):
      (JSC::ContiguousTypeAccessor::getAsValue):
      (JSC::ContiguousTypeAccessor::setWithValue):
      (JSC::ContiguousTypeAccessor::replaceDataReference):
      (JSC):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sort):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      * runtime/JSArray.h:
      (JSArray):
      * runtime/JSObject.cpp:
      (JSC::JSObject::copyButterfly):
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::rageConvertDoubleToContiguous):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::rageEnsureContiguousSlow):
      (JSC::JSObject::ensureLengthSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::rageEnsureContiguous):
      (JSObject):
      (JSC::JSObject::indexingData):
      (JSC::JSObject::currentIndexingData):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141154 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a0099624
    • ggaren@apple.com's avatar
      Static size inference for JavaScript objects · c862eacf
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=108093
      
      Reviewed by Phil Pizlo.
      
      ../JavaScriptCore: 
      
      * API/JSObjectRef.cpp:
      * JavaScriptCore.order:
      * JavaScriptCore.xcodeproj/project.pbxproj: Pay the tax man.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode): op_new_object and op_create_this now
      have an extra inferredInlineCapacity argument. This is the statically
      inferred inline capacity, just from analyzing source text. op_new_object
      also gets a pointer to an allocation profile. (For op_create_this, the
      profile is in the construtor function.)
      
      (JSC::CodeBlock::CodeBlock): Link op_new_object.
      
      (JSC::CodeBlock::stronglyVisitStrongReferences): Mark our profiles.
      
      * bytecode/CodeBlock.h:
      (CodeBlock): Removed some dead code. Added object allocation profiles.
      
      * bytecode/Instruction.h:
      (JSC): New union type, since an instruction operand may point to an
      object allocation profile now.
      
      * bytecode/ObjectAllocationProfile.h: Added.
      (JSC):
      (ObjectAllocationProfile):
      (JSC::ObjectAllocationProfile::offsetOfAllocator):
      (JSC::ObjectAllocationProfile::offsetOfStructure):
      (JSC::ObjectAllocationProfile::ObjectAllocationProfile):
      (JSC::ObjectAllocationProfile::isNull):
      (JSC::ObjectAllocationProfile::initialize):
      (JSC::ObjectAllocationProfile::structure):
      (JSC::ObjectAllocationProfile::inlineCapacity):
      (JSC::ObjectAllocationProfile::clear):
      (JSC::ObjectAllocationProfile::visitAggregate):
      (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount): New class
      for tracking a prediction about object allocation: structure, inline
      capacity, allocator to use.
      
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName): Updated instruction sizes.
      
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC):
      (JSC::UnlinkedCodeBlock::addObjectAllocationProfile):
      (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles):
      (UnlinkedCodeBlock): Unlinked support for allocation profiles.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate): Kill all remaining analyses at the
      end of codegen, since this is our last opportunity.
      
      (JSC::BytecodeGenerator::BytecodeGenerator): Added a static property
      analyzer to bytecode generation. It tracks initializing assignments and
      makes a guess about how many will happen.
      
      (JSC::BytecodeGenerator::newObjectAllocationProfile):
      (JSC):
      (JSC::BytecodeGenerator::emitProfiledOpcode):
      (JSC::BytecodeGenerator::emitMove):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitPutGetterSetter):
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::emitGetByVal): Added hooks to the static property
      analyzer, so it can observe allocations and stores.
      
      (JSC::BytecodeGenerator::emitCreateThis): Factored this into a helper
      function because it was a significant amount of logic, and I wanted to
      add to it.
      
      (JSC::BytecodeGenerator::emitNewObject):
      (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitCallVarargs):
      (JSC::BytecodeGenerator::emitConstruct): Added a hook to profiled opcodes
      to track their stores, in case a store kills a profiled allocation. Since
      profiled opcodes are basically the only interesting stores we do, this
      is a convenient place to notice any store that might kill an allocation.
      
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator): As above.
      
      * bytecompiler/StaticPropertyAnalysis.h: Added.
      (JSC):
      (StaticPropertyAnalysis):
      (JSC::StaticPropertyAnalysis::create):
      (JSC::StaticPropertyAnalysis::addPropertyIndex):
      (JSC::StaticPropertyAnalysis::record):
      (JSC::StaticPropertyAnalysis::propertyIndexCount):
      (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis): Simple helper
      class for tracking allocations and stores.
      
      * bytecompiler/StaticPropertyAnalyzer.h: Added.
      (StaticPropertyAnalyzer):
      (JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):
      (JSC::StaticPropertyAnalyzer::createThis):
      (JSC::StaticPropertyAnalyzer::newObject):
      (JSC::StaticPropertyAnalyzer::putById):
      (JSC::StaticPropertyAnalyzer::mov):
      (JSC::StaticPropertyAnalyzer::kill): Helper class for observing allocations
      and stores and making an inline capacity guess. The heuristics here are
      intentionally minimal because we don't want this one class to try to
      re-create something like a DFG or a runtime analysis. If we discover that
      we need those kinds of analyses, we should just replace this class with
      something else.
      
      This class tracks multiple registers that alias the same object -- that
      happens a lot, when moving locals into temporary registers -- but it
      doesn't track control flow or multiple objects that alias the same register.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute): Updated for rename.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock): Updated for inline capacity and
      allocation profile.
      
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasInlineCapacity):
      (Node):
      (JSC::DFG::Node::inlineCapacity):
      (JSC::DFG::Node::hasFunction): Give the graph a good way to represent
      inline capacity for an allocation.
      
      * dfg/DFGNodeType.h:
      (DFG): Updated for rename.
      
      * dfg/DFGOperations.cpp: Updated for interface change.
      
      * dfg/DFGOperations.h: We pass the inline capacity to the slow case as
      an argument. This is the simplest way, since it's stored as a bytecode operand.
      
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate): Updated for rename.
      
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID): Fixed a horrible off-by-one-half bug that only
      appears when doing an inline cached load for property number 64 on a 32-bit
      system. In JSVALUE32_64 land, "offsetRelativeToPatchedStorage" is the
      offset of the 64bit JSValue -- but we'll actually issue two loads, one for
      the payload at that offset, and one for the tag at that offset + 4. We need
      to ensure that both loads have a compact representation, or we'll corrupt
      the instruction stream.
      
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): Lots of refactoring to support
      passing an allocator to our allocation function, and/or passing a Structure
      as a register instead of an immediate.
      
      * heap/MarkedAllocator.h:
      (DFG):
      (MarkedAllocator):
      (JSC::MarkedAllocator::offsetOfFreeListHead): Added an accessor to simplify
      JIT code generation of allocation from an arbitrary allocator.
      
      * jit/JIT.h:
      (JSC):
      * jit/JITInlines.h:
      (JSC):
      (JSC::JIT::emitAllocateJSObject):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emitSlow_op_new_object):
      (JSC::JIT::emit_op_create_this):
      (JSC::JIT::emitSlow_op_create_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emitSlow_op_new_object):
      (JSC::JIT::emit_op_create_this):
      (JSC::JIT::emitSlow_op_create_this): Same refactoring as done for the DFG.
      
      * jit/JITStubs.cpp:
      (JSC::tryCacheGetByID): Fixed the same bug mentioned above.
      
      (JSC::DEFINE_STUB_FUNCTION): Updated for interface changes.
      
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions): Updated for interface changes.
      
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Same refactoring as for the JITs.
      
      * profiler/ProfilerBytecode.cpp:
      * profiler/ProfilerBytecodes.cpp:
      * profiler/ProfilerCompilation.cpp:
      * profiler/ProfilerCompiledBytecode.cpp:
      * profiler/ProfilerDatabase.cpp:
      * profiler/ProfilerOSRExit.cpp:
      * profiler/ProfilerOrigin.cpp:
      * profiler/ProfilerProfiledBytecodes.cpp: Include ObjectConstructor.h
      because that's where createEmptyObject() lives now.
      
      * runtime/Executable.h:
      (JSC::JSFunction::JSFunction): Updated for rename.
      
      * runtime/JSCellInlines.h:
      (JSC::allocateCell): Updated to match the allocator selection code in
      the JIT, so it's clearer that both are correct.
      
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::createAllocationProfile):
      (JSC::JSFunction::visitChildren):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::put):
      (JSC::JSFunction::defineOwnProperty):
      (JSC::JSFunction::getConstructData):
      * runtime/JSFunction.h:
      (JSC::JSFunction::offsetOfScopeChain):
      (JSC::JSFunction::offsetOfExecutable):
      (JSC::JSFunction::offsetOfAllocationProfile):
      (JSC::JSFunction::allocationProfile):
      (JSFunction):
      (JSC::JSFunction::tryGetAllocationProfile):
      (JSC::JSFunction::addAllocationProfileWatchpoint): Changed inheritorID
      data member to be an ObjectAllocationProfile, which includes a pointer
      to the desired allocator. This simplifies JIT code, since we don't have
      to compute the allocator on the fly. I verified by code inspection that
      JSFunction is still only 64 bytes.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::dateStructure): No direct pointer to the empty
      object structure anymore, because now clients need to specify how much
      inline capacity they want.
      
      * runtime/JSONObject.cpp:
      * runtime/JSObject.h:
      (JSC):
      (JSFinalObject):
      (JSC::JSFinalObject::defaultInlineCapacity):
      (JSC::JSFinalObject::maxInlineCapacity):
      (JSC::JSFinalObject::createStructure): A little refactoring to try to 
      clarify where some of these constants derive from.
      
      (JSC::maxOffsetRelativeToPatchedStorage): Used for bug fix, above.
      
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget): Ugly, but effective.
      
      * runtime/LiteralParser.cpp:
      * runtime/ObjectConstructor.cpp:
      (JSC::constructObject):
      (JSC::constructWithObjectConstructor):
      (JSC::callObjectConstructor):
      (JSC::objectConstructorCreate): Updated for interface changes.
      
      * runtime/ObjectConstructor.h:
      (JSC::constructEmptyObject): Clarified your options for how to allocate
      an empty object, to emphasize what things can actually vary.
      
      * runtime/PropertyOffset.h: These constants have moved because they're
      really higher level concepts to do with the layout of objects and the
      collector. PropertyOffset is just an abstract number line, independent
      of those things.
      
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
      * runtime/PrototypeMap.h:
      (PrototypeMap): The map key is now a pair of prototype and inline capacity,
      since Structure encodes inline capacity.
      
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTableForPinning):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::totalStorageSize):
      (JSC::Structure::transitionCount):
      (JSC::Structure::create): Fixed a nasty refactoring bug that only shows
      up after enabling variable-sized inline capacities: we were passing our
      type info where our inline capacity was expected. The compiler didn't
      notice because both have type int :(.
      
      ../WebCore: 
      
      * ForwardingHeaders/runtime/ObjectConstructor.h: Added.
      
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      * bindings/js/JSSQLResultSetRowListCustom.cpp: Include ObjectConstructor.h because
      that's where createEmptyObject() is located now.
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::deserialize): Updated for interface change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141050 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c862eacf
    • oliver@apple.com's avatar
      Add more assertions to the property storage use in arrays · 5468c770
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=107728
      
      Reviewed by Filip Pizlo.
      
      Add a bunch of assertions to array and object butterfly
      usage.  This should make debugging somewhat easier.
      
      I also converted a couple of assertions to release asserts
      as they were so low cost it seemed a sensible thing to do.
      
      * runtime/JSArray.cpp:
      (JSC::JSArray::sortVector):
      (JSC::JSArray::compactForSorting):
      * runtime/JSObject.h:
      (JSC::JSObject::getHolyIndexQuickly):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141029 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5468c770
  13. 23 Jan, 2013 1 commit
    • oliver@apple.com's avatar
      Replace ASSERT_NOT_REACHED with RELEASE_ASSERT_NOT_REACHED in JSC · 5598c181
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=107736
      
      Reviewed by Mark Hahnenberg.
      
      Mechanical change with no performance impact.
      
      * API/JSBlockAdaptor.mm:
      (BlockArgumentTypeDelegate::typeVoid):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::construct):
      (JSC::::call):
      * API/JSScriptRef.cpp:
      * API/ObjCCallbackFunction.mm:
      (ArgumentTypeDelegate::typeVoid):
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::link):
      (JSC::ARMv7Assembler::replaceWithLoad):
      (JSC::ARMv7Assembler::replaceWithAddressComputation):
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::invert):
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::countLeadingZeros32):
      (JSC::MacroAssemblerARM::divDouble):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::absDouble):
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::absDouble):
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::shllImm8r):
      (JSC::SH4Assembler::shlrImm8r):
      (JSC::SH4Assembler::cmplRegReg):
      (JSC::SH4Assembler::branch):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::replaceWithLoad):
      (JSC::X86Assembler::replaceWithAddressComputation):
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CodeBlock.cpp:
      (JSC::debugHookName):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/DataFormat.h:
      (JSC::needDataFormatConversion):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      (JSC::exitKindIsCountable):
      * bytecode/MethodOfGettingAValueProfile.cpp:
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/Opcode.h:
      (JSC::opcodeLength):
      * bytecode/PolymorphicPutByIdList.cpp:
      (JSC::PutByIdAccess::fromStructureStubInfo):
      (JSC::PutByIdAccess::visitWeak):
      * bytecode/StructureStubInfo.cpp:
      (JSC::StructureStubInfo::deref):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::emitGetLocalVar):
      (JSC::BytecodeGenerator::beginSwitch):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::BinaryOpNode::emitBytecode):
      (JSC::emitReadModifyAssignment):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      * dfg/DFGCommon.h:
      (JSC::DFG::useKindToString):
      * dfg/DFGDoubleFormatState.h:
      (JSC::DFG::mergeDoubleFormatStates):
      (JSC::DFG::doubleFormatStateToString):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::blessArrayOperation):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::valueOfJSConstant):
      (JSC::DFG::Node::successor):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::nodeFlagsAsString):
      * dfg/DFGNodeType.h:
      (JSC::DFG::defaultFlags):
      * dfg/DFGRepatch.h:
      (JSC::DFG::dfgResetGetByID):
      (JSC::DFG::dfgResetPutByID):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::call):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::bitOp):
      (JSC::DFG::SpeculativeJIT::shiftOp):
      (JSC::DFG::SpeculativeJIT::integerResult):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableEvent.cpp:
      (JSC::DFG::VariableEvent::dump):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * heap/BlockAllocator.h:
      (JSC::BlockAllocator::regionSetFor):
      * heap/GCThread.cpp:
      (JSC::GCThread::gcThreadMain):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::isLive):
      * interpreter/CallFrame.h:
      (JSC::ExecState::inlineCallFrame):
      * interpreter/Interpreter.cpp:
      (JSC::getCallerInfo):
      (JSC::getStackFrameCodeType):
      (JSC::Interpreter::execute):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emitSlow_op_mod):
      * jit/JITArithmetic32_64.cpp:
      (JSC::JIT::emitBinaryDoubleOp):
      (JSC::JIT::emitSlow_op_mod):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::isDirectPutById):
      * jit/JITStubs.cpp:
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * parser/Lexer.cpp:
      (JSC::::lex):
      * parser/Nodes.h:
      (JSC::ExpressionNode::emitBytecodeInConditionContext):
      * parser/Parser.h:
      (JSC::Parser::getTokenName):
      (JSC::Parser::updateErrorMessageSpecialCase):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::operatorStackPop):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/DatePrototype.cpp:
      (JSC::formatLocaleDate):
      * runtime/Executable.cpp:
      (JSC::samplingDescription):
      * runtime/Executable.h:
      (JSC::ScriptExecutable::unlinkCalls):
      * runtime/Identifier.cpp:
      (JSC):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::getCallData):
      * runtime/JSArray.cpp:
      (JSC::JSArray::push):
      (JSC::JSArray::sort):
      * runtime/JSCell.cpp:
      (JSC::JSCell::defaultValue):
      (JSC::JSCell::getOwnPropertyNames):
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC::JSCell::className):
      (JSC::JSCell::getPropertyNames):
      (JSC::JSCell::customHasInstance):
      (JSC::JSCell::putDirectVirtual):
      (JSC::JSCell::defineOwnProperty):
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSNameScope.cpp:
      (JSC::JSNameScope::put):
      * runtime/JSObject.cpp:
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::canSetIndexQuicklyForPutDirect):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::hasSparseMap):
      (JSC::JSObject::inSparseIndexingMode):
      * runtime/JSScope.cpp:
      (JSC::JSScope::isDynamicScope):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::putDirectVirtual):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/RegExp.cpp:
      (JSC::RegExp::compile):
      (JSC::RegExp::compileMatchOnly):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::sample):
      * yarr/YarrCanonicalizeUCS2.h:
      (JSC::Yarr::getCanonicalPair):
      (JSC::Yarr::areCanonicallyEquivalent):
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::Interpreter::matchCharacterClass):
      (JSC::Yarr::Interpreter::matchBackReference):
      (JSC::Yarr::Interpreter::backtrackParenthesesTerminalEnd):
      (JSC::Yarr::Interpreter::matchParentheses):
      (JSC::Yarr::Interpreter::backtrackParentheses):
      (JSC::Yarr::Interpreter::matchDisjunction):
      * yarr/YarrJIT.cpp:
      (JSC::Yarr::YarrGenerator::generateTerm):
      (JSC::Yarr::YarrGenerator::backtrackTerm):
      * yarr/YarrParser.h:
      (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
      (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
      * yarr/YarrPattern.cpp:
      (JSC::Yarr::YarrPatternConstructor::atomCharacterClassBuiltIn):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140594 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5598c181
  14. 19 Jan, 2013 1 commit
    • ggaren@apple.com's avatar
      Track inheritance structures in a side table, instead of using a private · 51a38ca4
      ggaren@apple.com authored
      name in each prototype
      https://bugs.webkit.org/show_bug.cgi?id=107378
      
      Reviewed by Sam Weinig and Phil Pizlo.
      
      This is a step toward object size inference.
      
      Using a side table frees us to use a more complex key (a pair of
      prototype and expected inline capacity).
      
      It also avoids ruining inline caches for prototypes. (Adding a new private
      name for a new inline capacity would change the prototype's structure,
      possibly firing watchpoints, making inline caches go polymorphic, and
      generally causing us to have a bad time.)
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri: Buildage.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation): Updated to use new side table API.
      
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::cacheInheritorID): Updated to use new side table API.
      
      (JSC::JSFunction::visitChildren): Fixed a long-standing bug where JSFunction
      forgot to visit one of its data members (m_cachedInheritorID). This
      wasn't a user-visible problem before because JSFunction would always
      visit its .prototype property, which visited its m_cachedInheritorID.
      But now, function.prototype only weakly owns function.m_cachedInheritorID.
      
      * runtime/JSGlobalData.h:
      (JSGlobalData): Added the map, taking care to make sure that its
      destructor would run after the heap destructor.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset): Updated to use new side table API.
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC::JSObject::setPrototype):
      * runtime/JSObject.h:
      (JSObject): Updated to use new side table API, and removed lots of code
      that used to manage the per-object private name.
      
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorCreate):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation): Updated to use new side table API.
      
      * runtime/PrototypeMap.cpp: Added.
      (JSC):
      (JSC::PrototypeMap::addPrototype):
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      * runtime/PrototypeMap.h: Added.
      (PrototypeMap):
      (JSC::PrototypeMap::isPrototype):
      (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype): New side table.
      This is a simple weak map, mapping an object to the structure you should
      use when inheriting from that object. (In future, inline capacity will
      be a part of the mapping.)
      
      I used two maps to preserve existing behavior that allowed us to speculate
      about an object becoming a prototype, even if it wasn't one at the moment.
      However, I suspect that behavior can be removed without harm.
      
      * runtime/WeakGCMap.h:
      (JSC::WeakGCMap::contains):
      (WeakGCMap): I would rate myself a 6 / 10 in C++.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140259 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      51a38ca4
  15. 12 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      The JITThunks class should be in its own file, and doing so should not break the build · a4b4cbe9
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=105696
      
      Source/JavaScriptCore: 
      
      Rubber stamped by Sam Weinig and Geoffrey Garen.
              
      This patch was supposed to just move JITThunks into its own file. But then I
      realized that there is a horrible circular dependency chain between JSCell,
      JSGlobalData, CallFrame, and Weak, which only works because of magical include
      order in JITStubs.h, and the fact that JSGlobalData.h includes JITStubs.h
      before it includes JSCell or JSValue.
              
      I first tried to just get JITThunks.h to just magically do the same pointless
      includes that JITStubs.h had, but then I decided to actually fix the underflying
      problem, which was that JSCell needed CallFrame, CallFrame needed JSGlobalData,
      JSGlobalData needed JITThunks, JITThunks needed Weak, and Weak needed JSCell.
      Now, all of JSCell's outgoing dependencies are placed in JSCellInlines.h. This
      also gave me an opportunity to move JSValue inline methods from JSCell.h into
      JSValueInlines.h. But to make this really work, I needed to remove includes of
      *Inlines.h from other headers (CodeBlock.h for example included JSValueInlines.h,
      which defeats the whole entire purpose of having an Inlines.h file), and I needed
      to add includes of *Inlines.h into a bunch of .cpp files. I did this mostly by
      having .cpp files include Operations.h. In future, if you're adding a .cpp file
      to JSC, you'll almost certainly have to include Operations.h unless you enjoy
      link errors.
      
      * API/JSBase.cpp:
      * API/JSCallbackConstructor.cpp:
      * API/JSCallbackFunction.cpp:
      * API/JSCallbackObject.cpp:
      * API/JSClassRef.cpp:
      * API/JSContextRef.cpp:
      * API/JSObjectRef.cpp:
      * API/JSScriptRef.cpp:
      * API/JSWeakObjectMapRefPrivate.cpp:
      * JSCTypedArrayStubs.h:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ArrayAllocationProfile.cpp:
      * bytecode/CodeBlock.cpp:
      * bytecode/GetByIdStatus.cpp:
      * bytecode/LazyOperandValueProfile.cpp:
      * bytecode/ResolveGlobalStatus.cpp:
      * bytecode/SpeculatedType.cpp:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecompiler/BytecodeGenerator.cpp:
      * debugger/Debugger.cpp:
      * debugger/DebuggerActivation.cpp:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGArrayMode.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGDriver.cpp:
      * dfg/DFGFixupPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGPredictionPropagationPhase.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (DFG):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      * dfg/DFGVariableEventStream.cpp:
      * heap/CopiedBlock.h:
      * heap/CopiedSpace.cpp:
      * heap/HandleSet.cpp:
      * heap/Heap.cpp:
      * heap/HeapStatistics.cpp:
      * heap/SlotVisitor.cpp:
      * heap/WeakBlock.cpp:
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * jit/ClosureCallStubRoutine.cpp:
      * jit/GCAwareJITStubRoutine.cpp:
      * jit/JIT.cpp:
      * jit/JITArithmetic.cpp:
      * jit/JITArithmetic32_64.cpp:
      * jit/JITCall.cpp:
      * jit/JITCall32_64.cpp:
      * jit/JITCode.h:
      * jit/JITExceptions.cpp:
      * jit/JITStubs.h:
      * jit/JITThunks.h:
      * jsc.cpp:
      * llint/LLIntExceptions.cpp:
      * profiler/LegacyProfiler.cpp:
      * profiler/ProfileGenerator.cpp:
      * profiler/ProfilerBytecode.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * profiler/ProfilerBytecodes.cpp:
      * profiler/ProfilerCompilation.cpp:
      * profiler/ProfilerCompiledBytecode.cpp:
      * profiler/ProfilerDatabase.cpp:
      * profiler/ProfilerOSRExit.cpp:
      * profiler/ProfilerOSRExitSite.cpp:
      * profiler/ProfilerOrigin.cpp:
      * profiler/ProfilerOriginStack.cpp:
      * profiler/ProfilerProfiledBytecodes.cpp:
      * runtime/ArgList.cpp:
      * runtime/Arguments.cpp:
      * runtime/ArrayConstructor.cpp:
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanObject.cpp:
      * runtime/BooleanPrototype.cpp:
      * runtime/CallData.cpp:
      * runtime/CodeCache.cpp:
      * runtime/Completion.cpp:
      * runtime/ConstructData.cpp:
      * runtime/DateConstructor.cpp:
      * runtime/DateInstance.cpp:
      * runtime/DatePrototype.cpp:
      * runtime/Error.cpp:
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorInstance.cpp:
      * runtime/ErrorPrototype.cpp:
      * runtime/ExceptionHelpers.cpp:
      * runtime/Executable.cpp:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionPrototype.cpp:
      * runtime/GetterSetter.cpp:
      * runtime/Identifier.cpp:
      * runtime/InternalFunction.cpp:
      * runtime/JSActivation.cpp:
      * runtime/JSBoundFunction.cpp:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC):
      * runtime/JSCellInlines.h: Added.
      (JSC):
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::JSCell::structure):
      (JSC::JSCell::visitChildren):
      (JSC::allocateCell):
      (JSC::isZapped):
      (JSC::JSCell::isObject):
      (JSC::JSCell::isString):
      (JSC::JSCell::isGetterSetter):
      (JSC::JSCell::isProxy):
      (JSC::JSCell::isAPIValueWrapper):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::methodTable):
      (JSC::JSCell::inherits):
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSCell::fastGetOwnProperty):
      (JSC::JSCell::toBoolean):
      * runtime/JSDateMath.cpp:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      (JSC):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSLock.cpp:
      * runtime/JSNameScope.cpp:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSONObject.cpp:
      * runtime/JSObject.h:
      (JSC):
      * runtime/JSProxy.cpp:
      * runtime/JSScope.cpp:
      * runtime/JSSegmentedVariableObject.cpp:
      * runtime/JSString.h:
      (JSC):
      * runtime/JSStringJoiner.cpp:
      * runtime/JSSymbolTableObject.cpp:
      * runtime/JSValue.cpp:
      * runtime/JSValueInlines.h:
      (JSC::JSValue::toInt32):
      (JSC::JSValue::toUInt32):
      (JSC):
      (JSC::JSValue::isUInt32):
      (JSC::JSValue::asUInt32):
      (JSC::JSValue::asNumber):
      (JSC::jsNaN):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::encode):
      (JSC::JSValue::decode):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::JSValue::isEmpty):
      (JSC::JSValue::isUndefined):
      (JSC::JSValue::isNull):
      (JSC::JSValue::isUndefinedOrNull):
      (JSC::JSValue::isCell):
      (JSC::JSValue::isInt32):
      (JSC::JSValue::isDouble):
      (JSC::JSValue::isTrue):
      (JSC::JSValue::isFalse):
      (JSC::JSValue::tag):
      (JSC::JSValue::payload):
      (JSC::JSValue::asInt32):
      (JSC::JSValue::asDouble):
      (JSC::JSValue::asCell):
      (JSC::JSValue::isNumber):
      (JSC::JSValue::isBoolean):
      (JSC::JSValue::asBoolean):
      (JSC::reinterpretDoubleToInt64):
      (JSC::reinterpretInt64ToDouble):
      (JSC::JSValue::isString):
      (JSC::JSValue::isPrimitive):
      (JSC::JSValue::isGetterSetter):
      (JSC::JSValue::isObject):
      (JSC::JSValue::getString):
      (JSC::::getString):
      (JSC::JSValue::getObject):
      (JSC::JSValue::getUInt32):
      (JSC::JSValue::toPrimitive):
      (JSC::JSValue::getPrimitiveNumber):
      (JSC::JSValue::toNumber):
      (JSC::JSValue::toObject):
      (JSC::JSValue::isFunction):
      (JSC::JSValue::inherits):
      (JSC::JSValue::toThisObject):
      (JSC::JSValue::get):
      (JSC::JSValue::put):
      (JSC::JSValue::putByIndex):
      (JSC::JSValue::structureOrUndefined):
      (JSC::JSValue::equal):
      (JSC::JSValue::equalSlowCaseInline):
      (JSC::JSValue::strictEqualSlowCaseInline):
      (JSC::JSValue::strictEqual):
      * runtime/JSVariableObject.cpp:
      * runtime/JSWithScope.cpp:
      * runtime/JSWrapperObject.cpp:
      * runtime/LiteralParser.cpp:
      * runtime/Lookup.cpp:
      * runtime/NameConstructor.cpp:
      * runtime/NameInstance.cpp:
      * runtime/NamePrototype.cpp:
      * runtime/NativeErrorConstructor.cpp:
      * runtime/NativeErrorPrototype.cpp:
      * runtime/NumberConstructor.cpp:
      * runtime/NumberObject.cpp:
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      * runtime/Operations.h:
      (JSC):
      * runtime/PropertySlot.cpp:
      * runtime/RegExp.cpp:
      * runtime/RegExpCache.cpp:
      * runtime/RegExpCachedResult.cpp:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpMatchesArray.cpp:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpPrototype.cpp:
      * runtime/SmallStrings.cpp:
      * runtime/SparseArrayValueMap.cpp:
      * runtime/StrictEvalActivation.cpp:
      * runtime/StringConstructor.cpp:
      * runtime/StringObject.cpp:
      * runtime/StringRecursionChecker.cpp:
      * runtime/Structure.h:
      (JSC):
      * runtime/StructureChain.cpp:
      * runtime/TimeoutChecker.cpp:
      * testRegExp.cpp:
      
      Source/WebCore: 
      
      Rubber stamped by Sam Weinig.
      
      All .cpp files that use the JSC internal API must now transitively include
      Operations.h, and none of the major JSC headers do it for you to avoid
      circularity. WebCore doesn't have to worry about circularity with JSC, so
      this changes all of the major WebCore JSC base headers to include
      Operations.h.
      
      * bindings/js/BindingState.h:
      * bindings/js/JSArrayBufferViewHelper.h:
      * bindings/js/JSCustomXPathNSResolver.h:
      * bindings/js/JSDOMBinding.h:
      * bindings/js/JSDOMGlobalObject.h:
      * bindings/js/JSDictionary.h:
      * bindings/js/JSMessagePortCustom.h:
      * bindings/js/JSNodeFilterCondition.h:
      * bindings/js/ScriptValue.h:
      * bindings/js/ScriptWrappable.h:
      * bindings/js/SerializedScriptValue.cpp:
      * bridge/c/c_utility.h:
      * bridge/jsc/BridgeJSC.h:
      * dom/Node.cpp:
      * html/HTMLCanvasElement.cpp:
      * html/HTMLImageLoader.cpp:
      * plugins/efl/PluginViewEfl.cpp:
      * xml/XMLHttpRequest.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139541 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4b4cbe9
  16. 11 Jan, 2013 3 commits
    • ggaren@apple.com's avatar
      Removed getDirectLocation and offsetForLocation and all their uses · 329c1534
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=106692
      
      Reviewed by Filip Pizlo.
      
      getDirectLocation() and its associated offsetForLocation() relied on
      detailed knowledge of the rules of PropertyOffset, JSObject, and
      Structure, which is a hard thing to reverse-engineer reliably. Luckily,
      it wasn't needed, and all clients either wanted a true value or a
      PropertyOffset. So, I refactored accordingly.
      
      * dfg/DFGOperations.cpp: Renamed putDirectOffset to putDirect, to clarify
      that we are not putting an offset.
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::getOwnPropertySlot): Get a value instead of a value
      pointer, since we never wanted a pointer to begin with.
      
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot): Use a PropertyOffset instead of a pointer,
      so we don't have to reverse-engineer the offset from the pointer.
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::resetInheritorID):
      (JSC::JSObject::inheritorID):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::fillGetterPropertySlot):
      (JSC::JSObject::getOwnPropertyDescriptor): Renamed getDirectOffset and
      putDirectOffset, as explaind above. We want to use the name "getDirectOffset"
      for when the thing you're getting is the offset.
      
      * runtime/JSObject.h:
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectOffset): Changed getDirectLocation to getDirectOffset,
      since clients really wants PropertyOffsets and not locations.
      
      (JSObject::offsetForLocation): Removed this function because it was hard
      to get right.
      
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectUndefined):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::putDirectWithoutTransition):
      * runtime/JSScope.cpp:
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolvePut):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive): Updated for renames.
      
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot): Use a PropertyOffset instead of a pointer,
      so we don't have to reverse-engineer the offset from the pointer.
      
      * runtime/Structure.cpp:
      (JSC::Structure::flattenDictionaryStructure): Updated for renames.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139491 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      329c1534
    • ggaren@apple.com's avatar
      Removed an unused version of getDirectLocation · a70da946
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=106691
      
      Reviewed by Gavin Barraclough.
      
      getDirectLocation is a weird operation. Removing the unused version is
      the easy part.
      
      * runtime/JSObject.h:
      (JSObject):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139488 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a70da946
    • ggaren@apple.com's avatar
      Fixed some bogus PropertyOffset ASSERTs · 338bd6f3
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=106686
      
      Reviewed by Gavin Barraclough.
      
      The ASSERTs were passing a JSType instead of an inlineCapacity, due to
      an incomplete refactoring.
      
      The compiler didn't catch this because both types are int underneath.
      
      * runtime/JSObject.h:
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectLocation):
      (JSC::JSObject::offsetForLocation):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransitionToExistingStructure): Validate against
      our inline capacity, as we intended.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      338bd6f3
  17. 20 Dec, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSObject::ensure<IndexingType> should gracefully handle InterceptsGetOwn...,... · 274b6f17
      fpizlo@apple.com authored
      JSObject::ensure<IndexingType> should gracefully handle InterceptsGetOwn..., and should never be called when the 'this' is not an object
      https://bugs.webkit.org/show_bug.cgi?id=105468
      
      Reviewed by Mark Hahnenberg, Oliver Hunt, and Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Changed JSObject::ensure<IndexingType> methods to gracefully handle
      InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero. Most of them handle it by returning
      null as a result of indexingShouldBeSparse() returning true, while ensureArrayStorage handles it
      by entering dictionary indexing mode, which forces the object to behave correctly even if there
      is proxying or weird prototype stuff going on.
              
      Changed DFGOperations entrypoints to reject non-objects, so that JSObject doesn't have to deal
      with pretending to be JSString. In particular, this would go wrong in the ArrayStorage case
      since we'd try to resize a butterfly on a JSString, but JSString has something other than
      m_butterfly at that offset.
              
      Finally, removed all InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero from JIT code
      since those are now redundant.
      
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::arrayify):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * runtime/JSObject.cpp:
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      * runtime/JSObject.h:
      (JSObject):
      
      LayoutTests: 
      
      * fast/js/dfg-ensure-array-storage-on-string-expected.txt: Added.
      * fast/js/dfg-ensure-array-storage-on-string.html: Added.
      * fast/js/dfg-ensure-contiguous-on-string-expected.txt: Added.
      * fast/js/dfg-ensure-contiguous-on-string.html: Added.
      * fast/js/jsc-test-list
      * fast/js/script-tests/dfg-ensure-array-storage-on-string.js: Added.
      (foo):
      * fast/js/script-tests/dfg-ensure-contiguous-on-string.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138201 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      274b6f17
  18. 19 Dec, 2012 1 commit
    • fpizlo@apple.com's avatar
      Proxies should set InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero · d5e0b705
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=105379
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Forgetting to set this flag led to the DFG trying to ensure array storage on a proxy. I've
      now hardened the code with a release assertion as well as fixing the bug. A release assertion
      is appropriate here since this is slow-path code.
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlowNoCheck):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSProxy.h:
      (JSProxy):
      
      LayoutTests: 
      
      * fast/js/dfg-ensure-non-array-array-storage-on-window-expected.txt: Added.
      * fast/js/dfg-ensure-non-array-array-storage-on-window.html: Added.
      * fast/js/script-tests/dfg-ensure-non-array-array-storage-on-window.js: Added.
      (foo):
      (bar):
      (.shouldBe):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138107 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d5e0b705
  19. 03 Dec, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should trigger rage conversion from double to contiguous if it sees a... · f10d0722
      fpizlo@apple.com authored
      DFG should trigger rage conversion from double to contiguous if it sees a GetByVal on Double being used in an integer context
      https://bugs.webkit.org/show_bug.cgi?id=103858
      
      Reviewed by Gavin Barraclough.
      
      A rage conversion from double to contiguous is one where you try to convert each
      double to an int32.
      
      This is probably not the last we'll hear of rage conversion from double to contiguous.
      It may be better to do this right during parsing, which will result in fewer cases of
      Arrayification. But even so, this looks like a straight win already - 1% speed-up on
      Kraken, no major regression anywhere else.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      (JSC::DFG::arrayConversionToString):
      (JSC::DFG::ArrayMode::dump):
      (WTF):
      (WTF::printInternal):
      * dfg/DFGArrayMode.h:
      (JSC::DFG::ArrayMode::withConversion):
      (ArrayMode):
      (JSC::DFG::ArrayMode::doesConversion):
      (WTF):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupBlock):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (FixupPhase):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGNodeFlags.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::arrayify):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * runtime/JSObject.cpp:
      (JSC):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::rageConvertDoubleToContiguous):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::rageEnsureContiguousSlow):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::rageEnsureContiguous):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136372 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f10d0722
  20. 15 Nov, 2012 2 commits
    • mark.lam@apple.com's avatar
      Change JSEventListener::m_jsFunction to be a weak ref. · 48d0136e
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101989.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Added infrastructure for scanning weak ref slots.
      
      * heap/SlotVisitor.cpp: Added #include "SlotVisitorInlines.h".
      * heap/SlotVisitor.h:
      (SlotVisitor): Added SlotVisitor::appendUnbarrieredWeak().
      * heap/SlotVisitorInlines.h: Added #include "Weak.h".
      (JSC::SlotVisitor::appendUnbarrieredWeak): Added.
      * heap/Weak.h:
      (JSC::operator==): Added operator==() for Weak.
      * runtime/JSCell.h: Removed #include "SlotVisitorInlines.h".
      * runtime/JSObject.h: Added #include "SlotVisitorInlines.h".
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/heap/SlotVisitor.h: Added.
      * bindings/js/JSDOMBinding.h: Added #include <heap/SlotVisitor.h>
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::JSEventListener):
      (WebCore::JSEventListener::visitJSFunction):
      (WebCore::JSEventListener::operator==):
       - Removed the m_wrapper checks in operator==() because they are not
         needed. There is no longer any threat of m_jsFunction pointing to
         recycled memory. The use of weak refs will ensure that m_jsFunction
         is either still holding on to its old memory exclusively, or is 0'ed
         out when the GC collects it.
      * bindings/js/JSEventListener.h:
      (JSEventListener):
      (WebCore::JSEventListener::jsFunction):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@134697 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48d0136e
    • fpizlo@apple.com's avatar
      Read-only properties created with putDirect() should tell the structure that... · eaa6482d
      fpizlo@apple.com authored
      Read-only properties created with putDirect() should tell the structure that there are read-only properties
      https://bugs.webkit.org/show_bug.cgi?id=102292
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      This mostly affects things like function.length.
      
      * runtime/JSObject.h:
      (JSC::JSObject::putDirectInternal):
      
      LayoutTests: 
      
      * fast/js/function-dot-length-read-only-expected.txt: Added.
      * fast/js/function-dot-length-read-only.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/function-dot-length-read-only.js: Added.
      (foo):
      (Bar):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@134695 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      eaa6482d
  21. 12 Nov, 2012 1 commit
  22. 08 Nov, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should infer when indexed storage contains only integers or doubles · 75c91a79
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98606
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      This adds two new indexing types: int32 and double. It also adds array allocation profiling,
      which allows array allocations to converge to allocating arrays using those types to which
      those arrays would have been converted.
              
      20% speed-up on navier-stokes. 40% speed-up on various Kraken DSP tests. Some slow-downs too,
      but a performance win overall on all benchmarks we track.
      
      * API/JSObjectRef.cpp:
      (JSObjectMakeArray):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/AbstractMacroAssembler.h:
      (JumpList):
      (JSC::AbstractMacroAssembler::JumpList::JumpList):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::branchDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::jnp):
      (X86Assembler):
      (JSC::X86Assembler::X86InstructionFormatter::emitRex):
      * bytecode/ArrayAllocationProfile.cpp: Added.
      (JSC):
      (JSC::ArrayAllocationProfile::updateIndexingType):
      * bytecode/ArrayAllocationProfile.h: Added.
      (JSC):
      (ArrayAllocationProfile):
      (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
      (JSC::ArrayAllocationProfile::selectIndexingType):
      (JSC::ArrayAllocationProfile::updateLastAllocation):
      (JSC::ArrayAllocationProfile::selectIndexingTypeFor):
      (JSC::ArrayAllocationProfile::updateLastAllocationFor):
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::updatedObservedArrayModes):
      (JSC):
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModesInclude):
      (JSC::shouldUseSlowPutArrayStorage):
      (JSC::shouldUseFastArrayStorage):
      (JSC::shouldUseContiguous):
      (JSC::shouldUseDouble):
      (JSC::shouldUseInt32):
      (ArrayProfile):
      * bytecode/ByValInfo.h:
      (JSC::isOptimizableIndexingType):
      (JSC::jitArrayModeForIndexingType):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC):
      (JSC::CodeBlock::updateAllValueProfilePredictions):
      (JSC::CodeBlock::updateAllArrayPredictions):
      (JSC::CodeBlock::updateAllPredictions):
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::numberOfArrayAllocationProfiles):
      (JSC::CodeBlock::addArrayAllocationProfile):
      (JSC::CodeBlock::updateAllValueProfilePredictions):
      (JSC::CodeBlock::updateAllArrayPredictions):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/SpeculatedType.h:
      (JSC):
      (JSC::isRealNumberSpeculation):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC):
      (JSC::UnlinkedCodeBlock::addArrayAllocationProfile):
      (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles):
      (UnlinkedCodeBlock):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::newArrayAllocationProfile):
      (JSC):
      (JSC::BytecodeGenerator::emitNewArray):
      (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::fromObserved):
      (JSC::DFG::ArrayMode::refine):
      (DFG):
      (JSC::DFG::ArrayMode::alreadyChecked):
      (JSC::DFG::arrayTypeToString):
      * dfg/DFGArrayMode.h:
      (JSC::DFG::ArrayMode::withType):
      (ArrayMode):
      (JSC::DFG::ArrayMode::withTypeAndConversion):
      (JSC::DFG::ArrayMode::usesButterfly):
      (JSC::DFG::ArrayMode::isSpecific):
      (JSC::DFG::ArrayMode::supportsLength):
      (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getArrayMode):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
      (JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal):
      (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (NewArrayBufferData):
      (JSC::DFG::Node::hasIndexingType):
      (Node):
      (JSC::DFG::Node::indexingType):
      (JSC::DFG::Node::setIndexingType):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
      (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
      (DFG):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (SpeculateIntegerOperand):
      (JSC::DFG::SpeculateIntegerOperand::use):
      (SpeculateDoubleOperand):
      (JSC::DFG::SpeculateDoubleOperand::use):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.h:
      (JSC::JIT::emitInt32GetByVal):
      (JIT):
      (JSC::JIT::emitInt32PutByVal):
      (JSC::JIT::emitDoublePutByVal):
      (JSC::JIT::emitContiguousPutByVal):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      * jit/JITInlineMethods.h:
      (JSC::arrayProfileSaw):
      (JSC::JIT::chooseArrayMode):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emit_op_new_array_with_size):
      (JSC::JIT::emit_op_new_array_buffer):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitDoubleGetByVal):
      (JSC):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitGenericContiguousPutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitDoubleGetByVal):
      (JSC):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitGenericContiguousPutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h:
      (JSC):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/x86.rb:
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
      * runtime/ArrayConstructor.h:
      (JSC):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      * runtime/Butterfly.h:
      (JSC::Butterfly::contiguousInt32):
      (JSC::Butterfly::contiguousDouble):
      (JSC::Butterfly::fromContiguous):
      * runtime/ButterflyInlineMethods.h:
      (JSC::Butterfly::createUninitializedDuringCollection):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/IndexingHeaderInlineMethods.h:
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypes):
      (JSC):
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      (JSC::leastUpperBoundOfIndexingTypeAndValue):
      (JSC::indexingTypeToString):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasUndecided):
      (JSC::hasInt32):
      (JSC::hasDouble):
      * runtime/JSArray.cpp:
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::compareNumbersForQSortWithInt32):
      (JSC):
      (JSC::compareNumbersForQSortWithDouble):
      (JSC::JSArray::sortNumericVector):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sort):
      (JSC::JSArray::sortVector):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      (JSC::createContiguousArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::originalArrayStructureForIndexingType):
      (JSC::JSGlobalObject::arrayStructureForIndexingTypeDuringAllocation):
      (JSC::JSGlobalObject::arrayStructureForProfileDuringAllocation):
      (JSC::JSGlobalObject::isOriginalArrayStructure):
      (JSC::constructEmptyArray):
      (JSC::constructArray):
      * runtime/JSObject.cpp:
      (JSC::JSObject::copyButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::convertUndecidedForValue):
      (JSC::JSObject::convertInt32ForValue):
      (JSC::JSObject::setIndexQuicklyToUndecided):
      (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
      (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::countElements):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::canSetIndexQuicklyForPutDirect):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::hasSparseMap):
      (JSC::JSObject::inSparseIndexingMode):
      (JSObject):
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureLength):
      (JSC::JSObject::indexingData):
      (JSC::JSObject::currentIndexingData):
      (JSC::JSObject::getHolyIndexQuickly):
      (JSC::JSObject::relevantLength):
      (JSC::JSObject::currentRelevantLength):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetOwnPropertyNames):
      (JSC::objectConstructorKeys):
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSplit):
      * runtime/Structure.cpp:
      (JSC::Structure::nonPropertyTransition):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      Source/WebCore: 
      
      Just refactoring WebCore to pass 0 for the ArrayAllocationProfile*.
      
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::webkitLineDash):
      * bindings/js/JSClipboardCustom.cpp:
      (WebCore::JSClipboard::types):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::jsArray):
      * bindings/js/JSDOMBinding.h:
      (WebCore::jsArray):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::getJSListenerFunctions):
      * bindings/js/JSJavaScriptCallFrameCustom.cpp:
      (WebCore::JSJavaScriptCallFrame::scopeChain):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::JSMessageEvent::ports):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::toJS):
      (WebCore::JSWebGLRenderingContext::getAttachedShaders):
      (WebCore::JSWebGLRenderingContext::getSupportedExtensions):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::deserialize):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      75c91a79
  23. 06 Nov, 2012 2 commits
    • fpizlo@apple.com's avatar
      Indentation of JSObject.h is wrong · 98139856
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101313
      
      Rubber stamped by Alexey Proskuryakov.
      
      Just unindented code, since namespace bodies shouldn't be indented.
      
      * runtime/JSObject.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133649 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      98139856
    • fpizlo@apple.com's avatar
      Prototype chain caching should check that the path from the base object to the... · 64289686
      fpizlo@apple.com authored
      Prototype chain caching should check that the path from the base object to the slot base involves prototype hops only
      https://bugs.webkit.org/show_bug.cgi?id=101276
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Changed normalizePrototypeChain() to report an invalid prototype chain if any object is a proxy.
      This catches cases where our prototype chain checks would have been insufficient to guard against
      newly introduced properties, despecialized properties, or deleted properties in the chain of
      objects involved in the access.
      
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::tryCachePutByID):
      (JSC::JITThunks::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/Operations.h:
      (JSC):
      (JSC::normalizePrototypeChain):
      
      LayoutTests: 
      
      This test already covered this case, but only for method_check. Modified it to
      also cover the get_by_id case.
      
      * fast/js/toString-and-valueOf-override-expected.txt:
      * fast/js/toString-and-valueOf-override.html:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133546 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      64289686
  24. 30 Oct, 2012 1 commit
  25. 12 Oct, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Copying collection shouldn't require O(live bytes) memory overhead · 02e39c7e
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98792
      
      Reviewed by Filip Pizlo.
      
      Currently our copying collection occurs simultaneously with the marking phase. We'd like 
      to be able to reuse CopiedBlocks as soon as they become fully evacuated, but this is not 
      currently possible because we don't know the liveness statistics of each old CopiedBlock 
      until marking/copying has already finished. Instead, we have to allocate additional memory 
      from the OS to use as our working set of CopiedBlocks while copying. We then return the 
      fully evacuated old CopiedBlocks back to the block allocator, thus giving our copying phase 
      an O(live bytes) overhead.
      
      To fix this, we should instead split the copying phase apart from the marking phase. This 
      way we have full liveness data for each CopiedBlock during the copying phase so that we 
      can reuse them the instant they become fully evacuated. With the additional liveness data 
      that each CopiedBlock accumulates, we can add some additional heuristics to the collector. 
      For example, we can calculate our global Heap fragmentation and only choose to do a copying 
      phase if that fragmentation exceeds some limit. As another example, we can skip copying 
      blocks that are already above a particular fragmentation limit, which allows older objects 
      to coalesce into blocks that are rarely copied.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/CopiedBlock.h:
      (CopiedBlock):
      (JSC::CopiedBlock::CopiedBlock): Added support for tracking live bytes in a CopiedBlock in a 
      thread-safe fashion.
      (JSC::CopiedBlock::reportLiveBytes): Adds a number of live bytes to the block in a thread-safe 
      fashion using compare and swap.
      (JSC):
      (JSC::CopiedBlock::didSurviveGC): Called when a block survives a single GC without being 
      evacuated. This could be called for a couple reasons: (a) the block was pinned or (b) we 
      decided not to do any copying. A block can become pinned for a few reasons: (1) a pointer into 
      the block was found during the conservative scan. (2) the block was deemed full enough to 
      not warrant any copying. (3) The block is oversize and was found to be live. 
      (JSC::CopiedBlock::didEvacuateBytes): Called when some number of bytes are copied from this 
      block. If the number of live bytes ever hits zero, the block will return itself to the 
      BlockAllocator to be recycled.
      (JSC::CopiedBlock::canBeRecycled): Indicates that a block has no live bytes and can be 
      immediately recycled. This is used for blocks that are found to have zero live bytes at the 
      beginning of the copying phase.
      (JSC::CopiedBlock::shouldEvacuate): This function returns true if the current fragmentation 
      of the block is above our fragmentation threshold, and false otherwise.
      (JSC::CopiedBlock::isPinned): Added an accessor for the pinned flag
      (JSC::CopiedBlock::liveBytes): 
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::CopiedSpace):
      (JSC::CopiedSpace::doneFillingBlock): Changed so that we can exchange our filled block for a 
      fresh block. This avoids the situation where a thread returns its borrowed block, it's the last 
      borrowed block, so CopiedSpace thinks that copying has completed, and it starts doing all of the 
      copying phase cleanup. In actuality, the thread wanted another block after returning the current 
      block. So we allow the thread to atomically exchange its block for another block.
      (JSC::CopiedSpace::startedCopying): Added the calculation of global Heap fragmentation to 
      determine if the copying phase should commence. We include the MarkedSpace in our fragmentation 
      calculation by assuming that the MarkedSpace is 0% fragmented since we can reuse any currently 
      free memory in it (i.e. we ignore any internal fragmentation in the MarkedSpace). While we're 
      calculating the fragmentation of CopiedSpace, we also return any free blocks we find along the 
      way (meaning liveBytes() == 0).
      (JSC):
      (JSC::CopiedSpace::doneCopying): We still have to iterate over all the blocks, regardless of
      whether the copying phase took place or not so that we can reset all of the live bytes counters 
      and un-pin any pinned blocks.
      * heap/CopiedSpace.h:
      (CopiedSpace):
      (JSC::CopiedSpace::shouldDoCopyPhase):
      * heap/CopiedSpaceInlineMethods.h:
      (JSC::CopiedSpace::recycleEvacuatedBlock): This function is distinct from recycling a borrowed block 
      because a borrowed block hasn't been added to the CopiedSpace yet, but an evacuated block is still
      currently in CopiedSpace, so we have to make sure we properly remove all traces of the block from 
      CopiedSpace before returning it to BlockAllocator.
      (JSC::CopiedSpace::recycleBorrowedBlock): Renamed to indicate the distinction mentioned above.
      * heap/CopyVisitor.cpp: Added.
      (JSC):
      (JSC::CopyVisitor::CopyVisitor):
      (JSC::CopyVisitor::copyFromShared): Main function for any thread participating in the copying phase.
      Grabs chunks of MarkedBlocks from the shared list and copies the backing store of anybody who needs
      it until there are no more chunks to copy.
      * heap/CopyVisitor.h: Added.
      (JSC):
      (CopyVisitor):
      * heap/CopyVisitorInlineMethods.h: Added.
      (JSC):
      (GCCopyPhaseFunctor):
      (JSC::GCCopyPhaseFunctor::GCCopyPhaseFunctor):
      (JSC::GCCopyPhaseFunctor::operator()):
      (JSC::CopyVisitor::checkIfShouldCopy): We don't have to check shouldEvacuate() because all of those 
      checks are done during the marking phase.
      (JSC::CopyVisitor::allocateNewSpace): 
      (JSC::CopyVisitor::allocateNewSpaceSlow):
      (JSC::CopyVisitor::startCopying): Initialization function for a thread that is about to start copying.
      (JSC::CopyVisitor::doneCopying):
      (JSC::CopyVisitor::didCopy): This callback is called by an object that has just successfully copied its
      backing store. It indicates to the CopiedBlock that somebody has just finished evacuating some number of 
      bytes from it, and, if the CopiedBlock now has no more live bytes, can be recycled immediately.
      * heap/GCThread.cpp: Added.
      (JSC):
      (JSC::GCThread::GCThread): This is a new class that encapsulates a single thread responsible for participating 
      in a specific set of GC phases. Currently, that set of phases includes Mark, Copy, and Exit. Each thread 
      monitors a shared variable in its associated GCThreadSharedData. The main thread updates this m_currentPhase
      variable as collection progresses through the various phases. Parallel marking still works exactly like it 
      has. In other words, the "run loop" for each of the GC threads sits above any individual phase, thus keeping 
      the separate phases of the collector orthogonal.
      (JSC::GCThread::threadID):
      (JSC::GCThread::initializeThreadID):
      (JSC::GCThread::slotVisitor):
      (JSC::GCThread::copyVisitor):
      (JSC::GCThread::waitForNextPhase):
      (JSC::GCThread::gcThreadMain):
      (JSC::GCThread::gcThreadStartFunc):
      * heap/GCThread.h: Added.
      (JSC):
      (GCThread):
      * heap/GCThreadSharedData.cpp: The GCThreadSharedData now has a list of GCThread objects rather than raw 
      ThreadIdentifiers.
      (JSC::GCThreadSharedData::resetChildren):
      (JSC::GCThreadSharedData::childVisitCount):
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::~GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      (JSC::GCThreadSharedData::didStartMarking): Callback to let the GCThreadSharedData know that marking has 
      started and updates the m_currentPhase variable and notifies the GCThreads accordingly.
      (JSC::GCThreadSharedData::didFinishMarking): Ditto for finishing marking. 
      (JSC::GCThreadSharedData::didStartCopying): Ditto for starting the copying phase.
      (JSC::GCThreadSharedData::didFinishCopying): Ditto for finishing copying. 
      * heap/GCThreadSharedData.h:
      (JSC):
      (GCThreadSharedData):
      (JSC::GCThreadSharedData::getNextBlocksToCopy): Atomically gets the next chunk of work for a copying thread.
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::markRoots):
      (JSC):
      (JSC::Heap::copyBackingStores): Responsible for setting up the copying phase, notifying the copying threads, 
      and doing any copying work if necessary.
      (JSC::Heap::collect):
      * heap/Heap.h:
      (Heap):
      (JSC):
      (JSC::CopyFunctor::CopyFunctor):
      (CopyFunctor):
      (JSC::CopyFunctor::operator()):
      * heap/IncrementalSweeper.cpp: Changed the incremental sweeper to have a reference to the list of MarkedBlocks 
      that need sweeping, since this now resides in the Heap so that it can be easily shared by the GCThreads.
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::startSweeping):
      * heap/IncrementalSweeper.h:
      (JSC):
      (IncrementalSweeper):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::setup):
      (JSC::SlotVisitor::drainFromShared): We no longer do any copying-related work here.
      (JSC):
      * heap/SlotVisitor.h:
      (SlotVisitor):
      * heap/SlotVisitorInlineMethods.h:
      (JSC):
      (JSC::SlotVisitor::copyLater): Notifies the CopiedBlock that there are some live bytes that may need 
      to be copied.
      * runtime/Butterfly.h:
      (JSC):
      (Butterfly):
      * runtime/ButterflyInlineMethods.h:
      (JSC::Butterfly::createUninitializedDuringCollection): Uses the new CopyVisitor.
      * runtime/ClassInfo.h:
      (MethodTable): Added new "virtual" function copyBackingStore to method table.
      (JSC):
      * runtime/JSCell.cpp:
      (JSC::JSCell::copyBackingStore): Default implementation that does nothing.
      (JSC):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSObject.cpp:
      (JSC::JSObject::copyButterfly): Does the actual copying of the butterfly.
      (JSC):
      (JSC::JSObject::visitButterfly): Calls copyLater for the butterfly.
      (JSC::JSObject::copyBackingStore): 
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSCell::methodTable):
      (JSC::JSCell::inherits):
      * runtime/Options.h: Added two new constants, minHeapUtilization and minCopiedBlockUtilization, 
      to govern the amount of fragmentation we allow before doing copying.
      (JSC):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131213 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02e39c7e
  26. 11 Oct, 2012 1 commit
    • ggaren@apple.com's avatar
      Removed some more static assumptions about inline object capacity · ac950c47
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98603
      
      Reviewed by Filip Pizlo.
      
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Use JSObject::allocationSize()
      for a little more flexibility. We still pass it a constant inline capacity
      because the JIT doesn't have a strategy for selecting a size class based
      on non-constant capacity yet. "INLINE_STORAGE_CAPACITY" is a marker for
      code that makes static assumptions about object size.
      
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Ditto for the rest of our many execution engines.
      
      * runtime/JSObject.h:
      (JSC::JSObject::allocationSize):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSFinalObject::create): New helper function for computing object
      size dynamically, since we plan to have objects of different sizes.
      
      (JSC::JSFinalObject::JSFinalObject): Note that our m_inlineStorage used
      to auto-generate an implicit C++ constructor with default null initialization.
      This memory is not observed in its uninitialized state, and our LLInt and
      JIT allocators do not initialize it, so I did not add any explicit code
      to do so, now that the implicit code is gone.
      
      (JSC::JSObject::offsetOfInlineStorage): Changed the math here to match
      inlineStorageUnsafe(), since we can rely on an explicit data member anymore.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131093 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ac950c47
  27. 09 Oct, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should infer when indexed storage is contiguous, and optimize for it · 0e9910a8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97288
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      This introduces a new kind of indexed property storage called Contiguous,
      which has the following properties:
              
      - No header bits beyond IndexedHeader. This results in a 16 byte reduction
        in memory usage per array versus an ArrayStorage array. It also means
        that the total memory usage for an empty array is now just 3 * 8 on both
        32-bit and 64-bit. Of that, only 8 bytes are array-specific; the rest is
        our standard object header overhead.
              
      - No need for hole checks on store. This results in a ~4% speed-up on
        Kraken and a ~1% speed-up on V8v7.
              
      - publicLength <= vectorLength. This means that doing new Array(blah)
        immediately allocates room for blah elements.
              
      - No sparse map or index bias.
              
      If you ever do things to an array that would require publicLength >
      vectorLength, a sparse map, or index bias, then we switch to ArrayStorage
      mode. This seems to never happen in any benchmark we track, and is unlikely
      to happen very frequently on any website.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::JumpList::append):
      * assembler/MacroAssembler.h:
      (MacroAssembler):
      (JSC::MacroAssembler::patchableBranchTest32):
      * bytecode/ByValInfo.h: Added.
      (JSC):
      (JSC::isOptimizableIndexingType):
      (JSC::jitArrayModeForIndexingType):
      (JSC::ByValInfo::ByValInfo):
      (ByValInfo):
      (JSC::getByValInfoBytecodeIndex):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::getByValInfo):
      (JSC::CodeBlock::setNumberOfByValInfos):
      (JSC::CodeBlock::numberOfByValInfos):
      (JSC::CodeBlock::byValInfo):
      * bytecode/SamplingTool.h:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::mayStoreToTail):
      (JSC::DFG::mayStoreToHole):
      (JSC::DFG::modeIsPolymorphic):
      (JSC::DFG::polymorphicIncludesContiguous):
      (JSC::DFG::polymorphicIncludesArrayStorage):
      (JSC::DFG::canCSEStorage):
      (JSC::DFG::modeSupportsLength):
      (JSC::DFG::benefitsFromStructureCheck):
      (JSC::DFG::isEffectful):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getArrayLengthElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
      (DFG):
      * dfg/DFGSpeculativeJIT.h:
      (DFG):
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::putByValWillNeedExtraRegister):
      (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (SamplingScope):
      (JSC::SamplingScope::SamplingScope):
      (JSC::SamplingScope::~SamplingScope):
      (JSC):
      (JSC::Interpreter::execute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::ByValCompilationInfo::ByValCompilationInfo):
      (ByValCompilationInfo):
      (JSC):
      (JIT):
      (JSC::JIT::compileGetByVal):
      (JSC::JIT::compilePutByVal):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
      (JSC):
      (JSC::arrayProfileSaw):
      (JSC::JIT::chooseArrayMode):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      (JSC):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::putByVal):
      * jit/JITStubs.h:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayConventions.h:
      (JSC::isDenseEnoughForVector):
      * runtime/ArrayPrototype.cpp:
      (JSC):
      (JSC::shift):
      (JSC::unshift):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      * runtime/Butterfly.h:
      (Butterfly):
      (JSC::Butterfly::fromPointer):
      (JSC::Butterfly::pointer):
      (JSC::Butterfly::publicLength):
      (JSC::Butterfly::vectorLength):
      (JSC::Butterfly::setPublicLength):
      (JSC::Butterfly::setVectorLength):
      (JSC::Butterfly::contiguous):
      (JSC::Butterfly::fromContiguous):
      * runtime/ButterflyInlineMethods.h:
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/IndexingHeaderInlineMethods.h:
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.cpp: Added.
      (JSC):
      (JSC::indexingTypeToString):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasContiguous):
      * runtime/JSArray.cpp:
      (JSC::JSArray::setLengthWithArrayStorage):
      (JSC::JSArray::setLength):
      (JSC):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithArrayStorage):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::JSArray::sortNumericVector):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sort):
      (JSC::JSArray::sortVector):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC::JSArray::shiftCountForShift):
      (JSC::JSArray::shiftCountForSplice):
      (JSArray):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCountForShift):
      (JSC::JSArray::unshiftCountForSplice):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::isLengthWritable):
      (JSC::createContiguousArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::arrayStructureWithArrayStorage):
      (JSC::JSGlobalObject::addressOfArrayStructureWithArrayStorage):
      (JSC::constructEmptyArray):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createInitialContiguous):
      (JSC):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureIndexedStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::putByIndexBeyondVectorLengthContiguousWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::countElementsInContiguous):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureContiguousLengthSlow):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::canSetIndexQuicklyForPutDirect):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::hasSparseMap):
      (JSC::JSObject::inSparseIndexingMode):
      (JSObject):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::ensureIndexedStorage):
      (JSC::JSObject::ensureContiguousLength):
      (JSC::JSObject::indexingData):
      (JSC::JSObject::relevantLength):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      * runtime/Structure.cpp:
      (JSC::Structure::needsSlowPutIndexing):
      (JSC):
      (JSC::Structure::suggestedArrayStorageTransition):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      Source/WTF: 
      
      Moved out this helpful math utility to MathExtras, since we now use it in
      multiple places.
      
      * wtf/MathExtras.h:
      (timesThreePlusOneDividedByTwo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e9910a8
  28. 04 Oct, 2012 1 commit
    • ggaren@apple.com's avatar
      Removed the assumption that "final" objects have a fixed number of inline slots · 20b4bfc2
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98332
      
      Reviewed by Filip Pizlo.
      
      This is a step toward object size inference.
      
      I replaced the inline storage capacity constant with a data member per
      structure, set the the maximum supported value for the constant to 100,
      then fixed what broke. (Note that even though this patch increases the
      theoretical maximum inline capacity, it doesn't change any actual inline
      capacity.)
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::compileGetDirectOffset): These functions just get a rename:
      the constant they need is the first out of line offset along the offset
      number line, which is not necessarily the same thing (and is, in this
      patch, never the same thing) as the inline capacity of any given object.
      
      (JSC::JIT::emit_op_get_by_pname):
      * jit/JITPropertyAccess32_64.cpp: This function changes functionality,
      since it needs to convert from the abstract offset number line to an
      actual offset in memory, and it can't assume that inline and out-of-line
      offsets are contiguous on the number line.
      
      (JSC::JIT::compileGetDirectOffset): Updated for rename.
      
      (JSC::JIT::emit_op_get_by_pname): Same as emit_op_get_by_pname above.
      
      * llint/LowLevelInterpreter.asm: Updated to mirror changes in PropertyOffset.h,
      since we duplicate values from there.
      
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Just like the JIT, most things are just
      renames, and get_by_pname changes to do more math. I also standardized
      offset calculations to use a hard-coded "-2", to match the JIT. This
      isn't really better, but it makes global search and replace easier,
      should we choose to refactor this code not to hard-code constants.
      
      I also renamed loadPropertyAtVariableOffsetKnownNotFinal to
      loadPropertyAtVariableOffsetKnownNotInline in order to sever the assumption
      that inline capacity is tied to object type, and I changed the 64bit LLInt
      to use this -- not using this previously seems to have been an oversight.
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      * runtime/JSObject.h:
      (JSC::JSObject::offsetForLocation):
      (JSNonFinalObject):
      (JSC::JSFinalObject::createStructure):
      (JSFinalObject):
      (JSC::JSFinalObject::finishCreation): Updated for above changes.
      
      * runtime/JSPropertyNameIterator.h:
      (JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::finishCreation): Store the inline capacity
      of our object, since it's not a constant.
      
      (JSC::JSPropertyNameIterator::getOffset): Removed. This function was
      wrong. Luckily, it was also unused, since the C++ interpreter is gone.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable): Use a helper function instead of hard-coding assumptions
      about object types.
      
      (JSC::PropertyTable::nextOffset):
      * runtime/PropertyOffset.h:
      (JSC):
      (JSC::checkOffset):
      (JSC::validateOffset):
      (JSC::isInlineOffset):
      (JSC::numberOfSlotsForLastOffset):
      (JSC::propertyOffsetFor): Refactored these functions to take inline capacity
      as an argument, since it's not fixed at compile time anymore.
      
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::putSpecificValue):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::outOfLineCapacity):
      (JSC::Structure::hasInlineStorage):
      (JSC::Structure::inlineCapacity):
      (JSC::Structure::inlineSize):
      (JSC::Structure::firstValidOffset):
      (JSC::Structure::lastValidOffset):
      (JSC::Structure::create): Removed some hard-coded assumptions about inline
      capacity and object type, and replaced with more liberal use of helper functions.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130359 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      20b4bfc2
  29. 02 Oct, 2012 1 commit
    • fpizlo@apple.com's avatar
      Address a FIXME in JSArray::sort · b5e07304
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98080
      <rdar://problem/12407844>
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Get rid of fast sorting of sparse maps. I don't know that it's broken but I do know that we don't
      have coverage for it. Then also address the FIXME in JSArray::sort regarding side-effecting
      compare functions.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncSort):
      * runtime/JSArray.cpp:
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      * runtime/JSObject.h:
      (JSC::JSObject::hasSparseMap):
      (JSObject):
      
      LayoutTests: 
      
      * fast/js/jsc-test-list:
      * fast/js/script-tests/sort-with-side-effecting-comparisons.js: Added.
      * fast/js/sort-with-side-effecting-comparisons-expected.txt: Added.
      * fast/js/sort-with-side-effecting-comparisons.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130102 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b5e07304
  30. 26 Sep, 2012 2 commits
    • fpizlo@apple.com's avatar
      JSObject::ensureArrayStorage() ignores the possibility that extensions have been prevented · 98796c32
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97719
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC):
      * runtime/JSObject.h:
      (JSC::JSObject::ensureArrayStorage):
      (JSObject):
      
      LayoutTests: 
      
      * fast/js/dfg-arrayify-when-late-prevent-extensions-expected.txt: Added.
      * fast/js/dfg-arrayify-when-late-prevent-extensions.html: Added.
      * fast/js/dfg-arrayify-when-prevent-extensions-expected.txt: Added.
      * fast/js/dfg-arrayify-when-prevent-extensions.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-arrayify-when-late-prevent-extensions.js: Added.
      (foo):
      * fast/js/script-tests/dfg-arrayify-when-prevent-extensions.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129691 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      98796c32
    • barraclough@apple.com's avatar
      Generalize JSGlobalThis as JSProxy · 4aef7247
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97716
      
      Reviewed by Oliver Hunt.
      
      ../JavaScriptCore: 
      
      Generalize JSGlobalThis as JSProxy and move proxying functionality up from the window shell into JSProxy.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::toThisObject):
          - Hoist toThisObject from WebCore.
      (JSC):
      * runtime/JSGlobalObject.h:
          - removed include.
      (JSC::JSGlobalObject::finishCreation):
          - JSGlobalThis -> JSObject
      (JSGlobalObject):
          - Hoist toThisObject from WebCore.
      * runtime/JSGlobalThis.cpp: Removed.
      * runtime/JSGlobalThis.h: Removed.
      * runtime/JSObject.cpp:
          - removed include.
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::isProxy):
          - isGlobalThis -> isProxy
          - GlobalThisType -> ProxyType
      * runtime/JSProxy.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.cpp.
      (JSC):
      (JSC::JSProxy::visitChildren):
      (JSC::JSProxy::setTarget):
      (JSC::JSProxy::className):
      (JSC::JSProxy::getOwnPropertySlot):
      (JSC::JSProxy::getOwnPropertySlotByIndex):
      (JSC::JSProxy::getOwnPropertyDescriptor):
      (JSC::JSProxy::put):
      (JSC::JSProxy::putByIndex):
      (JSC::JSProxy::putDirectVirtual):
      (JSC::JSProxy::defineOwnProperty):
      (JSC::JSProxy::deleteProperty):
      (JSC::JSProxy::deletePropertyByIndex):
      (JSC::JSProxy::getPropertyNames):
      (JSC::JSProxy::getOwnPropertyNames):
          - Class cretaed from JSGlobalThis, JSDOMWindowShell.
      * runtime/JSProxy.h: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.h.
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSProxy):
      (JSC::JSProxy::target):
      (JSC::JSProxy::JSProxy):
          - Class cretaed from JSGlobalThis, JSDOMWindowShell.
      * runtime/JSType.h:
          - GlobalThisType -> ProxyType
      
      ../WebCore: 
      
      This patch moves window shell functionality up to JSC::JSProxy.
      
      * ForwardingHeaders/runtime/JSGlobalThis.h: Removed.
      * ForwardingHeaders/runtime/JSProxy.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalThis.h.
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::finishCreation):
          - JSGlobalThis -> JSObject
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
          - JSGlobalThis -> JSObject
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore):
          - Hoist toThisObject up into JSC.
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
          - Hoist toThisObject up into JSC.
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore):
          - JSGlobalThis -> JSProxy
          - moved JSObject callbacks to JSProxy
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
          - JSGlobalThis -> JSProxy
          - moved JSObject callbacks to JSProxy
      (WebCore::JSDOMWindowShell::window):
          - unwrappedObject() -> target()
      (WebCore::JSDOMWindowShell::setWindow):
          - setUnwrappedObject() -> setTarget()
      (WebCore::JSDOMWindowShell::createStructure):
          - GlobalThisType -> ProxyType
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4aef7247