1. 05 Sep, 2013 3 commits
    • bfulgham@apple.com's avatar
      [Windows] Unreviewed build fix for DebugSuffix target. · 54ff1396
      bfulgham@apple.com authored
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Don't build 64-bit assembly in 32-bit build.
      Also correct 'filters' file so that files appear in categories that match their on-disk locations.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155123 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      54ff1396
    • fpizlo@apple.com's avatar
      jsc tests should have timeouts · c88e14c6
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120725
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Add the timeout logic directly to 'jsc' because that's easier to do than
      writing shell/perl code for it.
      
      * jsc.cpp:
      (timeoutThreadMain):
      (main):
      
      Tools: 
      
      Reviewed by Geoffrey Garen.
              
      Set the timeout to 20 seconds per test for now.
      
      * Scripts/run-javascriptcore-tests:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155098 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c88e14c6
    • fpizlo@apple.com's avatar
      fast/js/dfg-* tests should wait for the concurrent JIT · 4bc850b4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120723
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      * runtime/TestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles): This should also handle constructors.
      
      LayoutTests: 
      
      Reviewed by Geoffrey Garen.
              
      Add dfgShouldBe(), a handy function that covers a lot of common cases.
      Also convert a bunch of tests.
      
      * fast/js/dfg-activation-register-overwritten-in-throw-expected.txt:
      * fast/js/dfg-add-not-number-expected.txt:
      * fast/js/dfg-allocation-profile-watch-point-exit-expected.txt:
      * fast/js/dfg-arguments-alias-escape-expected.txt:
      * fast/js/dfg-arguments-cross-code-origin-expected.txt:
      * fast/js/dfg-arguments-mixed-alias-expected.txt:
      * fast/js/dfg-arguments-strict-mode-expected.txt:
      * fast/js/dfg-arguments-unexpected-escape-expected.txt:
      * fast/js/dfg-array-dead-expected.txt:
      * fast/js/dfg-array-length-dead-expected.txt:
      * fast/js/dfg-array-pop-value-clearing-expected.txt:
      * fast/js/dfg-array-push-bad-time-expected.txt:
      * fast/js/dfg-array-push-slow-put-expected.txt:
      * fast/js/dfg-arrayify-when-late-prevent-extensions-expected.txt:
      * fast/js/dfg-arrayify-when-prevent-extensions-expected.txt:
      * fast/js/dfg-bool-to-int32-reuse-expected.txt:
      * fast/js/jsc-test-list:
      * fast/js/resources/js-test-pre.js:
      (dfgShouldBe):
      * fast/js/resources/standalone-pre.js:
      (dfgShouldBe):
      * fast/js/script-tests/dfg-activation-register-overwritten-in-throw.js:
      (g):
      * fast/js/script-tests/dfg-add-not-number.js:
      * fast/js/script-tests/dfg-allocation-profile-watch-point-exit.js:
      (foo):
      * fast/js/script-tests/dfg-arguments-alias-escape.js:
      * fast/js/script-tests/dfg-arguments-cross-code-origin.js:
      * fast/js/script-tests/dfg-arguments-mixed-alias.js:
      * fast/js/script-tests/dfg-arguments-strict-mode.js:
      * fast/js/script-tests/dfg-arguments-unexpected-escape.js:
      * fast/js/script-tests/dfg-array-dead.js:
      * fast/js/script-tests/dfg-array-length-dead.js:
      * fast/js/script-tests/dfg-array-pop-value-clearing.js:
      * fast/js/script-tests/dfg-array-push-bad-time.js:
      * fast/js/script-tests/dfg-array-push-slow-put.js:
      * fast/js/script-tests/dfg-arrayify-when-late-prevent-extensions.js:
      * fast/js/script-tests/dfg-arrayify-when-prevent-extensions.js:
      * fast/js/script-tests/dfg-bool-to-int32-reuse.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155096 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4bc850b4
  2. 04 Sep, 2013 7 commits
    • fpizlo@apple.com's avatar
      run-fast-jsc should work with new-school fast/js tests that loop until the DFG tiers up · 44225e60
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120697
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * API/JSCTestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * jsc.cpp:
      (GlobalObject::finishCreation):
      (functionNeverInlineFunction):
      (functionNumberOfDFGCompiles):
      * runtime/TestRunnerUtils.cpp: Added.
      (JSC::getExecutable):
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * runtime/TestRunnerUtils.h: Added.
      
      LayoutTests: 
      
      * fast/js/resources/standalone-pre.js:
      (testPassed):
      (testFailed):
      (dfgCompiled):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155090 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44225e60
    • mark.lam@apple.com's avatar
      Renamed StackIterator to StackVisitor. · fa2a142f
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120706.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Also did some minor refactoring:
      - Renamed StackIterator::iterate() to StackVisitor::visit().
      - Make StackVisitor::visit() a static method.
      - Move the instantiation of the StackVisitor instance into StackVisitor::visit()
        from CallFrame::iterate().
      - Removed StackIterator::resetIterator() and inline its body into the
        StackVisitor constructor since this is the only remaining caller of it.
      
      * API/JSContextRef.cpp:
      (BacktraceFunctor::operator()):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * interpreter/CallFrame.h:
      (JSC::ExecState::iterate):
      * interpreter/Interpreter.cpp:
      (JSC::DumpRegisterFunctor::operator()):
      (JSC::unwindCallFrame):
      (JSC::getStackFrameCodeType):
      (JSC::GetStackTraceFunctor::operator()):
      (JSC::UnwindFunctor::operator()):
      * interpreter/Interpreter.h:
      * interpreter/StackIterator.cpp: Removed.
      * interpreter/StackIterator.h: Removed.
      * interpreter/StackVisitor.cpp: Copied from Source/JavaScriptCore/interpreter/StackIterator.cpp.
      (JSC::StackVisitor::StackVisitor):
      (JSC::StackVisitor::gotoNextFrame):
      (JSC::StackVisitor::readFrame):
      (JSC::StackVisitor::readNonInlinedFrame):
      (JSC::StackVisitor::readInlinedFrame):
      (JSC::StackVisitor::Frame::codeType):
      (JSC::StackVisitor::Frame::functionName):
      (JSC::StackVisitor::Frame::sourceURL):
      (JSC::StackVisitor::Frame::toString):
      (JSC::StackVisitor::Frame::arguments):
      (JSC::StackVisitor::Frame::computeLineAndColumn):
      (JSC::StackVisitor::Frame::retrieveExpressionInfo):
      (JSC::StackVisitor::Frame::setToEnd):
      (JSC::StackVisitor::Frame::print):
      (DebugPrintFrameFunctor::operator()):
      * interpreter/StackVisitor.h: Copied from Source/JavaScriptCore/interpreter/StackIterator.h.
      (JSC::StackVisitor::visit):
      * jsc.cpp:
      (FunctionJSCStackFunctor::operator()):
      * profiler/ProfileGenerator.cpp:
      (JSC::AddParentForConsoleStartFunctor::operator()):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::operator()):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::GlobalFuncProtoGetterFunctor::operator()):
      (JSC::GlobalFuncProtoSetterFunctor::operator()):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/interpreter/StackIterator.h: Removed.
      * ForwardingHeaders/interpreter/StackVisitor.h: Copied from Source/WebCore/ForwardingHeaders/interpreter/StackIterator.h.
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::operator()):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::CreateScriptCallStackFunctor::operator()):
      (WebCore::CreateScriptCallStackForConsoleFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155081 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fa2a142f
    • roger_fong@apple.com's avatar
      Unreviewed Build fix for Windows DebugSuffix configuration. · a4be6512
      roger_fong@apple.com authored
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155076 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4be6512
    • mark.lam@apple.com's avatar
      Refining the StackIterator callback interface. · 99c89d43
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120695.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Introduce CallFrame::iterate() which instantiates a StackIterator and
      invoke its iterate() method with the passed in functor. The only place
      where the client code gets access to the StackIterator now is as an
      argument to the client's functor.
      
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::iterate):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::unwind):
      * interpreter/StackIterator.cpp:
      (JSC::StackIterator::StackIterator):
      (DebugPrintFrameFunctor::DebugPrintFrameFunctor):
      (DebugPrintFrameFunctor::operator()):
      (debugPrintCallFrame):
      (debugPrintStack):
      * interpreter/StackIterator.h:
      (JSC::StackIterator::iterate):
      * jsc.cpp:
      (functionJSCStack):
      * profiler/ProfileGenerator.cpp:
      (JSC::ProfileGenerator::addParentForConsoleStart):
      * runtime/JSFunction.cpp:
      (JSC::retrieveArguments):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      (JSC::retrieveCallerFunction):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoGetter):
      (JSC::globalFuncProtoSetter):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetPrototypeOf):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::SendFunctor):
      (WebCore::SendFunctor::line):
      (WebCore::SendFunctor::url):
      (WebCore::SendFunctor::operator()):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155075 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      99c89d43
    • benjamin@webkit.org's avatar
      JSGenericTypedArrayViewConstructor.h is referenced twice in the XCode project... · b1bac53f
      benjamin@webkit.org authored
      JSGenericTypedArrayViewConstructor.h is referenced twice in the XCode project build section, causing warnings
      https://bugs.webkit.org/show_bug.cgi?id=120698
      
      Reviewed by Darin Adler.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155064 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b1bac53f
    • mhahnenberg@apple.com's avatar
      ASSERT in MarkedAllocator::allocateSlowCase is wrong · 077d0425
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120639
      
      Reviewed by Oliver Hunt.
      
      ASSERT(!m_heap->shouldCollect()) is no longer true due to our use of the GC
      deferral mechanism. We could technically be beyond our byte allocation limit,
      but still not try to collect due to deferral. This patch amends shouldCollect()
      to return false if GC is currently deferred.
      
      * heap/Heap.h:
      (JSC::Heap::shouldCollect):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      077d0425
    • fpizlo@apple.com's avatar
      The DFG should be able to tier-up and OSR enter into the FTL · 532f1e51
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112838
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      This adds the ability for the DFG to tier-up into the FTL. This works in both
      of the expected tier-up modes:
              
      Replacement: frequently called functions eventually have their entrypoint
      replaced with one that goes into FTL-compiled code. Note, this will be a
      slow-down for now since we don't yet have LLVM calling convention integration.
              
      OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
              
      This means that if the DFG detects that a function is an FTL candidate, it
      inserts execution counting code similar to the kind that the baseline JIT
      would use. If you trip on a loop count in a loop header that is an OSR
      candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
      OSR almost always also implies future replacement.
              
      OSR entry into the FTL is really cool. It uses a specialized FTL compile of
      the code, where early in the DFG pipeline we replace the original root block
      with an OSR entrypoint block that jumps to the pre-header of the hot loop.
      The OSR entrypoint loads all live state at the loop pre-header using loads
      from a scratch buffer, which gets populated by the runtime's OSR entry
      preparation code (FTL::prepareOSREntry()). This approach appears to work well
      with all of our subsequent optimizations, including prediction propagation,
      CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
      with concurrent compilation: when we hit the tier-up trigger we spawn a
      compilation plan at the bytecode index from which we triggered; once the
      compilation finishes the next trigger will try to enter, at that bytecode
      index. If it can't - for example because the code has moved on to another
      loop - then we just try again. Loops that get hot enough for OSR entry (about
      25,000 iterations) will probably still be running when a concurrent compile
      finishes, so this doesn't appear to be a big problem.
              
      This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
      get a bigger speed-up by adding some more intelligence and tweaking LLVM to
      compile code faster. Those things will happen eventually but this is a good
      start. Probably this code will see more tuning as we get more coverage in the
      FTL JIT, but I'll worry about that in future patches.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::killBlockAndItsContents):
      (JSC::DFG::Graph::killUnreachableBlocks):
      * dfg/DFGGraph.h:
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      (JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
      (JSC::DFG::JITCode::optimizeNextInvocation):
      (JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
      (JSC::DFG::JITCode::optimizeAfterWarmUp):
      (JSC::DFG::JITCode::optimizeSoon):
      (JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
      (JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
      * dfg/DFGJITCode.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGLoopPreHeaderCreationPhase.cpp:
      (JSC::DFG::createPreHeader):
      (JSC::DFG::LoopPreHeaderCreationPhase::run):
      * dfg/DFGLoopPreHeaderCreationPhase.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasUnlinkedLocal):
      (JSC::DFG::Node::unlinkedLocal):
      * dfg/DFGNodeType.h:
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp: Added.
      (JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
      (JSC::DFG::OSREntrypointCreationPhase::run):
      (JSC::DFG::performOSREntrypointCreation):
      * dfg/DFGOSREntrypointCreationPhase.h: Added.
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGPlan.h:
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
      (JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
      (JSC::DFG::TierUpCheckInjectionPhase::run):
      (JSC::DFG::performTierUpCheckInjection):
      * dfg/DFGTierUpCheckInjectionPhase.h: Added.
      * dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLDeferredCompilationCallback.h: Added.
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLCapabilities.h:
      * ftl/FTLForOSREntryJITCode.cpp: Added.
      (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
      (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
      * ftl/FTLForOSREntryJITCode.h: Added.
      (JSC::FTL::ForOSREntryJITCode::entryBuffer):
      (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::countEntryFailure):
      (JSC::FTL::ForOSREntryJITCode::entryFailureCount):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::addWeakReference):
      * ftl/FTLOSREntry.cpp: Added.
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSREntry.h: Added.
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::crashNonTerminal):
      (JSC::FTL::Output::crash):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * interpreter/Register.h:
      (JSC::Register::unboxedDouble):
      * jit/JIT.cpp:
      (JSC::JIT::emitEnterOptimizationCheck):
      * jit/JITCode.cpp:
      (JSC::JITCode::ftlForOSREntry):
      * jit/JITCode.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      * runtime/Options.h:
      * runtime/VM.cpp:
      (JSC::VM::ensureWorklist):
      * runtime/VM.h:
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
              
      Fix marsaglia to check the result instead of printing, and add a second
      version that relies on OSR entry.
      
      * fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
      * fast/js/regress/marsaglia-osr-entry.html: Added.
      * fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
      (marsaglia):
      * fast/js/regress/script-tests/marsaglia.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      532f1e51
  3. 03 Sep, 2013 5 commits
    • fpizlo@apple.com's avatar
      CodeBlock memory cost reporting should be rationalized · 7c084e07
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120615
      
      Source/JavaScriptCore: 
      
      Reviewed by Darin Adler.
              
      Report the size of the instruction stream, and then remind the GC that we're
      using memory when we trace.
              
      This is a slight slow-down on some JSBench tests because it makes us GC a
      bit more frequently. But I think it's well worth it; if we really want those
      tests to GC less frequently then we can achieve that through other kinds of
      tuning. It's better that the GC knows that CodeBlocks do in fact use memory;
      what it does with that information is a somewhat orthogonal question.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      
      Source/WTF: 
      
      Reviewed by Darin Adler.
      
      * wtf/RefCountedArray.h:
      (WTF::RefCountedArray::refCount):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155021 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7c084e07
    • mark.lam@apple.com's avatar
      Converting StackIterator to a callback interface. · bce4c9ba
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120564.
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      * API/JSContextRef.cpp:
      (BacktraceFunctor::BacktraceFunctor):
      (BacktraceFunctor::operator()):
      (JSContextCreateBacktrace):
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::DumpRegisterFunctor::DumpRegisterFunctor):
      (JSC::DumpRegisterFunctor::operator()):
      (JSC::Interpreter::dumpRegisters):
      (JSC::unwindCallFrame):
      (JSC::GetStackTraceFunctor::GetStackTraceFunctor):
      (JSC::GetStackTraceFunctor::operator()):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::stackTraceAsString):
      (JSC::UnwindFunctor::UnwindFunctor):
      (JSC::UnwindFunctor::operator()):
      (JSC::Interpreter::unwind):
      * interpreter/Interpreter.h:
      * interpreter/StackIterator.cpp:
      (JSC::StackIterator::numberOfFrames):
      (JSC::StackIterator::gotoFrameAtIndex):
      (JSC::StackIterator::gotoNextFrameWithFilter):
      (JSC::StackIterator::resetIterator):
      (JSC::StackIterator::Frame::print):
      (debugPrintCallFrame):
      (DebugPrintStackFunctor::operator()):
      (debugPrintStack): Added for debugging convenience.
      * interpreter/StackIterator.h:
      (JSC::StackIterator::Frame::index):
      (JSC::StackIterator::iterate):
      * jsc.cpp:
      (FunctionJSCStackFunctor::FunctionJSCStackFunctor):
      (FunctionJSCStackFunctor::operator()):
      (functionJSCStack):
      * profiler/ProfileGenerator.cpp:
      (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
      (JSC::AddParentForConsoleStartFunctor::foundParent):
      (JSC::AddParentForConsoleStartFunctor::operator()):
      (JSC::ProfileGenerator::addParentForConsoleStart):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
      (JSC::RetrieveArgumentsFunctor::result):
      (JSC::RetrieveArgumentsFunctor::operator()):
      (JSC::retrieveArguments):
      (JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
      (JSC::RetrieveCallerFunctionFunctor::result):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      (JSC::retrieveCallerFunction):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::GlobalFuncProtoGetterFunctor::GlobalFuncProtoGetterFunctor):
      (JSC::GlobalFuncProtoGetterFunctor::result):
      (JSC::GlobalFuncProtoGetterFunctor::operator()):
      (JSC::globalFuncProtoGetter):
      (JSC::GlobalFuncProtoSetterFunctor::GlobalFuncProtoSetterFunctor):
      (JSC::GlobalFuncProtoSetterFunctor::allowsAccess):
      (JSC::GlobalFuncProtoSetterFunctor::operator()):
      (JSC::globalFuncProtoSetter):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
      (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
      (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
      (JSC::objectConstructorGetPrototypeOf):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::SendFunctor):
      (WebCore::SendFunctor::hasViableFrame):
      (WebCore::SendFunctor::operator()):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::CreateScriptCallStackFunctor::CreateScriptCallStackFunctor):
      (WebCore::CreateScriptCallStackFunctor::operator()):
      (WebCore::createScriptCallStack):
      (WebCore::CreateScriptCallStackForConsoleFunctor::CreateScriptCallStackForConsoleFunctor):
      (WebCore::CreateScriptCallStackForConsoleFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155013 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bce4c9ba
    • oliver@apple.com's avatar
      Support structured clone of Map and Set · 901740c2
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120654
      
      Reviewed by Simon Fraser.
      
      Source/JavaScriptCore:
      
      Make xcode copy the required headers, and add appropriate export attributes
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSMap.h:
      * runtime/JSSet.h:
      * runtime/MapData.h:
      
      Source/WebCore:
      
      Add support for cloning Map and Set.  Fairly self explanatory change.
      Needed to add Forwarding headers for the JSMap, JSSet and MapData classes.
      
      * ForwardingHeaders/runtime/JSMap.h: Added.
      * ForwardingHeaders/runtime/JSSet.h: Added.
      * ForwardingHeaders/runtime/MapData.h: Added.
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::isMap):
      (WebCore::CloneSerializer::isSet):
      (WebCore::CloneSerializer::startSet):
      (WebCore::CloneSerializer::startMap):
      (WebCore::CloneSerializer::serialize):
      (WebCore::CloneDeserializer::consumeMapDataTerminationIfPossible):
      (WebCore::CloneDeserializer::deserialize):
      
      LayoutTests:
      
      Tests!
      
      * fast/dom/Window/script-tests/postmessage-clone.js:
      (set new):
      (set add.set add):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155008 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      901740c2
    • rniwa@webkit.org's avatar
      Support the "json" responseType and JSON response entity in XHR · 89ac8962
      rniwa@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=73648
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Based on the patch written by Jarred Nicholls.
      
      Add JSC::JSONParse. This function will be used in XMLHttpRequest.response of type 'json'.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSONObject.cpp:
      (JSC::JSONParse):
      * runtime/JSONObject.h:
      
      Source/WebCore: 
      
      Based on the patch written by Jarred Nicholls.
      
      Implement 'json' type for XMLHttpRequest.response. We cache the result on JSC side as a cached attribute
      unlike other response types like 'document' and 'blob' for which the parsed response object is cached
      in XMLHttpRequest itself. In the long run, we should do the same for other types of response types.
      
      Also refactored the various code to share the code.
      
      Tests: fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html
             fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html
             fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html
      
      * ForwardingHeaders/runtime/JSONObject.h: Added.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      (WebCore::JSXMLHttpRequest::response): Use JSONParse to parse the response text and cache the result.
      Call didCacheResponseJSON to set the cache status and clear the original response buffer.
      
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::XMLHttpRequest): Added m_responseCacheIsValid to invalidate the cache of
      a json response.
      (WebCore::XMLHttpRequest::responseText):
      (WebCore::XMLHttpRequest::didCacheResponseJSON): Added; Updates m_responseCacheIsValid and clears the
      response buffer to save memory.
      (WebCore::XMLHttpRequest::responseXML):
      (WebCore::XMLHttpRequest::setResponseType):
      (WebCore::XMLHttpRequest::responseType):
      (WebCore::XMLHttpRequest::clearResponseBuffers):
      (WebCore::XMLHttpRequest::didReceiveData):
      
      * xml/XMLHttpRequest.h:
      (WebCore::XMLHttpRequest::doneWithoutErrors): Extracted from responseXML.
      (WebCore::XMLHttpRequest::responseTextIgnoringResponseType): Extracted from responseText.
      (WebCore::XMLHttpRequest::responseCacheIsValid): Added.
      (WebCore::XMLHttpRequest::shouldDecodeResponse): Extracted from didReceiveData.
      Also modified to decode when the response type is ResponseTypeJSON.
      
      * xml/XMLHttpRequest.idl: Added CachedAttribute IDL extention on response property. This cache is
      used when the response type is 'json'.
      
      LayoutTests: 
      
      Add regression tests for XMLHttpRequest.response of type 'json'.
      
      Two of these tests (valid & invalid) come from Jarred Nicholls's original patch.
      
      * fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json-utf-16.json: Added.
      * fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json.json: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154992 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      89ac8962
    • fpizlo@apple.com's avatar
      CodeBlock::jettison() should be implicit · 195d7b84
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120567
      
      Reviewed by Oliver Hunt.
              
      This is a risky change from a performance standpoint, but I believe it's
      necessary. This makes all CodeBlocks get swept by GC. Nobody but the GC
      can delete CodeBlocks because the GC always holds a reference to them.
      Once a CodeBlock reaches just one reference (i.e. the one from the GC)
      then the GC will free it only if it's not on the stack.
              
      This allows me to get rid of the jettisoning logic. We need this for FTL
      tier-up. Well; we don't need it, but it will help prevent a lot of bugs.
      Previously, if you wanted to to replace one code block with another, you
      had to remember to tell the GC that the previous code block is
      "jettisoned". We would need to do this when tiering up from DFG to FTL
      and when dealing with DFG-to-FTL OSR entry code blocks. There are a lot
      of permutations here - tiering up to the FTL, OSR entering into the FTL,
      deciding that an OSR entry code block is not relevant anymore - just to
      name a few. In each of these cases we'd have to jettison the previous
      code block. It smells like a huge source of future bugs.
              
      So I made jettisoning implicit by making the GC always watch out for a
      CodeBlock being owned solely by the GC.
              
      This change is performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::jettison):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      (JSC::CodeBlockSet::mark):
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * heap/CodeBlockSet.cpp: Added.
      (JSC::CodeBlockSet::CodeBlockSet):
      (JSC::CodeBlockSet::~CodeBlockSet):
      (JSC::CodeBlockSet::add):
      (JSC::CodeBlockSet::clearMarks):
      (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
      (JSC::CodeBlockSet::traceMarked):
      * heap/CodeBlockSet.h: Added.
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::add):
      * heap/ConservativeRoots.h:
      * heap/DFGCodeBlocks.cpp: Removed.
      * heap/DFGCodeBlocks.h: Removed.
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      * interpreter/JSStack.cpp:
      (JSC::JSStack::gatherConservativeRoots):
      * interpreter/JSStack.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154986 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      195d7b84
  4. 02 Sep, 2013 1 commit
    • darin@apple.com's avatar
      [Mac] No need for HardAutorelease, which is same as CFBridgingRelease · 7ee2f27f
      darin@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120569
      
      Reviewed by Andy Estes.
      
      Source/JavaScriptCore:
      
      * API/JSValue.mm:
      (valueToString): Use CFBridgingRelease.
      
      Source/WebCore:
      
      * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
      (AXTextMarkerRange):
      (AXTextMarkerRangeStart):
      (AXTextMarkerRangeEnd):
      (textMarkerForVisiblePosition):
      Use CFBridgingRelease.
      
      * platform/mac/KURLMac.mm:
      (WebCore::KURL::operator NSURL *): Use CFBridgingRelease.
      (WebCore::KURL::createCFURL): Get rid of needless local variable.
      
      * platform/mac/WebCoreNSURLExtras.mm:
      (WebCore::mapHostNameWithRange):
      (WebCore::URLWithData):
      (WebCore::userVisibleString):
      * platform/text/mac/StringImplMac.mm:
      (WTF::StringImpl::operator NSString *):
      Use CFBridgingRelease.
      
      Source/WebKit/mac:
      
      * Misc/WebNSFileManagerExtras.mm:
      (-[NSFileManager _webkit_startupVolumeName]): Removed some unneeded locals.
      Got rid of the pointless ref/leakRef/HardAutorelease dance, and replaced it
      with a [[x copy] autorelease].
      
      * Misc/WebNSURLExtras.mm:
      (-[NSURL _web_URLWithLowercasedScheme]): Use CFBridgingRelease, and got rid
      of unneeded type casts.
      
      * Plugins/WebBasePluginPackage.mm:
      (+[WebBasePluginPackage preferredLocalizationName]): Use CFBridgingRelease.
      * WebView/WebPDFRepresentation.mm:
      (-[WebPDFRepresentation convertPostScriptDataSourceToPDF:]): Ditto.
      
      * WebView/WebView.mm:
      (+[WebView _setCacheModel:]): Use CFBridgingRelease and got rid of unneeded
      type cast.
      
      Source/WebKit2:
      
      * Platform/mac/StringUtilities.mm:
      (WebKit::nsStringFromWebCoreString): Use CFBridgingRelease. Also
      changed condition to be a little cleaner and use a constant string for empty
      strings as well as null strings.
      
      * UIProcess/API/mac/WKBrowsingContextController.mm:
      (autoreleased): Switched from autorelease to CFBridgingRelease for strings,
      which eliminates a type cast and makes this work under GC, although I don't
      think we should compile WebKit2 for GC.
      
      * WebProcess/WebPage/mac/WKAccessibilityWebPageObject.mm:
      (-[WKAccessibilityWebPageObject accessibilityAttributeValue:forParameter:]):
      Use CFBridgingRelease.
      
      Source/WTF:
      
      * wtf/ObjcRuntimeExtras.h: Added a FIXME about miscapitalization of ObjC.
      Deleted HardAutorelease.
      (wtfObjcMsgSend): Dropped the use of abbreviations in local class and argument names.
      (wtfCallIMP): Ditto.
      
      Tools:
      
      * DumpRenderTree/mac/DumpRenderTree.mm:
      (dump): Use CFBridgingRelease.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154963 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7ee2f27f
  5. 31 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      CodeBlock refactoring broke profile dumping · 669223d4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120551
      
      Reviewed by Michael Saboff.
              
      Fix the bug, and did a big clean-up of how Executable returns CodeBlocks. A lot
      of the problems we have with code like CodeBlock::baselineVersion() is that we
      were trying *way too hard* to side-step the fact that Executable can't return a
      CodeBlock*. Previously it could only return CodeBlock&, so if it didn't have a
      CodeBlock yet, you were screwed. And if you didn't know, or weren't sure, if it
      did have a CodeBlock, you were really going to have a bad time. Also it really
      bugs me that the methods were called generatedBytecode(). In all other contexts
      if you ask for a CodeBlock, then method to call is codeBlock(). So I made all
      of those changes.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::baselineVersion):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::CodeBlock::globalObjectFor):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::hash):
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITCode.h:
      (JSC::JITCode::isExecutableScript):
      (JSC::JITCode::isLowerTier):
      * jit/JITStubs.cpp:
      (JSC::lazyLinkFor):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      (JSC::EvalExecutable::codeBlock):
      (JSC::ProgramExecutable::codeBlock):
      (JSC::FunctionExecutable::eitherCodeBlock):
      (JSC::FunctionExecutable::codeBlockForCall):
      (JSC::FunctionExecutable::codeBlockForConstruct):
      (JSC::FunctionExecutable::codeBlockFor):
      * runtime/FunctionExecutableDump.cpp:
      (JSC::FunctionExecutableDump::dump):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154935 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      669223d4
  6. 30 Aug, 2013 4 commits
    • oliver@apple.com's avatar
      Implement ES6 Set class · b8d80ed3
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120549
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      We simply reuse the MapData type from JSMap making the
      it much simpler.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::setStructure):
      * runtime/JSSet.cpp: Added.
      (JSC::JSSet::visitChildren):
      (JSC::JSSet::finishCreation):
      * runtime/JSSet.h: Added.
      (JSC::JSSet::createStructure):
      (JSC::JSSet::create):
      (JSC::JSSet::mapData):
      (JSC::JSSet::JSSet):
      * runtime/SetConstructor.cpp: Added.
      (JSC::SetConstructor::finishCreation):
      (JSC::callSet):
      (JSC::constructSet):
      (JSC::SetConstructor::getConstructData):
      (JSC::SetConstructor::getCallData):
      * runtime/SetConstructor.h: Added.
      (JSC::SetConstructor::create):
      (JSC::SetConstructor::createStructure):
      (JSC::SetConstructor::SetConstructor):
      * runtime/SetPrototype.cpp: Added.
      (JSC::SetPrototype::finishCreation):
      (JSC::getMapData):
      (JSC::setProtoFuncAdd):
      (JSC::setProtoFuncClear):
      (JSC::setProtoFuncDelete):
      (JSC::setProtoFuncForEach):
      (JSC::setProtoFuncHas):
      (JSC::setProtoFuncSize):
      * runtime/SetPrototype.h: Added.
      (JSC::SetPrototype::create):
      (JSC::SetPrototype::createStructure):
      (JSC::SetPrototype::SetPrototype):
      
      LayoutTests:
      
      Add tests
      
      * fast/js/basic-set-expected.txt: Added.
      * fast/js/basic-set.html: Added.
      * fast/js/script-tests/basic-set.js: Added.
      (set new):
      (otherString.string_appeared_here.set add):
      (try.set forEach):
      (set forEach):
      (set gc):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154916 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b8d80ed3
    • oliver@apple.com's avatar
      Make JSValue bool conversion less dangerous · 02fe0141
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120505
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore:
      
      Replaces JSValue::operator bool() with a operator UnspecifiedBoolType* as
      we do elsewhere.  Then fix the places where terrible type coercion was
      happening.  All of the changes made had no fundamental behavioural impact
      as they were coercion results that were ignored (returning undefined
      after an exception).
      
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::hadException):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::operator UnspecifiedBoolType*):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
      * runtime/PropertyDescriptor.cpp:
      (JSC::PropertyDescriptor::equalTo)
      
      Source/WTF:
      
      Make LIKELY and UNLIKELY macros coerce to bool before
      passing to expect.
      
      * wtf/Compiler.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02fe0141
    • commit-queue@webkit.org's avatar
      Cleaning errorDescriptionForValue after r154839 · 72c343e0
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=120531
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-30
      Reviewed by Darin Adler.
      
      Changed the assert to ASSERT_NOT_REACHED, now that r154839 has landed. errorDescriptionForValue
      can assert again that the parameterized JSValue is !isEmpty().
      
      * runtime/ExceptionHelpers.cpp:
      (JSC::errorDescriptionForValue):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154892 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      72c343e0
    • antti@apple.com's avatar
      Remove code behind ENABLE(DIALOG_ELEMENT) · 12e3b732
      antti@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120467
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit/blackberry: 
      
      * WebCoreSupport/AboutDataEnableFeatures.in:
      
      Source/WebKit/mac: 
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2: 
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WTF: 
      
      * wtf/FeatureDefines.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154870 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      12e3b732
  7. 29 Aug, 2013 19 commits
    • akling@apple.com's avatar
      De-bork Qt build. · 0d39b69b
      akling@apple.com authored
      * Target.pri:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154866 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0d39b69b
    • ryuan.choi@samsung.com's avatar
      Unreviewed build fix attempt for Windows. · c6cf9879
      ryuan.choi@samsung.com authored
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      Renamed JSMapConstructor and JSMapPrototype.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154865 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6cf9879
    • ryuan.choi@samsung.com's avatar
      Fix build break after r154861 · 639d4f6b
      ryuan.choi@samsung.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120503
      
      Reviewed by Geoffrey Garen.
      
      Unreviewed build fix attempt for GTK, Qt Windows and CMake based ports.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * Target.pri:
      * runtime/MapData.h:
      (JSC::MapData::KeyType::KeyType):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154864 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      639d4f6b
    • akling@apple.com's avatar
      CodeBlock: LLIntCallLinkInfo vector can be sized-to-fit at creation. · 8b46ebcf
      akling@apple.com authored
      <https://webkit.org/b/120487>
      
      Reviewed by Oliver Hunt.
      
      CodeBlock::m_llintCallLinkInfos never changes size after creation, so make it a Vector
      instead of a SegmentedVector. Use resizeToFit() instead of grow() since we know the
      exact amount of space needed.
      
      * bytecode/CodeBlock.h:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::shrinkToFit):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154863 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8b46ebcf
    • oliver@apple.com's avatar
    • oliver@apple.com's avatar
      Implement ES6 Map object · 005f9e8f
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120333
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Implement support for the ES6 Map type and related classes.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/CopyToken.h: Add a new token to track copying the backing store
      * runtime/CommonIdentifiers.h: Add new identifiers
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
          Add new structures and prototypes
      
      * runtime/JSMap.cpp: Added.
      * runtime/JSMap.h: Added.
          New JSMap class to represent a Map instance
      
      * runtime/MapConstructor.cpp: Added.
      * runtime/MapConstructor.h: Added.
          The Map constructor
      
      * runtime/MapData.cpp: Added.
      * runtime/MapData.h: Added.
          The most interesting data structure.  The roughly corresponds
          to the ES6 notion of MapData.  It provides the core JSValue->JSValue
          map implementation.  We implement it using 2 hashtables and a flat
          table.  Due to the different semantics of string comparisons vs.
          all others we need have one map keyed by String and the other by
          generic JSValue.  The actual table is represented more or less
          exactly as described in the ES6 draft - a single contiguous list of
          key/value pairs.  The entire map could be achieved with just this
          table, however we need the HashMaps in order to maintain O(1) lookup.
      
          Deleted values are simply cleared as the draft says, however the
          implementation compacts the storage on copy as long as the are no
          active iterators.
      
      * runtime/MapPrototype.cpp: Added.
      * runtime/MapPrototype.h: Added.
          Implement Map prototype functions
      
      * runtime/VM.cpp:
          Add new structures.
      
      LayoutTests:
      
      Tests
      
      * fast/js/basic-map-expected.txt: Added.
      * fast/js/basic-map.html: Added.
      * fast/js/script-tests/basic-map.js: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154861 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      005f9e8f
    • fpizlo@apple.com's avatar
      Teach DFG::Worklist and its clients that it may be reused for different kinds of compilations · 6931c476
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120489
      
      Reviewed by Geoffrey Garen.
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we already have a
      DFG compilation but we've also started one or more FTL compilations, then we
      shouldn't get confused. Previously we would have gotten confused because we would
      see an in-process deferred compile (the FTL compile) and also an optimized
      replacement (the DFG code).
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we previously
      did two things in this order: triggered a tier-up compilation from the DFG into
      the FTL, and then jettisoned the DFG code because it exited a bunch, then we
      shouldn't be confused by the presence of an in-process deferred compile (the FTL
      compile). Previously we would have waited for that compile to finish; but the more
      sensible thing to do is to let it complete and then invalidate it, while at the
      same time enqueueing a DFG compile to create a new, more valid, DFG code block.
              
      If the DFG JIT hits a loop OSR entry trigger (into the FTL) and it has already
      triggered an FTL compile for replacement, then it should fire off a second compile
      instead of thinking that it can wait for that one to finish. Or vice-versa. We
      need to allow for two FTL compiles to be enqueued at the same time (one for
      replacement and one for OSR entry in a loop).
              
      Then there's also the problem that DFG::compile() is almost certainly going to be
      the hook for triggering both DFG compiles and the two kinds of FTL compiles, but
      right now there is no way to tell it which one you want.
              
      This fixes these problems and removes a bunch of potential confusion by making the
      key for a compile in the DFG::Worklist be a CompilationMode (one of DFGMode,
      FTLMode, or FTLForOSREntryMode). That mode is also passed to DFG::compile().
              
      Awkwardly, this still leaves us in a no DFG->FTL tier-up situation - so
      DFG::compile() is always passed DFGMode and then it might do an FTL compile if
      possible. Fixing that is a bigger issue for a later changeset.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::checkIfOptimizationThresholdReached):
      * dfg/DFGCompilationKey.cpp: Added.
      (JSC::DFG::CompilationKey::dump):
      * dfg/DFGCompilationKey.h: Added.
      (JSC::DFG::CompilationKey::CompilationKey):
      (JSC::DFG::CompilationKey::operator!):
      (JSC::DFG::CompilationKey::isHashTableDeletedValue):
      (JSC::DFG::CompilationKey::profiledBlock):
      (JSC::DFG::CompilationKey::mode):
      (JSC::DFG::CompilationKey::operator==):
      (JSC::DFG::CompilationKey::hash):
      (JSC::DFG::CompilationKeyHash::hash):
      (JSC::DFG::CompilationKeyHash::equal):
      * dfg/DFGCompilationMode.cpp: Added.
      (WTF::printInternal):
      * dfg/DFGCompilationMode.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::key):
      * dfg/DFGPlan.h:
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::enqueue):
      (JSC::DFG::Worklist::compilationState):
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * dfg/DFGWorklist.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154854 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6931c476
    • bfulgham@apple.com's avatar
      [Windows] Unreviewed build fix after r154847. · 59af0f55
      bfulgham@apple.com authored
      If you are going to exclude promises, actually exclude the build components.
      
      * interpreter/CallFrame.h: Exclude promise declarations
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset): Exclude promise code.
      (JSC::JSGlobalObject::visitChildren): Ditto.
      * runtime/VM.cpp: Ditto.
      (JSC::VM::VM):
      (JSC::VM::~VM):
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154853 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      59af0f55
    • weinig@apple.com's avatar
      .: Add ENABLE guards for Promises · b7188858
      weinig@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Source/autotools/SetupWebKitFeatures.m4:
      * Source/cmake/WebKitFeatures.cmake:
      * Source/cmakeconfig.h.cmake:
      
      Source/JavaScriptCore: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSPromise.cpp:
      * runtime/JSPromise.h:
      * runtime/JSPromiseCallback.cpp:
      * runtime/JSPromiseCallback.h:
      * runtime/JSPromiseConstructor.cpp:
      * runtime/JSPromiseConstructor.h:
      * runtime/JSPromisePrototype.cpp:
      * runtime/JSPromisePrototype.h:
      * runtime/JSPromiseResolver.cpp:
      * runtime/JSPromiseResolver.h:
      * runtime/JSPromiseResolverConstructor.cpp:
      * runtime/JSPromiseResolverConstructor.h:
      * runtime/JSPromiseResolverPrototype.cpp:
      * runtime/JSPromiseResolverPrototype.h:
      
      Source/WebCore: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit/mac: Add ENABLE gaurds for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2: Add ENABLE gaurds for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WTF: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * wtf/FeatureDefines.h:
      
      Tools: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Scripts/webkitperl/FeatureList.pm:
      * qmake/mkspecs/features/features.pri:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154847 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b7188858
    • fpizlo@apple.com's avatar
      Unreviewed, fix FTL build. · bfb053b9
      fpizlo@apple.com authored
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::callCheck):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154845 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bfb053b9
    • commit-queue@webkit.org's avatar
      REGRESSION(r153222, 32-bit): NULL JSValue() seen when running peacekeeper benchmark. · 83f6c4a5
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=120080
      
      Patch by Julien Brianceau <jbriance@cisco.com> on 2013-08-29
      Reviewed by Michael Saboff.
      
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emitSlow_op_get_argument_by_val): Revert changes introduced by r153222 in this function.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154839 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      83f6c4a5
    • fpizlo@apple.com's avatar
      Kill code that became dead after http://trac.webkit.org/changeset/154833 · fc5d05a0
      fpizlo@apple.com authored
      Rubber stamped by Oliver Hunt.
      
      * dfg/DFGDriver.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154838 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fc5d05a0
    • fpizlo@apple.com's avatar
      CodeBlock's magic for scaling tier-up thresholds should be more reusable · e5b68643
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120486
      
      Reviewed by Oliver Hunt.
              
      Removed the counterValueForBlah() methods and exposed the reusable scaling logic
      as a adjustedCounterValue() method.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::adjustedCounterValue):
      (JSC::CodeBlock::optimizeAfterWarmUp):
      (JSC::CodeBlock::optimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeSoon):
      * bytecode/CodeBlock.h:
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::handleExitCounts):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e5b68643
    • fpizlo@apple.com's avatar
      CodeBlock::prepareForExecution() is silly · 1342e7a8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120453
      
      Reviewed by Oliver Hunt.
              
      Instead of saying:
              
          codeBlock->prepareForExecution(stuff, BaselineJIT, more stuff)
              
      we should just say:
              
          JIT::compile(stuff, codeBlock, more stuff);
              
      And similarly for the LLInt and DFG.
              
      This kills a bunch of code, since CodeBlock::prepareForExecution() is just a
      wrapper that uses the JITType argument to call into the appropriate execution
      engine, which is what the user wanted to do in the first place.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntEntrypoint.cpp: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.cpp.
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      (JSC::LLInt::setEntrypoint):
      * llint/LLIntEntrypoint.h: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.h.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154833 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1342e7a8
    • mark.lam@apple.com's avatar
      Gardening: fixed broken non-DFG build. · be668e75
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120481.
      
      Not reviewed.
      
      * interpreter/StackIterator.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154827 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      be668e75
    • fpizlo@apple.com's avatar
      CodeBlock compilation and installation should be simplified and rationalized · 62b6af85
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120326
      
      Reviewed by Oliver Hunt.
              
      Rolling r154804 back in after fixing no-LLInt build.
              
      Previously Executable owned the code for generating JIT code; you always had
      to go through Executable. But often you also had to go through CodeBlock,
      because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
      So you'd ask CodeBlock to do something, which would dispatch through a
      virtual method that would select the appropriate Executable subtype's method.
      This all meant that the same code would often be duplicated, because most of
      the work needed to compile something was identical regardless of code type.
      But then we tried to fix this, by having templatized helpers in
      ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
      out what happened when you asked for something to be compiled, you'd go on a
      wild ride that started with CodeBlock, touched upon Executable, and then
      ricocheted into either ExecutionHarness or JITDriver (likely both).
              
      Another awkwardness was that for concurrent compiles, the DFG::Worklist had
      super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
      done once the compilation finished.
              
      Also, most of the DFG JIT drivers assumed that they couldn't install the
      JITCode into the CodeBlock directly - instead they would return it via a
      reference, which happened to be a reference to the JITCode pointer in
      Executable. This was super weird.
              
      Finally, there was no notion of compiling code into a special CodeBlock that
      wasn't used for handling calls into an Executable. I'd like this for FTL OSR
      entry.
              
      This patch solves these problems by reducing all of that complexity into just
      three primitives:
              
      - Executable::newCodeBlock(). This gives you a new code block, either for call
        or for construct, and either to serve as the baseline code or the optimized
        code. The new code block is then owned by the caller; Executable doesn't
        register it anywhere. The new code block has no JITCode and isn't callable,
        but it has all of the bytecode.
              
      - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
        produces a JITCode, and then installs the JITCode into the CodeBlock. This
        method takes a JITType, and always compiles with that JIT. If you ask for
        JITCode::InterpreterThunk then you'll get JITCode that just points to the
        LLInt entrypoints. Once this returns, it is possible to call into the
        CodeBlock if you do so manually - but the Executable still won't know about
        it so JS calls to that Executable will still be routed to whatever CodeBlock
        is associated with the Executable.
              
      - Executable::installCode(). This takes a CodeBlock and makes it the code-for-
        entry for that Executable. This involves unlinking the Executable's last
        CodeBlock, if there was one. This also tells the GC about any effect on
        memory usage and does a bunch of weird data structure rewiring, since
        Executable caches some of CodeBlock's fields for the benefit of virtual call
        fast paths.
              
      This functionality is then wrapped around three convenience methods:
              
      - Executable::prepareForExecution(). If there is no code block for that
        Executable, then one is created (newCodeBlock()), compiled
        (CodeBlock::prepareForExecution()) and installed (installCode()).
              
      - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
        can serve as an optimized replacement of the current one.
              
      - CodeBlock::install(). Asks the Executable to install this code block.
              
      This patch allows me to kill *a lot* of code and to remove a lot of
      specializations for functions vs. not-functions, and a lot of places where we
      pass around JITCode references and such. ExecutionHarness and JITDriver are
      both gone. Overall this patch has more red than green.
              
      It also allows me to work on FTL OSR entry and tier-up:
              
      - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
        to do some compilation, but it will require the DFG::Worklist to do
        something different than what JITStubs.cpp would want, once the compilation
        finishes. This patch introduces a callback mechanism for that purpose.
              
      - FTL OSR entry: this will involve creating a special auto-jettisoned
        CodeBlock that is used only for FTL OSR entry. The new set of primitives
        allows for this: Executable can vend you a fresh new CodeBlock, and you can
        ask that CodeBlock to compile itself with any JIT of your choosing. Or you
        can take that CodeBlock and compile it yourself. Previously the act of
        producing a CodeBlock-for-optimization and the act of compiling code for it
        were tightly coupled; now you can separate them and you can create such
        auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::prepareForExecutionImpl):
      (JSC::CodeBlock::prepareForExecution):
      (JSC::CodeBlock::prepareForExecutionAsynchronously):
      (JSC::CodeBlock::install):
      (JSC::CodeBlock::newReplacement):
      (JSC::FunctionCodeBlock::jettisonImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasBaselineJITProfiling):
      * bytecode/DeferredCompilationCallback.cpp: Added.
      (JSC::DeferredCompilationCallback::DeferredCompilationCallback):
      (JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
      * bytecode/DeferredCompilationCallback.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::tryCompile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::notifyReady):
      (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
      (JSC::DFG::Plan::finalizeAndNotifyCallback):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      (JSC::Heap::isDeferred):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Removed.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Added.
      (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::create):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
      * jit/JITToDFGDeferredCompilationCallback.h: Added.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      (JSC::ScriptExecutable::newCodeBlockFor):
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ScriptExecutable::prepareForExecution):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * runtime/ExecutionHarness.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154824 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62b6af85
    • mark.lam@apple.com's avatar
      Change StackIterator to not require writes to the JS stack. · fd86164a
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119657.
      
      Reviewed by Geoffrey Garen.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * interpreter/CallFrame.h:
      - Removed references to StackIteratorPrivate.h.
      * interpreter/StackIterator.cpp:
      (JSC::StackIterator::numberOfFrames):
      (JSC::StackIterator::gotoFrameAtIndex):
      (JSC::StackIterator::gotoNextFrame):
      (JSC::StackIterator::resetIterator):
      (JSC::StackIterator::find):
      (JSC::StackIterator::readFrame):
      (JSC::StackIterator::readNonInlinedFrame):
      - Reads in the current CallFrame's data for non-inlined frames.
      (JSC::inlinedFrameOffset):
      - Convenience function to compute the inlined frame offset based on the
        CodeOrigin. If the offset is 0, then we're looking at the physical frame.
        Otherwise, it's an inlined frame.
      (JSC::StackIterator::readInlinedFrame):
      - Determines the inlined frame's caller frame. Will read in the caller
        frame if it is also an inlined frame i.e. we haven't reached the
        outer most frame yet. Otherwise, will call readNonInlinedFrame() to
        read on the outer most frame.
        This is based on the old StackIterator::Frame::logicalFrame().
      (JSC::StackIterator::updateFrame):
      - Reads the data of the caller frame of the current one. This function
        is renamed and moved from the old StackIterator::Frame::logicalCallerFrame(),
        but is now simplified because it delegates to the readInlinedFrame()
        to get the caller for inlined frames.
      (JSC::StackIterator::Frame::arguments):
      - Fixed to use the inlined frame versions of Arguments::create() and
        Arguments::tearOff() when the frame is an inlined frame.
      (JSC::StackIterator::Frame::print):
      (debugPrintCallFrame):
      (debugPrintStack):
      - Because sometimes, we want to see the whole stack while debugging.
      * interpreter/StackIterator.h:
      (JSC::StackIterator::Frame::argumentCount):
      (JSC::StackIterator::Frame::callerFrame):
      (JSC::StackIterator::Frame::callee):
      (JSC::StackIterator::Frame::scope):
      (JSC::StackIterator::Frame::codeBlock):
      (JSC::StackIterator::Frame::bytecodeOffset):
      (JSC::StackIterator::Frame::inlinedFrameInfo):
      (JSC::StackIterator::Frame::isJSFrame):
      (JSC::StackIterator::Frame::isInlinedFrame):
      (JSC::StackIterator::Frame::callFrame):
      (JSC::StackIterator::Frame::Frame):
      (JSC::StackIterator::Frame::~Frame):
      - StackIterator::Frame now caches commonly used accessed values from
        the CallFrame. It still delegates argument queries to the CallFrame.
      (JSC::StackIterator::operator*):
      (JSC::StackIterator::operator->):
      (JSC::StackIterator::operator!=):
      (JSC::StackIterator::operator++):
      (JSC::StackIterator::end):
      (JSC::StackIterator::operator==):
      * interpreter/StackIteratorPrivate.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154821 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fd86164a
    • commit-queue@webkit.org's avatar
      Source/JavaScriptCore: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT) · 31da4579
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=120472
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
      Reviewed by Filip Pizlo.
      
      With the JIT disabled, interpreterThrowInCaller was attempting to throw an error,
      but the topCallFrame was not set yet. By passing the error object into interpreterThrowInCaller
      throwException can be called when topCallFrame is set.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPathsExceptions.cpp:
      (JSC::CommonSlowPaths::interpreterThrowInCaller):
      * runtime/CommonSlowPathsExceptions.h:
      
      Renamed genericThrow -> genericUnwind, because this function no longer has the ability
      to throw errors. It unwinds the stack in order to report them.
      * dfg/DFGOperations.cpp:
      * jit/JITExceptions.cpp:
      (JSC::genericUnwind):
      (JSC::jitThrowNew):
      (JSC::jitThrow):
      * jit/JITExceptions.h:
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::doThrow):
      
      LayoutTests: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT)
      https://bugs.webkit.org/show_bug.cgi?id=120472
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
      Reviewed by Filip Pizlo.
      An error that was not being reported before is now caught and being reported.
      * media/track/track-cue-rendering-on-resize-expected.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154817 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      31da4579
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r154804. · ea1f9022
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/154804
      https://bugs.webkit.org/show_bug.cgi?id=120477
      
      Broke Windows build (assumes LLInt features not enabled on
      this build) (Requested by bfulgham on #webkit).
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::reoptimize):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::ProgramCodeBlock::compileOptimized):
      (JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::EvalCodeBlock::compileOptimized):
      (JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::FunctionCodeBlock::compileOptimized):
      (JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::jitType):
      (JSC::CodeBlock::jitCompile):
      * bytecode/DeferredCompilationCallback.cpp: Removed.
      * bytecode/DeferredCompilationCallback.h: Removed.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::finalize):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Added.
      (JSC::jitCompileIfAppropriateImpl):
      (JSC::jitCompileFunctionIfAppropriateImpl):
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Removed.
      * jit/JITToDFGDeferredCompilationCallback.h: Removed.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::jitCompile):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ExecutableBase::catchRoutineFor):
      (JSC::EvalExecutable::compile):
      (JSC::ProgramExecutable::compile):
      (JSC::FunctionExecutable::compileForCall):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC::prepareForExecutionImpl):
      (JSC::prepareFunctionForExecutionImpl):
      (JSC::installOptimizedCode):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      (JSC::replaceWithDeferredOptimizedCode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154814 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea1f9022