1. 05 Sep, 2013 1 commit
    • fpizlo@apple.com's avatar
      fast/js/dfg-* tests should wait for the concurrent JIT · 4bc850b4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120723
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      * runtime/TestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles): This should also handle constructors.
      
      LayoutTests: 
      
      Reviewed by Geoffrey Garen.
              
      Add dfgShouldBe(), a handy function that covers a lot of common cases.
      Also convert a bunch of tests.
      
      * fast/js/dfg-activation-register-overwritten-in-throw-expected.txt:
      * fast/js/dfg-add-not-number-expected.txt:
      * fast/js/dfg-allocation-profile-watch-point-exit-expected.txt:
      * fast/js/dfg-arguments-alias-escape-expected.txt:
      * fast/js/dfg-arguments-cross-code-origin-expected.txt:
      * fast/js/dfg-arguments-mixed-alias-expected.txt:
      * fast/js/dfg-arguments-strict-mode-expected.txt:
      * fast/js/dfg-arguments-unexpected-escape-expected.txt:
      * fast/js/dfg-array-dead-expected.txt:
      * fast/js/dfg-array-length-dead-expected.txt:
      * fast/js/dfg-array-pop-value-clearing-expected.txt:
      * fast/js/dfg-array-push-bad-time-expected.txt:
      * fast/js/dfg-array-push-slow-put-expected.txt:
      * fast/js/dfg-arrayify-when-late-prevent-extensions-expected.txt:
      * fast/js/dfg-arrayify-when-prevent-extensions-expected.txt:
      * fast/js/dfg-bool-to-int32-reuse-expected.txt:
      * fast/js/jsc-test-list:
      * fast/js/resources/js-test-pre.js:
      (dfgShouldBe):
      * fast/js/resources/standalone-pre.js:
      (dfgShouldBe):
      * fast/js/script-tests/dfg-activation-register-overwritten-in-throw.js:
      (g):
      * fast/js/script-tests/dfg-add-not-number.js:
      * fast/js/script-tests/dfg-allocation-profile-watch-point-exit.js:
      (foo):
      * fast/js/script-tests/dfg-arguments-alias-escape.js:
      * fast/js/script-tests/dfg-arguments-cross-code-origin.js:
      * fast/js/script-tests/dfg-arguments-mixed-alias.js:
      * fast/js/script-tests/dfg-arguments-strict-mode.js:
      * fast/js/script-tests/dfg-arguments-unexpected-escape.js:
      * fast/js/script-tests/dfg-array-dead.js:
      * fast/js/script-tests/dfg-array-length-dead.js:
      * fast/js/script-tests/dfg-array-pop-value-clearing.js:
      * fast/js/script-tests/dfg-array-push-bad-time.js:
      * fast/js/script-tests/dfg-array-push-slow-put.js:
      * fast/js/script-tests/dfg-arrayify-when-late-prevent-extensions.js:
      * fast/js/script-tests/dfg-arrayify-when-prevent-extensions.js:
      * fast/js/script-tests/dfg-bool-to-int32-reuse.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155096 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4bc850b4
  2. 04 Sep, 2013 4 commits
    • fpizlo@apple.com's avatar
      run-fast-jsc should work with new-school fast/js tests that loop until the DFG tiers up · 44225e60
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120697
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * API/JSCTestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * jsc.cpp:
      (GlobalObject::finishCreation):
      (functionNeverInlineFunction):
      (functionNumberOfDFGCompiles):
      * runtime/TestRunnerUtils.cpp: Added.
      (JSC::getExecutable):
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * runtime/TestRunnerUtils.h: Added.
      
      LayoutTests: 
      
      * fast/js/resources/standalone-pre.js:
      (testPassed):
      (testFailed):
      (dfgCompiled):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155090 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44225e60
    • mark.lam@apple.com's avatar
      Renamed StackIterator to StackVisitor. · fa2a142f
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120706.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Also did some minor refactoring:
      - Renamed StackIterator::iterate() to StackVisitor::visit().
      - Make StackVisitor::visit() a static method.
      - Move the instantiation of the StackVisitor instance into StackVisitor::visit()
        from CallFrame::iterate().
      - Removed StackIterator::resetIterator() and inline its body into the
        StackVisitor constructor since this is the only remaining caller of it.
      
      * API/JSContextRef.cpp:
      (BacktraceFunctor::operator()):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * interpreter/CallFrame.h:
      (JSC::ExecState::iterate):
      * interpreter/Interpreter.cpp:
      (JSC::DumpRegisterFunctor::operator()):
      (JSC::unwindCallFrame):
      (JSC::getStackFrameCodeType):
      (JSC::GetStackTraceFunctor::operator()):
      (JSC::UnwindFunctor::operator()):
      * interpreter/Interpreter.h:
      * interpreter/StackIterator.cpp: Removed.
      * interpreter/StackIterator.h: Removed.
      * interpreter/StackVisitor.cpp: Copied from Source/JavaScriptCore/interpreter/StackIterator.cpp.
      (JSC::StackVisitor::StackVisitor):
      (JSC::StackVisitor::gotoNextFrame):
      (JSC::StackVisitor::readFrame):
      (JSC::StackVisitor::readNonInlinedFrame):
      (JSC::StackVisitor::readInlinedFrame):
      (JSC::StackVisitor::Frame::codeType):
      (JSC::StackVisitor::Frame::functionName):
      (JSC::StackVisitor::Frame::sourceURL):
      (JSC::StackVisitor::Frame::toString):
      (JSC::StackVisitor::Frame::arguments):
      (JSC::StackVisitor::Frame::computeLineAndColumn):
      (JSC::StackVisitor::Frame::retrieveExpressionInfo):
      (JSC::StackVisitor::Frame::setToEnd):
      (JSC::StackVisitor::Frame::print):
      (DebugPrintFrameFunctor::operator()):
      * interpreter/StackVisitor.h: Copied from Source/JavaScriptCore/interpreter/StackIterator.h.
      (JSC::StackVisitor::visit):
      * jsc.cpp:
      (FunctionJSCStackFunctor::operator()):
      * profiler/ProfileGenerator.cpp:
      (JSC::AddParentForConsoleStartFunctor::operator()):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::operator()):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::GlobalFuncProtoGetterFunctor::operator()):
      (JSC::GlobalFuncProtoSetterFunctor::operator()):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/interpreter/StackIterator.h: Removed.
      * ForwardingHeaders/interpreter/StackVisitor.h: Copied from Source/WebCore/ForwardingHeaders/interpreter/StackIterator.h.
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::operator()):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::CreateScriptCallStackFunctor::operator()):
      (WebCore::CreateScriptCallStackForConsoleFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155081 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fa2a142f
    • mark.lam@apple.com's avatar
      Refining the StackIterator callback interface. · 99c89d43
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120695.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Introduce CallFrame::iterate() which instantiates a StackIterator and
      invoke its iterate() method with the passed in functor. The only place
      where the client code gets access to the StackIterator now is as an
      argument to the client's functor.
      
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::iterate):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::unwind):
      * interpreter/StackIterator.cpp:
      (JSC::StackIterator::StackIterator):
      (DebugPrintFrameFunctor::DebugPrintFrameFunctor):
      (DebugPrintFrameFunctor::operator()):
      (debugPrintCallFrame):
      (debugPrintStack):
      * interpreter/StackIterator.h:
      (JSC::StackIterator::iterate):
      * jsc.cpp:
      (functionJSCStack):
      * profiler/ProfileGenerator.cpp:
      (JSC::ProfileGenerator::addParentForConsoleStart):
      * runtime/JSFunction.cpp:
      (JSC::retrieveArguments):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      (JSC::retrieveCallerFunction):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoGetter):
      (JSC::globalFuncProtoSetter):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetPrototypeOf):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::SendFunctor):
      (WebCore::SendFunctor::line):
      (WebCore::SendFunctor::url):
      (WebCore::SendFunctor::operator()):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155075 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      99c89d43
    • fpizlo@apple.com's avatar
      The DFG should be able to tier-up and OSR enter into the FTL · 532f1e51
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112838
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      This adds the ability for the DFG to tier-up into the FTL. This works in both
      of the expected tier-up modes:
              
      Replacement: frequently called functions eventually have their entrypoint
      replaced with one that goes into FTL-compiled code. Note, this will be a
      slow-down for now since we don't yet have LLVM calling convention integration.
              
      OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
              
      This means that if the DFG detects that a function is an FTL candidate, it
      inserts execution counting code similar to the kind that the baseline JIT
      would use. If you trip on a loop count in a loop header that is an OSR
      candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
      OSR almost always also implies future replacement.
              
      OSR entry into the FTL is really cool. It uses a specialized FTL compile of
      the code, where early in the DFG pipeline we replace the original root block
      with an OSR entrypoint block that jumps to the pre-header of the hot loop.
      The OSR entrypoint loads all live state at the loop pre-header using loads
      from a scratch buffer, which gets populated by the runtime's OSR entry
      preparation code (FTL::prepareOSREntry()). This approach appears to work well
      with all of our subsequent optimizations, including prediction propagation,
      CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
      with concurrent compilation: when we hit the tier-up trigger we spawn a
      compilation plan at the bytecode index from which we triggered; once the
      compilation finishes the next trigger will try to enter, at that bytecode
      index. If it can't - for example because the code has moved on to another
      loop - then we just try again. Loops that get hot enough for OSR entry (about
      25,000 iterations) will probably still be running when a concurrent compile
      finishes, so this doesn't appear to be a big problem.
              
      This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
      get a bigger speed-up by adding some more intelligence and tweaking LLVM to
      compile code faster. Those things will happen eventually but this is a good
      start. Probably this code will see more tuning as we get more coverage in the
      FTL JIT, but I'll worry about that in future patches.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::killBlockAndItsContents):
      (JSC::DFG::Graph::killUnreachableBlocks):
      * dfg/DFGGraph.h:
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      (JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
      (JSC::DFG::JITCode::optimizeNextInvocation):
      (JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
      (JSC::DFG::JITCode::optimizeAfterWarmUp):
      (JSC::DFG::JITCode::optimizeSoon):
      (JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
      (JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
      * dfg/DFGJITCode.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGLoopPreHeaderCreationPhase.cpp:
      (JSC::DFG::createPreHeader):
      (JSC::DFG::LoopPreHeaderCreationPhase::run):
      * dfg/DFGLoopPreHeaderCreationPhase.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasUnlinkedLocal):
      (JSC::DFG::Node::unlinkedLocal):
      * dfg/DFGNodeType.h:
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp: Added.
      (JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
      (JSC::DFG::OSREntrypointCreationPhase::run):
      (JSC::DFG::performOSREntrypointCreation):
      * dfg/DFGOSREntrypointCreationPhase.h: Added.
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGPlan.h:
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
      (JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
      (JSC::DFG::TierUpCheckInjectionPhase::run):
      (JSC::DFG::performTierUpCheckInjection):
      * dfg/DFGTierUpCheckInjectionPhase.h: Added.
      * dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLDeferredCompilationCallback.h: Added.
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLCapabilities.h:
      * ftl/FTLForOSREntryJITCode.cpp: Added.
      (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
      (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
      * ftl/FTLForOSREntryJITCode.h: Added.
      (JSC::FTL::ForOSREntryJITCode::entryBuffer):
      (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::countEntryFailure):
      (JSC::FTL::ForOSREntryJITCode::entryFailureCount):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::addWeakReference):
      * ftl/FTLOSREntry.cpp: Added.
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSREntry.h: Added.
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::crashNonTerminal):
      (JSC::FTL::Output::crash):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * interpreter/Register.h:
      (JSC::Register::unboxedDouble):
      * jit/JIT.cpp:
      (JSC::JIT::emitEnterOptimizationCheck):
      * jit/JITCode.cpp:
      (JSC::JITCode::ftlForOSREntry):
      * jit/JITCode.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      * runtime/Options.h:
      * runtime/VM.cpp:
      (JSC::VM::ensureWorklist):
      * runtime/VM.h:
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
              
      Fix marsaglia to check the result instead of printing, and add a second
      version that relies on OSR entry.
      
      * fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
      * fast/js/regress/marsaglia-osr-entry.html: Added.
      * fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
      (marsaglia):
      * fast/js/regress/script-tests/marsaglia.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      532f1e51
  3. 03 Sep, 2013 4 commits
    • mark.lam@apple.com's avatar
      Converting StackIterator to a callback interface. · bce4c9ba
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120564.
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      * API/JSContextRef.cpp:
      (BacktraceFunctor::BacktraceFunctor):
      (BacktraceFunctor::operator()):
      (JSContextCreateBacktrace):
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::DumpRegisterFunctor::DumpRegisterFunctor):
      (JSC::DumpRegisterFunctor::operator()):
      (JSC::Interpreter::dumpRegisters):
      (JSC::unwindCallFrame):
      (JSC::GetStackTraceFunctor::GetStackTraceFunctor):
      (JSC::GetStackTraceFunctor::operator()):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::stackTraceAsString):
      (JSC::UnwindFunctor::UnwindFunctor):
      (JSC::UnwindFunctor::operator()):
      (JSC::Interpreter::unwind):
      * interpreter/Interpreter.h:
      * interpreter/StackIterator.cpp:
      (JSC::StackIterator::numberOfFrames):
      (JSC::StackIterator::gotoFrameAtIndex):
      (JSC::StackIterator::gotoNextFrameWithFilter):
      (JSC::StackIterator::resetIterator):
      (JSC::StackIterator::Frame::print):
      (debugPrintCallFrame):
      (DebugPrintStackFunctor::operator()):
      (debugPrintStack): Added for debugging convenience.
      * interpreter/StackIterator.h:
      (JSC::StackIterator::Frame::index):
      (JSC::StackIterator::iterate):
      * jsc.cpp:
      (FunctionJSCStackFunctor::FunctionJSCStackFunctor):
      (FunctionJSCStackFunctor::operator()):
      (functionJSCStack):
      * profiler/ProfileGenerator.cpp:
      (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
      (JSC::AddParentForConsoleStartFunctor::foundParent):
      (JSC::AddParentForConsoleStartFunctor::operator()):
      (JSC::ProfileGenerator::addParentForConsoleStart):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
      (JSC::RetrieveArgumentsFunctor::result):
      (JSC::RetrieveArgumentsFunctor::operator()):
      (JSC::retrieveArguments):
      (JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
      (JSC::RetrieveCallerFunctionFunctor::result):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      (JSC::retrieveCallerFunction):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::GlobalFuncProtoGetterFunctor::GlobalFuncProtoGetterFunctor):
      (JSC::GlobalFuncProtoGetterFunctor::result):
      (JSC::GlobalFuncProtoGetterFunctor::operator()):
      (JSC::globalFuncProtoGetter):
      (JSC::GlobalFuncProtoSetterFunctor::GlobalFuncProtoSetterFunctor):
      (JSC::GlobalFuncProtoSetterFunctor::allowsAccess):
      (JSC::GlobalFuncProtoSetterFunctor::operator()):
      (JSC::globalFuncProtoSetter):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
      (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
      (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
      (JSC::objectConstructorGetPrototypeOf):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::SendFunctor):
      (WebCore::SendFunctor::hasViableFrame):
      (WebCore::SendFunctor::operator()):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::CreateScriptCallStackFunctor::CreateScriptCallStackFunctor):
      (WebCore::CreateScriptCallStackFunctor::operator()):
      (WebCore::createScriptCallStack):
      (WebCore::CreateScriptCallStackForConsoleFunctor::CreateScriptCallStackForConsoleFunctor):
      (WebCore::CreateScriptCallStackForConsoleFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155013 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bce4c9ba
    • oliver@apple.com's avatar
      Support structured clone of Map and Set · 901740c2
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120654
      
      Reviewed by Simon Fraser.
      
      Source/JavaScriptCore:
      
      Make xcode copy the required headers, and add appropriate export attributes
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSMap.h:
      * runtime/JSSet.h:
      * runtime/MapData.h:
      
      Source/WebCore:
      
      Add support for cloning Map and Set.  Fairly self explanatory change.
      Needed to add Forwarding headers for the JSMap, JSSet and MapData classes.
      
      * ForwardingHeaders/runtime/JSMap.h: Added.
      * ForwardingHeaders/runtime/JSSet.h: Added.
      * ForwardingHeaders/runtime/MapData.h: Added.
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::isMap):
      (WebCore::CloneSerializer::isSet):
      (WebCore::CloneSerializer::startSet):
      (WebCore::CloneSerializer::startMap):
      (WebCore::CloneSerializer::serialize):
      (WebCore::CloneDeserializer::consumeMapDataTerminationIfPossible):
      (WebCore::CloneDeserializer::deserialize):
      
      LayoutTests:
      
      Tests!
      
      * fast/dom/Window/script-tests/postmessage-clone.js:
      (set new):
      (set add.set add):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155008 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      901740c2
    • rniwa@webkit.org's avatar
      Support the "json" responseType and JSON response entity in XHR · 89ac8962
      rniwa@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=73648
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Based on the patch written by Jarred Nicholls.
      
      Add JSC::JSONParse. This function will be used in XMLHttpRequest.response of type 'json'.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/JSONObject.cpp:
      (JSC::JSONParse):
      * runtime/JSONObject.h:
      
      Source/WebCore: 
      
      Based on the patch written by Jarred Nicholls.
      
      Implement 'json' type for XMLHttpRequest.response. We cache the result on JSC side as a cached attribute
      unlike other response types like 'document' and 'blob' for which the parsed response object is cached
      in XMLHttpRequest itself. In the long run, we should do the same for other types of response types.
      
      Also refactored the various code to share the code.
      
      Tests: fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html
             fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html
             fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html
      
      * ForwardingHeaders/runtime/JSONObject.h: Added.
      
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      (WebCore::JSXMLHttpRequest::response): Use JSONParse to parse the response text and cache the result.
      Call didCacheResponseJSON to set the cache status and clear the original response buffer.
      
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::XMLHttpRequest): Added m_responseCacheIsValid to invalidate the cache of
      a json response.
      (WebCore::XMLHttpRequest::responseText):
      (WebCore::XMLHttpRequest::didCacheResponseJSON): Added; Updates m_responseCacheIsValid and clears the
      response buffer to save memory.
      (WebCore::XMLHttpRequest::responseXML):
      (WebCore::XMLHttpRequest::setResponseType):
      (WebCore::XMLHttpRequest::responseType):
      (WebCore::XMLHttpRequest::clearResponseBuffers):
      (WebCore::XMLHttpRequest::didReceiveData):
      
      * xml/XMLHttpRequest.h:
      (WebCore::XMLHttpRequest::doneWithoutErrors): Extracted from responseXML.
      (WebCore::XMLHttpRequest::responseTextIgnoringResponseType): Extracted from responseText.
      (WebCore::XMLHttpRequest::responseCacheIsValid): Added.
      (WebCore::XMLHttpRequest::shouldDecodeResponse): Extracted from didReceiveData.
      Also modified to decode when the response type is ResponseTypeJSON.
      
      * xml/XMLHttpRequest.idl: Added CachedAttribute IDL extention on response property. This cache is
      used when the response type is 'json'.
      
      LayoutTests: 
      
      Add regression tests for XMLHttpRequest.response of type 'json'.
      
      Two of these tests (valid & invalid) come from Jarred Nicholls's original patch.
      
      * fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json-utf-16.json: Added.
      * fast/xmlhttprequest/resources/xmlhttprequest-responsetype-json.json: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-invalid.html: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-utf16.html: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid-expected.txt: Added.
      * fast/xmlhttprequest/xmlhttprequest-responsetype-json-valid.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154992 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      89ac8962
    • fpizlo@apple.com's avatar
      CodeBlock::jettison() should be implicit · 195d7b84
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120567
      
      Reviewed by Oliver Hunt.
              
      This is a risky change from a performance standpoint, but I believe it's
      necessary. This makes all CodeBlocks get swept by GC. Nobody but the GC
      can delete CodeBlocks because the GC always holds a reference to them.
      Once a CodeBlock reaches just one reference (i.e. the one from the GC)
      then the GC will free it only if it's not on the stack.
              
      This allows me to get rid of the jettisoning logic. We need this for FTL
      tier-up. Well; we don't need it, but it will help prevent a lot of bugs.
      Previously, if you wanted to to replace one code block with another, you
      had to remember to tell the GC that the previous code block is
      "jettisoned". We would need to do this when tiering up from DFG to FTL
      and when dealing with DFG-to-FTL OSR entry code blocks. There are a lot
      of permutations here - tiering up to the FTL, OSR entering into the FTL,
      deciding that an OSR entry code block is not relevant anymore - just to
      name a few. In each of these cases we'd have to jettison the previous
      code block. It smells like a huge source of future bugs.
              
      So I made jettisoning implicit by making the GC always watch out for a
      CodeBlock being owned solely by the GC.
              
      This change is performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::jettison):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      (JSC::CodeBlockSet::mark):
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * heap/CodeBlockSet.cpp: Added.
      (JSC::CodeBlockSet::CodeBlockSet):
      (JSC::CodeBlockSet::~CodeBlockSet):
      (JSC::CodeBlockSet::add):
      (JSC::CodeBlockSet::clearMarks):
      (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
      (JSC::CodeBlockSet::traceMarked):
      * heap/CodeBlockSet.h: Added.
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::add):
      * heap/ConservativeRoots.h:
      * heap/DFGCodeBlocks.cpp: Removed.
      * heap/DFGCodeBlocks.h: Removed.
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      * interpreter/JSStack.cpp:
      (JSC::JSStack::gatherConservativeRoots):
      * interpreter/JSStack.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154986 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      195d7b84
  4. 31 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      CodeBlock refactoring broke profile dumping · 669223d4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120551
      
      Reviewed by Michael Saboff.
              
      Fix the bug, and did a big clean-up of how Executable returns CodeBlocks. A lot
      of the problems we have with code like CodeBlock::baselineVersion() is that we
      were trying *way too hard* to side-step the fact that Executable can't return a
      CodeBlock*. Previously it could only return CodeBlock&, so if it didn't have a
      CodeBlock yet, you were screwed. And if you didn't know, or weren't sure, if it
      did have a CodeBlock, you were really going to have a bad time. Also it really
      bugs me that the methods were called generatedBytecode(). In all other contexts
      if you ask for a CodeBlock, then method to call is codeBlock(). So I made all
      of those changes.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::baselineVersion):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::CodeBlock::globalObjectFor):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::hash):
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITCode.h:
      (JSC::JITCode::isExecutableScript):
      (JSC::JITCode::isLowerTier):
      * jit/JITStubs.cpp:
      (JSC::lazyLinkFor):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      (JSC::EvalExecutable::codeBlock):
      (JSC::ProgramExecutable::codeBlock):
      (JSC::FunctionExecutable::eitherCodeBlock):
      (JSC::FunctionExecutable::codeBlockForCall):
      (JSC::FunctionExecutable::codeBlockForConstruct):
      (JSC::FunctionExecutable::codeBlockFor):
      * runtime/FunctionExecutableDump.cpp:
      (JSC::FunctionExecutableDump::dump):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154935 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      669223d4
  5. 30 Aug, 2013 3 commits
    • oliver@apple.com's avatar
      Implement ES6 Set class · b8d80ed3
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120549
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      We simply reuse the MapData type from JSMap making the
      it much simpler.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::setStructure):
      * runtime/JSSet.cpp: Added.
      (JSC::JSSet::visitChildren):
      (JSC::JSSet::finishCreation):
      * runtime/JSSet.h: Added.
      (JSC::JSSet::createStructure):
      (JSC::JSSet::create):
      (JSC::JSSet::mapData):
      (JSC::JSSet::JSSet):
      * runtime/SetConstructor.cpp: Added.
      (JSC::SetConstructor::finishCreation):
      (JSC::callSet):
      (JSC::constructSet):
      (JSC::SetConstructor::getConstructData):
      (JSC::SetConstructor::getCallData):
      * runtime/SetConstructor.h: Added.
      (JSC::SetConstructor::create):
      (JSC::SetConstructor::createStructure):
      (JSC::SetConstructor::SetConstructor):
      * runtime/SetPrototype.cpp: Added.
      (JSC::SetPrototype::finishCreation):
      (JSC::getMapData):
      (JSC::setProtoFuncAdd):
      (JSC::setProtoFuncClear):
      (JSC::setProtoFuncDelete):
      (JSC::setProtoFuncForEach):
      (JSC::setProtoFuncHas):
      (JSC::setProtoFuncSize):
      * runtime/SetPrototype.h: Added.
      (JSC::SetPrototype::create):
      (JSC::SetPrototype::createStructure):
      (JSC::SetPrototype::SetPrototype):
      
      LayoutTests:
      
      Add tests
      
      * fast/js/basic-set-expected.txt: Added.
      * fast/js/basic-set.html: Added.
      * fast/js/script-tests/basic-set.js: Added.
      (set new):
      (otherString.string_appeared_here.set add):
      (try.set forEach):
      (set forEach):
      (set gc):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154916 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b8d80ed3
    • oliver@apple.com's avatar
      Make JSValue bool conversion less dangerous · 02fe0141
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120505
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore:
      
      Replaces JSValue::operator bool() with a operator UnspecifiedBoolType* as
      we do elsewhere.  Then fix the places where terrible type coercion was
      happening.  All of the changes made had no fundamental behavioural impact
      as they were coercion results that were ignored (returning undefined
      after an exception).
      
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::hadException):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::operator UnspecifiedBoolType*):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
      * runtime/PropertyDescriptor.cpp:
      (JSC::PropertyDescriptor::equalTo)
      
      Source/WTF:
      
      Make LIKELY and UNLIKELY macros coerce to bool before
      passing to expect.
      
      * wtf/Compiler.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02fe0141
    • commit-queue@webkit.org's avatar
      Cleaning errorDescriptionForValue after r154839 · 72c343e0
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=120531
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-30
      Reviewed by Darin Adler.
      
      Changed the assert to ASSERT_NOT_REACHED, now that r154839 has landed. errorDescriptionForValue
      can assert again that the parameterized JSValue is !isEmpty().
      
      * runtime/ExceptionHelpers.cpp:
      (JSC::errorDescriptionForValue):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154892 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      72c343e0
  6. 29 Aug, 2013 9 commits
    • ryuan.choi@samsung.com's avatar
      Fix build break after r154861 · 639d4f6b
      ryuan.choi@samsung.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120503
      
      Reviewed by Geoffrey Garen.
      
      Unreviewed build fix attempt for GTK, Qt Windows and CMake based ports.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * Target.pri:
      * runtime/MapData.h:
      (JSC::MapData::KeyType::KeyType):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154864 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      639d4f6b
    • oliver@apple.com's avatar
    • oliver@apple.com's avatar
      Implement ES6 Map object · 005f9e8f
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120333
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Implement support for the ES6 Map type and related classes.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/CopyToken.h: Add a new token to track copying the backing store
      * runtime/CommonIdentifiers.h: Add new identifiers
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
          Add new structures and prototypes
      
      * runtime/JSMap.cpp: Added.
      * runtime/JSMap.h: Added.
          New JSMap class to represent a Map instance
      
      * runtime/MapConstructor.cpp: Added.
      * runtime/MapConstructor.h: Added.
          The Map constructor
      
      * runtime/MapData.cpp: Added.
      * runtime/MapData.h: Added.
          The most interesting data structure.  The roughly corresponds
          to the ES6 notion of MapData.  It provides the core JSValue->JSValue
          map implementation.  We implement it using 2 hashtables and a flat
          table.  Due to the different semantics of string comparisons vs.
          all others we need have one map keyed by String and the other by
          generic JSValue.  The actual table is represented more or less
          exactly as described in the ES6 draft - a single contiguous list of
          key/value pairs.  The entire map could be achieved with just this
          table, however we need the HashMaps in order to maintain O(1) lookup.
      
          Deleted values are simply cleared as the draft says, however the
          implementation compacts the storage on copy as long as the are no
          active iterators.
      
      * runtime/MapPrototype.cpp: Added.
      * runtime/MapPrototype.h: Added.
          Implement Map prototype functions
      
      * runtime/VM.cpp:
          Add new structures.
      
      LayoutTests:
      
      Tests
      
      * fast/js/basic-map-expected.txt: Added.
      * fast/js/basic-map.html: Added.
      * fast/js/script-tests/basic-map.js: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154861 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      005f9e8f
    • bfulgham@apple.com's avatar
      [Windows] Unreviewed build fix after r154847. · 59af0f55
      bfulgham@apple.com authored
      If you are going to exclude promises, actually exclude the build components.
      
      * interpreter/CallFrame.h: Exclude promise declarations
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset): Exclude promise code.
      (JSC::JSGlobalObject::visitChildren): Ditto.
      * runtime/VM.cpp: Ditto.
      (JSC::VM::VM):
      (JSC::VM::~VM):
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154853 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      59af0f55
    • weinig@apple.com's avatar
      .: Add ENABLE guards for Promises · b7188858
      weinig@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Source/autotools/SetupWebKitFeatures.m4:
      * Source/cmake/WebKitFeatures.cmake:
      * Source/cmakeconfig.h.cmake:
      
      Source/JavaScriptCore: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSPromise.cpp:
      * runtime/JSPromise.h:
      * runtime/JSPromiseCallback.cpp:
      * runtime/JSPromiseCallback.h:
      * runtime/JSPromiseConstructor.cpp:
      * runtime/JSPromiseConstructor.h:
      * runtime/JSPromisePrototype.cpp:
      * runtime/JSPromisePrototype.h:
      * runtime/JSPromiseResolver.cpp:
      * runtime/JSPromiseResolver.h:
      * runtime/JSPromiseResolverConstructor.cpp:
      * runtime/JSPromiseResolverConstructor.h:
      * runtime/JSPromiseResolverPrototype.cpp:
      * runtime/JSPromiseResolverPrototype.h:
      
      Source/WebCore: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit/mac: Add ENABLE gaurds for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2: Add ENABLE gaurds for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WTF: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * wtf/FeatureDefines.h:
      
      Tools: Add ENABLE guards for Promises
      https://bugs.webkit.org/show_bug.cgi?id=120488
      
      Reviewed by Andreas Kling.
      
      * Scripts/webkitperl/FeatureList.pm:
      * qmake/mkspecs/features/features.pri:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154847 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b7188858
    • fpizlo@apple.com's avatar
      CodeBlock::prepareForExecution() is silly · 1342e7a8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120453
      
      Reviewed by Oliver Hunt.
              
      Instead of saying:
              
          codeBlock->prepareForExecution(stuff, BaselineJIT, more stuff)
              
      we should just say:
              
          JIT::compile(stuff, codeBlock, more stuff);
              
      And similarly for the LLInt and DFG.
              
      This kills a bunch of code, since CodeBlock::prepareForExecution() is just a
      wrapper that uses the JITType argument to call into the appropriate execution
      engine, which is what the user wanted to do in the first place.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntEntrypoint.cpp: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.cpp.
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      (JSC::LLInt::setEntrypoint):
      * llint/LLIntEntrypoint.h: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.h.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154833 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1342e7a8
    • fpizlo@apple.com's avatar
      CodeBlock compilation and installation should be simplified and rationalized · 62b6af85
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120326
      
      Reviewed by Oliver Hunt.
              
      Rolling r154804 back in after fixing no-LLInt build.
              
      Previously Executable owned the code for generating JIT code; you always had
      to go through Executable. But often you also had to go through CodeBlock,
      because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
      So you'd ask CodeBlock to do something, which would dispatch through a
      virtual method that would select the appropriate Executable subtype's method.
      This all meant that the same code would often be duplicated, because most of
      the work needed to compile something was identical regardless of code type.
      But then we tried to fix this, by having templatized helpers in
      ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
      out what happened when you asked for something to be compiled, you'd go on a
      wild ride that started with CodeBlock, touched upon Executable, and then
      ricocheted into either ExecutionHarness or JITDriver (likely both).
              
      Another awkwardness was that for concurrent compiles, the DFG::Worklist had
      super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
      done once the compilation finished.
              
      Also, most of the DFG JIT drivers assumed that they couldn't install the
      JITCode into the CodeBlock directly - instead they would return it via a
      reference, which happened to be a reference to the JITCode pointer in
      Executable. This was super weird.
              
      Finally, there was no notion of compiling code into a special CodeBlock that
      wasn't used for handling calls into an Executable. I'd like this for FTL OSR
      entry.
              
      This patch solves these problems by reducing all of that complexity into just
      three primitives:
              
      - Executable::newCodeBlock(). This gives you a new code block, either for call
        or for construct, and either to serve as the baseline code or the optimized
        code. The new code block is then owned by the caller; Executable doesn't
        register it anywhere. The new code block has no JITCode and isn't callable,
        but it has all of the bytecode.
              
      - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
        produces a JITCode, and then installs the JITCode into the CodeBlock. This
        method takes a JITType, and always compiles with that JIT. If you ask for
        JITCode::InterpreterThunk then you'll get JITCode that just points to the
        LLInt entrypoints. Once this returns, it is possible to call into the
        CodeBlock if you do so manually - but the Executable still won't know about
        it so JS calls to that Executable will still be routed to whatever CodeBlock
        is associated with the Executable.
              
      - Executable::installCode(). This takes a CodeBlock and makes it the code-for-
        entry for that Executable. This involves unlinking the Executable's last
        CodeBlock, if there was one. This also tells the GC about any effect on
        memory usage and does a bunch of weird data structure rewiring, since
        Executable caches some of CodeBlock's fields for the benefit of virtual call
        fast paths.
              
      This functionality is then wrapped around three convenience methods:
              
      - Executable::prepareForExecution(). If there is no code block for that
        Executable, then one is created (newCodeBlock()), compiled
        (CodeBlock::prepareForExecution()) and installed (installCode()).
              
      - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
        can serve as an optimized replacement of the current one.
              
      - CodeBlock::install(). Asks the Executable to install this code block.
              
      This patch allows me to kill *a lot* of code and to remove a lot of
      specializations for functions vs. not-functions, and a lot of places where we
      pass around JITCode references and such. ExecutionHarness and JITDriver are
      both gone. Overall this patch has more red than green.
              
      It also allows me to work on FTL OSR entry and tier-up:
              
      - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
        to do some compilation, but it will require the DFG::Worklist to do
        something different than what JITStubs.cpp would want, once the compilation
        finishes. This patch introduces a callback mechanism for that purpose.
              
      - FTL OSR entry: this will involve creating a special auto-jettisoned
        CodeBlock that is used only for FTL OSR entry. The new set of primitives
        allows for this: Executable can vend you a fresh new CodeBlock, and you can
        ask that CodeBlock to compile itself with any JIT of your choosing. Or you
        can take that CodeBlock and compile it yourself. Previously the act of
        producing a CodeBlock-for-optimization and the act of compiling code for it
        were tightly coupled; now you can separate them and you can create such
        auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::prepareForExecutionImpl):
      (JSC::CodeBlock::prepareForExecution):
      (JSC::CodeBlock::prepareForExecutionAsynchronously):
      (JSC::CodeBlock::install):
      (JSC::CodeBlock::newReplacement):
      (JSC::FunctionCodeBlock::jettisonImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasBaselineJITProfiling):
      * bytecode/DeferredCompilationCallback.cpp: Added.
      (JSC::DeferredCompilationCallback::DeferredCompilationCallback):
      (JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
      * bytecode/DeferredCompilationCallback.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::tryCompile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::notifyReady):
      (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
      (JSC::DFG::Plan::finalizeAndNotifyCallback):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      (JSC::Heap::isDeferred):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Removed.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Added.
      (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::create):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
      * jit/JITToDFGDeferredCompilationCallback.h: Added.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      (JSC::ScriptExecutable::newCodeBlockFor):
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ScriptExecutable::prepareForExecution):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * runtime/ExecutionHarness.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154824 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62b6af85
    • commit-queue@webkit.org's avatar
      Source/JavaScriptCore: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT) · 31da4579
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=120472
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
      Reviewed by Filip Pizlo.
      
      With the JIT disabled, interpreterThrowInCaller was attempting to throw an error,
      but the topCallFrame was not set yet. By passing the error object into interpreterThrowInCaller
      throwException can be called when topCallFrame is set.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPathsExceptions.cpp:
      (JSC::CommonSlowPaths::interpreterThrowInCaller):
      * runtime/CommonSlowPathsExceptions.h:
      
      Renamed genericThrow -> genericUnwind, because this function no longer has the ability
      to throw errors. It unwinds the stack in order to report them.
      * dfg/DFGOperations.cpp:
      * jit/JITExceptions.cpp:
      (JSC::genericUnwind):
      (JSC::jitThrowNew):
      (JSC::jitThrow):
      * jit/JITExceptions.h:
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::doThrow):
      
      LayoutTests: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT)
      https://bugs.webkit.org/show_bug.cgi?id=120472
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
      Reviewed by Filip Pizlo.
      An error that was not being reported before is now caught and being reported.
      * media/track/track-cue-rendering-on-resize-expected.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154817 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      31da4579
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r154804. · ea1f9022
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/154804
      https://bugs.webkit.org/show_bug.cgi?id=120477
      
      Broke Windows build (assumes LLInt features not enabled on
      this build) (Requested by bfulgham on #webkit).
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::reoptimize):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::ProgramCodeBlock::compileOptimized):
      (JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::EvalCodeBlock::compileOptimized):
      (JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::FunctionCodeBlock::compileOptimized):
      (JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::jitType):
      (JSC::CodeBlock::jitCompile):
      * bytecode/DeferredCompilationCallback.cpp: Removed.
      * bytecode/DeferredCompilationCallback.h: Removed.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::finalize):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Added.
      (JSC::jitCompileIfAppropriateImpl):
      (JSC::jitCompileFunctionIfAppropriateImpl):
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Removed.
      * jit/JITToDFGDeferredCompilationCallback.h: Removed.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::jitCompile):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ExecutableBase::catchRoutineFor):
      (JSC::EvalExecutable::compile):
      (JSC::ProgramExecutable::compile):
      (JSC::FunctionExecutable::compileForCall):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC::prepareForExecutionImpl):
      (JSC::prepareFunctionForExecutionImpl):
      (JSC::installOptimizedCode):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      (JSC::replaceWithDeferredOptimizedCode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154814 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea1f9022
  7. 28 Aug, 2013 2 commits
    • fpizlo@apple.com's avatar
      CodeBlock compilation and installation should be simplified and rationalized · 4ea262e2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120326
      
      Reviewed by Oliver Hunt.
              
      Previously Executable owned the code for generating JIT code; you always had
      to go through Executable. But often you also had to go through CodeBlock,
      because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
      So you'd ask CodeBlock to do something, which would dispatch through a
      virtual method that would select the appropriate Executable subtype's method.
      This all meant that the same code would often be duplicated, because most of
      the work needed to compile something was identical regardless of code type.
      But then we tried to fix this, by having templatized helpers in
      ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
      out what happened when you asked for something to be compiled, you'd go on a
      wild ride that started with CodeBlock, touched upon Executable, and then
      ricocheted into either ExecutionHarness or JITDriver (likely both).
              
      Another awkwardness was that for concurrent compiles, the DFG::Worklist had
      super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
      done once the compilation finished.
              
      Also, most of the DFG JIT drivers assumed that they couldn't install the
      JITCode into the CodeBlock directly - instead they would return it via a
      reference, which happened to be a reference to the JITCode pointer in
      Executable. This was super weird.
              
      Finally, there was no notion of compiling code into a special CodeBlock that
      wasn't used for handling calls into an Executable. I'd like this for FTL OSR
      entry.
              
      This patch solves these problems by reducing all of that complexity into just
      three primitives:
              
      - Executable::newCodeBlock(). This gives you a new code block, either for call
        or for construct, and either to serve as the baseline code or the optimized
        code. The new code block is then owned by the caller; Executable doesn't
        register it anywhere. The new code block has no JITCode and isn't callable,
        but it has all of the bytecode.
              
      - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
        produces a JITCode, and then installs the JITCode into the CodeBlock. This
        method takes a JITType, and always compiles with that JIT. If you ask for
        JITCode::InterpreterThunk then you'll get JITCode that just points to the
        LLInt entrypoints. Once this returns, it is possible to call into the
        CodeBlock if you do so manually - but the Executable still won't know about
        it so JS calls to that Executable will still be routed to whatever CodeBlock
        is associated with the Executable.
              
      - Executable::installCode(). This takes a CodeBlock and makes it the code-for-
        entry for that Executable. This involves unlinking the Executable's last
        CodeBlock, if there was one. This also tells the GC about any effect on
        memory usage and does a bunch of weird data structure rewiring, since
        Executable caches some of CodeBlock's fields for the benefit of virtual call
        fast paths.
              
      This functionality is then wrapped around three convenience methods:
              
      - Executable::prepareForExecution(). If there is no code block for that
        Executable, then one is created (newCodeBlock()), compiled
        (CodeBlock::prepareForExecution()) and installed (installCode()).
              
      - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
        can serve as an optimized replacement of the current one.
              
      - CodeBlock::install(). Asks the Executable to install this code block.
              
      This patch allows me to kill *a lot* of code and to remove a lot of
      specializations for functions vs. not-functions, and a lot of places where we
      pass around JITCode references and such. ExecutionHarness and JITDriver are
      both gone. Overall this patch has more red than green.
              
      It also allows me to work on FTL OSR entry and tier-up:
              
      - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
        to do some compilation, but it will require the DFG::Worklist to do
        something different than what JITStubs.cpp would want, once the compilation
        finishes. This patch introduces a callback mechanism for that purpose.
              
      - FTL OSR entry: this will involve creating a special auto-jettisoned
        CodeBlock that is used only for FTL OSR entry. The new set of primitives
        allows for this: Executable can vend you a fresh new CodeBlock, and you can
        ask that CodeBlock to compile itself with any JIT of your choosing. Or you
        can take that CodeBlock and compile it yourself. Previously the act of
        producing a CodeBlock-for-optimization and the act of compiling code for it
        were tightly coupled; now you can separate them and you can create such
        auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::prepareForExecution):
      (JSC::CodeBlock::install):
      (JSC::CodeBlock::newReplacement):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasBaselineJITProfiling):
      * bytecode/DeferredCompilationCallback.cpp: Added.
      (JSC::DeferredCompilationCallback::DeferredCompilationCallback):
      (JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
      * bytecode/DeferredCompilationCallback.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::tryCompile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
      (JSC::DFG::Plan::finalizeAndNotifyCallback):
      * dfg/DFGPlan.h:
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      (JSC::Heap::isDeferred):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Removed.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Added.
      (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::create):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
      * jit/JITToDFGDeferredCompilationCallback.h: Added.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      (JSC::ScriptExecutable::newCodeBlockFor):
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Executable.h:
      (JSC::ScriptExecutable::prepareForExecution):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * runtime/ExecutionHarness.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154804 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4ea262e2
    • commit-queue@webkit.org's avatar
      Source/JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=119548 · 3f922f9b
      commit-queue@webkit.org authored
      Refactoring Exception throws.
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
      Reviewed by Geoffrey Garen.
      
      Gardening of exception throws. The act of throwing an exception was being handled in
      different ways depending on whether the code was running in the LLint, Baseline JIT,
      or the DFG Jit. This made development in the vm exception and error objects difficult.
      
       * runtime/VM.cpp:
      (JSC::appendSourceToError):
      This function moved from the interpreter into the VM. It views the developers code
      (if there is a codeBlock) to extract what was trying to be evaluated when the error
      occurred.
      
      (JSC::VM::throwException):
      This function takes in the error object and sets the following:
          1: The VM's exception stack
          2: The VM's exception
          3: Appends extra information on the error message(via appendSourceToError)
          4: The error object's line number
          5: The error object's column number
          6: The error object's sourceURL
          7: The error object's stack trace (unless it already exists because the developer
              created the error object).
      
      (JSC::VM::getExceptionInfo):
      (JSC::VM::setExceptionInfo):
      (JSC::VM::clearException):
      (JSC::clearExceptionStack):
      * runtime/VM.h:
      (JSC::VM::exceptionOffset):
      (JSC::VM::exception):
      (JSC::VM::addressOfException):
      (JSC::VM::exceptionStack):
      VM exception and exceptionStack are now private data members.
      
      * interpreter/Interpreter.h:
      (JSC::ClearExceptionScope::ClearExceptionScope):
      Created this structure to temporarily clear the exception within the VM. This
      needed to see if addition errors occur when setting the debugger as we are
      unwinding the stack.
      
       * interpreter/Interpreter.cpp:
      (JSC::Interpreter::unwind):
      Removed the code that would try to add error information if it did not exist.
      All of this functionality has moved into the VM and all error information is set
      at the time the error occurs.
      
      The rest of these functions reference the new calling convention to throw an error.
      
      * API/APICallbackFunction.h:
      (JSC::APICallbackFunction::call):
      * API/JSCallbackConstructor.cpp:
      (JSC::constructJSCallback):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlot):
      (JSC::::defaultValue):
      (JSC::::put):
      (JSC::::putByIndex):
      (JSC::::deleteProperty):
      (JSC::::construct):
      (JSC::::customHasInstance):
      (JSC::::call):
      (JSC::::getStaticValue):
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * debugger/Debugger.cpp:
      (JSC::evaluateInGlobalCallFrame):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::evaluate):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationPutByValInternal):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::callCheck):
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      * interpreter/CallFrame.h:
      (JSC::ExecState::clearException):
      (JSC::ExecState::exception):
      (JSC::ExecState::hadException):
      * interpreter/Interpreter.cpp:
      (JSC::eval):
      (JSC::loadVarargs):
      (JSC::stackTraceAsString):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * interpreter/Interpreter.h:
      (JSC::ClearExceptionScope::ClearExceptionScope):
      * jit/JITCode.cpp:
      (JSC::JITCode::execute):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_catch):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_catch):
      * jit/JITStubs.cpp:
      (JSC::returnToThrowTrampoline):
      (JSC::throwExceptionFromOpCall):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      (JSC::putByVal):
      (JSC::cti_vm_handle_exception):
      * jit/SlowPathCall.h:
      (JSC::JITSlowPathCall::call):
      * jit/ThunkGenerators.cpp:
      (JSC::nativeForGenerator):
      * jsc.cpp:
      (functionRun):
      (functionLoad):
      (functionCheckSyntax):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::doThrow):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/CommonSlowPathsExceptions.cpp:
      (JSC::CommonSlowPaths::interpreterThrowInCaller):
      * runtime/Completion.cpp:
      (JSC::evaluate):
      * runtime/Error.cpp:
      (JSC::addErrorInfo):
      (JSC::throwTypeError):
      (JSC::throwSyntaxError):
      * runtime/Error.h:
      (JSC::throwVMError):
      * runtime/ExceptionHelpers.cpp:
      (JSC::throwOutOfMemoryError):
      (JSC::throwStackOverflowError):
      (JSC::throwTerminatedExecutionException):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::create):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      * runtime/FunctionConstructor.cpp:
      (JSC::constructFunction):
      (JSC::constructFunctionSkippingEvalEnabledCheck):
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::put):
      (JSC::JSArray::push):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::toObjectSlowCase):
      (JSC::JSValue::synthesizePrototype):
      (JSC::JSValue::putToPrimitive):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSGenericTypedArrayViewInlines.h:
      (JSC::::create):
      (JSC::::createUninitialized):
      (JSC::::validateRange):
      (JSC::::setWithSpecificType):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::encode):
      (JSC::decode):
      (JSC::globalFuncProtoSetter):
      * runtime/JSNameScope.cpp:
      (JSC::JSNameScope::put):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::defaultValue):
      (JSC::JSObject::hasInstance):
      (JSC::JSObject::defaultHasInstance):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::throwTypeError):
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/RegExpConstructor.cpp:
      (JSC::constructRegExp):
      * runtime/StringObject.cpp:
      (JSC::StringObject::defineOwnProperty):
      * runtime/StringRecursionChecker.cpp:
      (JSC::StringRecursionChecker::throwStackOverflowError):
      
      Source/WebCore: https://bugs.webkit.org/show_bug.cgi?id=119548
      Refactoring Exception throws.
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
      Reviewed by Geoffrey Garen.
      
      Gets column information from the error object for reporting exceptions.
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::reportException):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStackFromException):
      
      Moved setting an exception into the vm, These functions changed to use the new functionality.
      
      * bindings/js/JSAudioBufferSourceNodeCustom.cpp:
      (WebCore::JSAudioBufferSourceNode::setBuffer):
      * bindings/js/JSBiquadFilterNodeCustom.cpp:
      (WebCore::JSBiquadFilterNode::setType):
      * bindings/js/JSCryptoCustom.cpp:
      (WebCore::JSCrypto::getRandomValues):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::setDOMException):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::JSInjectedScriptHost::setFunctionVariableValue):
      * bindings/js/JSJavaScriptCallFrameCustom.cpp:
      (WebCore::JSJavaScriptCallFrame::evaluate):
      (WebCore::JSJavaScriptCallFrame::setVariableValue):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode):
      * bindings/js/JSOscillatorNodeCustom.cpp:
      (WebCore::JSOscillatorNode::setType):
      * bindings/js/JSPannerNodeCustom.cpp:
      (WebCore::JSPannerNode::setPanningModel):
      (WebCore::JSPannerNode::setDistanceModel):
      * bindings/js/JSSVGLengthCustom.cpp:
      (WebCore::JSSVGLength::convertToSpecifiedUnits):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::getObjectParameter):
      (WebCore::JSWebGLRenderingContext::getAttachedShaders):
      (WebCore::JSWebGLRenderingContext::getExtension):
      (WebCore::JSWebGLRenderingContext::getFramebufferAttachmentParameter):
      (WebCore::JSWebGLRenderingContext::getParameter):
      (WebCore::JSWebGLRenderingContext::getProgramParameter):
      (WebCore::JSWebGLRenderingContext::getShaderParameter):
      (WebCore::JSWebGLRenderingContext::getUniform):
      (WebCore::dataFunctionf):
      (WebCore::dataFunctioni):
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneBase::throwStackOverflow):
      (WebCore::CloneDeserializer::throwValidationError):
      (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::setException):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CInstance::moveGlobalExceptionToExecState):
      (JSC::Bindings::CInstance::invokeMethod):
      (JSC::Bindings::CInstance::invokeDefaultMethod):
      (JSC::Bindings::CInstance::invokeConstruct):
      (JSC::Bindings::CInstance::toJSPrimitive):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::invokeMethod):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcArray::setValueAt):
      (JSC::Bindings::ObjcArray::valueAt):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::throwError):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtField::valueFromInstance):
      (JSC::Bindings::QtField::setValueToInstance):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::put):
      (JSC::RuntimeArray::putByIndex):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::throwInvalidAccessError):
      
      Source/WebKit/mac: https://bugs.webkit.org/show_bug.cgi?id=119548
      Refactoring Exception throws.
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
      Reviewed by Geoffrey Garen.
      
      Moved setting an exception into the vm, These functions changed to use the new functionality.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::moveGlobalExceptionToExecState):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyInstance::invokeMethod):
      
      Source/WebKit2: https://bugs.webkit.org/show_bug.cgi?id=119548
      Refactoring Exception throws.
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
      Reviewed by Geoffrey Garen.
      
      Moved setting an exception into the vm, These functions changed to use the new functionality.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::throwInvalidAccessError):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::moveGlobalExceptionToExecState):
      
      LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=119548
      Refactoring Exception throws.
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-28
      Reviewed by Geoffrey Garen.
      
      Column/line information was added into these results.
      * fast/events/window-onerror4-expected.txt:
      * fast/js/global-recursion-on-full-stack-expected.txt:
      
      fixed a variable name in a case when shouldThrowType failed.
      * fast/js/mozilla/resources/js-test-pre.js:
      (shouldThrowType):
      
      Sorted the properties to allow the results always show in the same order.
      * fast/js/script-tests/exception-properties.js:
      * fast/js/exception-properties-expected.txt:
      
      This test needed to be modified to have the line numbers match on the output across
      wk and wk2. This test is inherently flaky because is relies on size of the available
      native stack. To account for the flakiness an additional call was made to force the
      results to match.
      This patch now records and outputs the line number where the errors were occurring.
      This was causing the test results to no longer match because of the line numbers.
      By changing how to account for the flakiness, the results match again.
      * fast/xmlhttprequest/xmlhttprequest-recursive-sync-event-expected.txt:
      * fast/xmlhttprequest/xmlhttprequest-recursive-sync-event.html:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154797 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3f922f9b
  8. 26 Aug, 2013 5 commits
    • mhahnenberg@apple.com's avatar
      JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the... · 200865d6
      mhahnenberg@apple.com authored
      JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the length of the ArrayStorage after possible reallocing it
      https://bugs.webkit.org/show_bug.cgi?id=120278
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      
      LayoutTests: 
      
      * fast/js/put-direct-index-beyond-vector-length-resize-expected.txt: Added.
      * fast/js/put-direct-index-beyond-vector-length-resize.html: Added.
      * fast/js/script-tests/put-direct-index-beyond-vector-length-resize.js: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154633 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      200865d6
    • fpizlo@apple.com's avatar
      Fix indention of Executable.h. · 2a2ee96e
      fpizlo@apple.com authored
      Rubber stamped by Mark Hahnenberg.
      
      * runtime/Executable.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154632 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2a2ee96e
    • mhahnenberg@apple.com's avatar
      Object.defineProperty should be able to create a PropertyDescriptor where m_attributes == 0 · 6441bf1f
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120314
      
      Reviewed by Darin Adler.
      
      Currently with the way that defineProperty works, we leave a stray low bit set in 
      PropertyDescriptor::m_attributes in the following code:
      
      var o = {};
      Object.defineProperty(o, 100, {writable:true, enumerable:true, configurable:true, value:"foo"});
              
      This is due to the fact that the lowest non-zero attribute (ReadOnly) is represented as 1 << 1 
      instead of 1 << 0. We then calculate the default attributes as (DontDelete << 1) - 1, which is 0xF, 
      but only the top three bits mean anything. Even in the case above, the top three bits are set 
      to 0 but the bottom bit remains set, which causes us to think m_attributes is non-zero.
      
      Since some of these attributes and their corresponding values are exposed in the JavaScriptCore 
      framework's public C API, it's safer to just change how we calculate the default value, which is
      where the weirdness was originating from in the first place.
      
      * runtime/PropertyDescriptor.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154630 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6441bf1f
    • weinig@apple.com's avatar
      Add support for Promises · bd760697
      weinig@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120260
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      Add an initial implementation of Promises - http://dom.spec.whatwg.org/#promises.
      - Despite Promises being defined in the DOM, the implementation is being put in JSC
        in preparation for the Promises eventually being defined in ECMAScript.
      
      * CMakeLists.txt:
      * DerivedSources.make:
      * DerivedSources.pri:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      Add new files.
      
      * jsc.cpp:
      Update jsc's GlobalObjectMethodTable to stub out the new QueueTaskToEventLoop callback. This mean's
      you can't quite use Promises with with the command line tool yet.
          
      * interpreter/CallFrame.h:
      (JSC::ExecState::promisePrototypeTable):
      (JSC::ExecState::promiseConstructorTable):
      (JSC::ExecState::promiseResolverPrototypeTable):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::VM::~VM):
      * runtime/VM.h:
      Add supporting code for the new static lookup tables.
      
      * runtime/CommonIdentifiers.h:
      Add 3 new identifiers, "Promise", "PromiseResolver", and "then".
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      Add supporting code Promise and PromiseResolver's constructors and structures.
      
      * runtime/JSGlobalObject.h:
      (JSC::TaskContext::~TaskContext):
      Add a new callback to the GlobalObjectMethodTable to post a task on the embedder's runloop.
      
      (JSC::JSGlobalObject::promisePrototype):
      (JSC::JSGlobalObject::promiseResolverPrototype):
      (JSC::JSGlobalObject::promiseStructure):
      (JSC::JSGlobalObject::promiseResolverStructure):
      (JSC::JSGlobalObject::promiseCallbackStructure):
      (JSC::JSGlobalObject::promiseWrapperCallbackStructure):
      Add supporting code Promise and PromiseResolver's constructors and structures.
      
      * runtime/JSPromise.cpp: Added.
      * runtime/JSPromise.h: Added.
      * runtime/JSPromiseCallback.cpp: Added.
      * runtime/JSPromiseCallback.h: Added.
      * runtime/JSPromiseConstructor.cpp: Added.
      * runtime/JSPromiseConstructor.h: Added.
      * runtime/JSPromisePrototype.cpp: Added.
      * runtime/JSPromisePrototype.h: Added.
      * runtime/JSPromiseResolver.cpp: Added.
      * runtime/JSPromiseResolver.h: Added.
      * runtime/JSPromiseResolverConstructor.cpp: Added.
      * runtime/JSPromiseResolverConstructor.h: Added.
      * runtime/JSPromiseResolverPrototype.cpp: Added.
      * runtime/JSPromiseResolverPrototype.h: Added.
      Add Promise implementation.
      
      Source/WebCore: 
      
      Add an initial implementation of Promises - http://dom.spec.whatwg.org/#promises.
      - Despite Promises being defined in the DOM, the implementation is being put in JSC
        in preparation for the Promises eventually being defined in ECMAScript.
      
      Tests: fast/js/Promise-already-fulfilled.html
             fast/js/Promise-already-rejected.html
             fast/js/Promise-already-resolved.html
             fast/js/Promise-catch-in-workers.html
             fast/js/Promise-catch.html
             fast/js/Promise-chain.html
             fast/js/Promise-exception.html
             fast/js/Promise-fulfill-in-workers.html
             fast/js/Promise-fulfill.html
             fast/js/Promise-init-in-workers.html
             fast/js/Promise-init.html
             fast/js/Promise-reject-in-workers.html
             fast/js/Promise-reject.html
             fast/js/Promise-resolve-chain.html
             fast/js/Promise-resolve-in-workers.html
             fast/js/Promise-resolve-with-then-exception.html
             fast/js/Promise-resolve-with-then-fulfill.html
             fast/js/Promise-resolve-with-then-reject.html
             fast/js/Promise-resolve.html
             fast/js/Promise-simple-fulfill-inside-callback.html
             fast/js/Promise-simple-fulfill.html
             fast/js/Promise-simple-in-workers.html
             fast/js/Promise-simple.html
             fast/js/Promise-static-fulfill.html
             fast/js/Promise-static-reject.html
             fast/js/Promise-static-resolve.html
             fast/js/Promise-then-in-workers.html
             fast/js/Promise-then-without-callbacks-in-workers.html
             fast/js/Promise-then-without-callbacks.html
             fast/js/Promise-then.html
             fast/js/Promise-types.html
             fast/js/Promise.html
      
      * GNUmakefile.list.am:
      * Target.pri:
      * UseJSC.cmake:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * WebCore.xcodeproj/project.pbxproj:
      * bindings/js/JSBindingsAllInOne.cpp:
      Add new files.
      
      * bindings/js/JSDOMGlobalObjectTask.cpp: Added.
      (WebCore::JSGlobalObjectCallback::create):
      (WebCore::JSGlobalObjectCallback::~JSGlobalObjectCallback):
      (WebCore::JSGlobalObjectCallback::call):
      (WebCore::JSGlobalObjectCallback::JSGlobalObjectCallback):
      (WebCore::JSGlobalObjectTask::JSGlobalObjectTask):
      (WebCore::JSGlobalObjectTask::~JSGlobalObjectTask):
      (WebCore::JSGlobalObjectTask::performTask):
      * bindings/js/JSDOMGlobalObjectTask.h: Added.
      (WebCore::JSGlobalObjectTask::create):
      Add a new task type to be used with the GlobalObjectMethodTable's new QueueTaskToEventLoop callback.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::queueTaskToEventLoop):
      * bindings/js/JSDOMWindowBase.h:
      Implement the GlobalObjectMethodTable callback, QueueTaskToEventLoop. 
      
      * bindings/js/JSMainThreadExecState.h:
      All using JSMainThreadExecState as a simple RAII object.
      
      * bindings/js/JSWorkerGlobalScopeBase.cpp:
      (WebCore::JSWorkerGlobalScopeBase::JSWorkerGlobalScopeBase):
      (WebCore::JSWorkerGlobalScopeBase::allowsAccessFrom):
      (WebCore::JSWorkerGlobalScopeBase::supportsProfiling):
      (WebCore::JSWorkerGlobalScopeBase::supportsRichSourceInfo):
      (WebCore::JSWorkerGlobalScopeBase::shouldInterruptScript):
      (WebCore::JSWorkerGlobalScopeBase::javaScriptExperimentsEnabled):
      (WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
      * bindings/js/JSWorkerGlobalScopeBase.h:
      Add a GlobalObjectMethodTable and implement QueueTaskToEventLoop. Forward the other callbacks
      to JSGlobalObject so they retain their existing behavior.
      
      LayoutTests: 
      
      Add tests adapted from the Mozilla and Blink projects.
      
      * fast/js/Promise-already-fulfilled-expected.txt: Added.
      * fast/js/Promise-already-fulfilled.html: Added.
      * fast/js/Promise-already-rejected-expected.txt: Added.
      * fast/js/Promise-already-rejected.html: Added.
      * fast/js/Promise-already-resolved-expected.txt: Added.
      * fast/js/Promise-already-resolved.html: Added.
      * fast/js/Promise-catch-expected.txt: Added.
      * fast/js/Promise-catch-in-workers-expected.txt: Added.
      * fast/js/Promise-catch-in-workers.html: Added.
      * fast/js/Promise-catch.html: Added.
      * fast/js/Promise-chain-expected.txt: Added.
      * fast/js/Promise-chain.html: Added.
      * fast/js/Promise-exception-expected.txt: Added.
      * fast/js/Promise-exception.html: Added.
      * fast/js/Promise-expected.txt: Added.
      * fast/js/Promise-fulfill-expected.txt: Added.
      * fast/js/Promise-fulfill-in-workers-expected.txt: Added.
      * fast/js/Promise-fulfill-in-workers.html: Added.
      * fast/js/Promise-fulfill.html: Added.
      * fast/js/Promise-init-expected.txt: Added.
      * fast/js/Promise-init-in-workers-expected.txt: Added.
      * fast/js/Promise-init-in-workers.html: Added.
      * fast/js/Promise-init.html: Added.
      * fast/js/Promise-reject-expected.txt: Added.
      * fast/js/Promise-reject-in-workers-expected.txt: Added.
      * fast/js/Promise-reject-in-workers.html: Added.
      * fast/js/Promise-reject.html: Added.
      * fast/js/Promise-resolve-chain-expected.txt: Added.
      * fast/js/Promise-resolve-chain.html: Added.
      * fast/js/Promise-resolve-expected.txt: Added.
      * fast/js/Promise-resolve-in-workers-expected.txt: Added.
      * fast/js/Promise-resolve-in-workers.html: Added.
      * fast/js/Promise-resolve-with-then-exception-expected.txt: Added.
      * fast/js/Promise-resolve-with-then-exception.html: Added.
      * fast/js/Promise-resolve-with-then-fulfill-expected.txt: Added.
      * fast/js/Promise-resolve-with-then-fulfill.html: Added.
      * fast/js/Promise-resolve-with-then-reject-expected.txt: Added.
      * fast/js/Promise-resolve-with-then-reject.html: Added.
      * fast/js/Promise-resolve.html: Added.
      * fast/js/Promise-simple-expected.txt: Added.
      * fast/js/Promise-simple-fulfill-expected.txt: Added.
      * fast/js/Promise-simple-fulfill-inside-callback-expected.txt: Added.
      * fast/js/Promise-simple-fulfill-inside-callback.html: Added.
      * fast/js/Promise-simple-fulfill.html: Added.
      * fast/js/Promise-simple-in-workers-expected.txt: Added.
      * fast/js/Promise-simple-in-workers.html: Added.
      * fast/js/Promise-simple.html: Added.
      * fast/js/Promise-static-fulfill-expected.txt: Added.
      * fast/js/Promise-static-fulfill.html: Added.
      * fast/js/Promise-static-reject-expected.txt: Added.
      * fast/js/Promise-static-reject.html: Added.
      * fast/js/Promise-static-resolve-expected.txt: Added.
      * fast/js/Promise-static-resolve.html: Added.
      * fast/js/Promise-then-expected.txt: Added.
      * fast/js/Promise-then-in-workers-expected.txt: Added.
      * fast/js/Promise-then-in-workers.html: Added.
      * fast/js/Promise-then-without-callbacks-expected.txt: Added.
      * fast/js/Promise-then-without-callbacks-in-workers-expected.txt: Added.
      * fast/js/Promise-then-without-callbacks-in-workers.html: Added.
      * fast/js/Promise-then-without-callbacks.html: Added.
      * fast/js/Promise-then.html: Added.
      * fast/js/Promise-types-expected.txt: Added.
      * fast/js/Promise-types.html: Added.
      * fast/js/Promise.html: Added.
      * fast/js/resources/Promise-catch-in-workers.js: Added.
      * fast/js/resources/Promise-fulfill-in-workers.js: Added.
      * fast/js/resources/Promise-init-in-workers.js: Added.
      * fast/js/resources/Promise-reject-in-workers.js: Added.
      * fast/js/resources/Promise-resolve-in-workers.js: Added.
      * fast/js/resources/Promise-simple-in-workers.js: Added.
      * fast/js/resources/Promise-then-in-workers.js: Added.
      * fast/js/resources/Promise-then-without-callbacks-in-workers.js: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154629 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bd760697
    • barraclough@apple.com's avatar
      RegExpMatchesArray should not call [[put]] · 49a919a4
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120317
      
      Reviewed by Oliver Hunt.
      
      This will call accessors on the JSObject/JSArray prototypes - so adding an accessor or read-only
      property called index or input to either of these prototypes will result in broken behavior.
      
      Source/JavaScriptCore: 
      
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::reifyAllProperties):
          - put -> putDirect
      
      LayoutTests: 
      
      * fast/regex/lastIndex-expected.txt:
      * fast/regex/script-tests/lastIndex.js:
          - Added test
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154612 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      49a919a4
  9. 25 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      FloatTypedArrayAdaptor::toJSValue should almost certainly not use jsNumber()... · 1fb752ad
      fpizlo@apple.com authored
      FloatTypedArrayAdaptor::toJSValue should almost certainly not use jsNumber() since that attempts int conversions
      https://bugs.webkit.org/show_bug.cgi?id=120228
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      It turns out that there were three problems:
              
      - Using jsNumber() meant that we were converting doubles to integers and then
        possibly back again whenever doing a set() between floating point arrays.
              
      - Slow-path accesses to double typed arrays were slower than necessary because
        of the to-int conversion attempt.
              
      - The use of JSValue as an intermediate for converting between differen types
        in typedArray.set() resulted in worse code than I had previously expected.
              
      This patch solves the problem by using template double-dispatch to ensure that
      that C++ compiler sees the simplest possible combination of casts between any
      combination of typed array types, while still preserving JS and typed array
      conversion semantics. Conversions are done as follows:
              
          SourceAdaptor::convertTo<TargetAdaptor>(value)
              
      Internally, convertTo() calls one of three possible methods on TargetAdaptor,
      with one method for each of int32_t, uint32_t, and double. This means that the
      C++ compiler will at worst see a widening cast to one of those types followed
      by a narrowing conversion (not necessarily a cast - may have clamping or the
      JS toInt32() function).
              
      This change doesn't just affect typedArray.set(); it also affects slow-path
      accesses to typed arrays as well. This patch also adds a bunch of new test
      coverage.
              
      This change is a ~50% speed-up on typedArray.set() involving floating point
      types.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/GenericTypedArrayView.h:
      (JSC::GenericTypedArrayView::set):
      * runtime/JSDataViewPrototype.cpp:
      (JSC::setData):
      * runtime/JSGenericTypedArrayView.h:
      (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
      (JSC::JSGenericTypedArrayView::setIndexQuickly):
      * runtime/JSGenericTypedArrayViewInlines.h:
      (JSC::::setWithSpecificType):
      (JSC::::set):
      * runtime/ToNativeFromValue.h: Added.
      (JSC::toNativeFromValue):
      * runtime/TypedArrayAdaptors.h:
      (JSC::IntegralTypedArrayAdaptor::toJSValue):
      (JSC::IntegralTypedArrayAdaptor::toDouble):
      (JSC::IntegralTypedArrayAdaptor::toNativeFromInt32):
      (JSC::IntegralTypedArrayAdaptor::toNativeFromUint32):
      (JSC::IntegralTypedArrayAdaptor::toNativeFromDouble):
      (JSC::IntegralTypedArrayAdaptor::convertTo):
      (JSC::FloatTypedArrayAdaptor::toJSValue):
      (JSC::FloatTypedArrayAdaptor::toDouble):
      (JSC::FloatTypedArrayAdaptor::toNativeFromInt32):
      (JSC::FloatTypedArrayAdaptor::toNativeFromUint32):
      (JSC::FloatTypedArrayAdaptor::toNativeFromDouble):
      (JSC::FloatTypedArrayAdaptor::convertTo):
      (JSC::Uint8ClampedAdaptor::toJSValue):
      (JSC::Uint8ClampedAdaptor::toDouble):
      (JSC::Uint8ClampedAdaptor::toNativeFromInt32):
      (JSC::Uint8ClampedAdaptor::toNativeFromUint32):
      (JSC::Uint8ClampedAdaptor::toNativeFromDouble):
      (JSC::Uint8ClampedAdaptor::convertTo):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
              
      Add coverage for three things:
              
      - Typed array accesses with corner-case values.
              
      - Typed array set() (i.e. copy) between arrays of different types.
              
      - Performance of typedArray.set() involving different types.
              
      This required some changes to our test harnesses, since they previously
      couldn't consistently do numerical array comparisons in a reliable way.
      
      * fast/js/regress/Float32Array-to-Float64Array-set-expected.txt: Added.
      * fast/js/regress/Float32Array-to-Float64Array-set.html: Added.
      * fast/js/regress/Float64Array-to-Int16Array-set-expected.txt: Added.
      * fast/js/regress/Float64Array-to-Int16Array-set.html: Added.
      * fast/js/regress/Int16Array-to-Int32Array-set-expected.txt: Added.
      * fast/js/regress/Int16Array-to-Int32Array-set.html: Added.
      * fast/js/regress/script-tests/Float32Array-to-Float64Array-set.js: Added.
      * fast/js/regress/script-tests/Float64Array-to-Int16Array-set.js: Added.
      * fast/js/regress/script-tests/Int16Array-to-Int32Array-set.js: Added.
      * fast/js/resources/js-test-pre.js:
      (areNumbersEqual):
      (areArraysEqual):
      (isResultCorrect):
      * fast/js/resources/standalone-pre.js:
      (areNumbersEqual):
      (areArraysEqual):
      (isTypedArray):
      (isResultCorrect):
      (stringify):
      (shouldBe):
      * fast/js/script-tests/typed-array-access.js: Added.
      (bitsToString):
      (bitsToValue):
      (valueToBits):
      (roundTrip):
      * fast/js/script-tests/typed-array-set-different-types.js: Added.
      (MyRandom):
      (.reference):
      (.usingConstruct):
      * fast/js/typed-array-access-expected.txt: Added.
      * fast/js/typed-array-access.html: Added.
      * fast/js/typed-array-set-different-types-expected.txt: Added.
      * fast/js/typed-array-set-different-types.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154569 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1fb752ad
  10. 23 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      Incorrect TypedArray#set behavior · 067496d0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=83818
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt and Mark Hahnenberg.
              
      This was so much fun! typedArray.set() is like a memmove on steroids, and I'm
      not smart enough to figure out optimal versions for *all* of the cases. But I
      did come up with optimal implementations for most of the cases, and I wrote
      spec-literal code (i.e. copy via a transfer buffer) for the cases I'm not smart
      enough to write optimal code for.
      
      * runtime/JSArrayBufferView.h:
      (JSC::JSArrayBufferView::hasArrayBuffer):
      * runtime/JSArrayBufferViewInlines.h:
      (JSC::JSArrayBufferView::buffer):
      (JSC::JSArrayBufferView::existingBufferInButterfly):
      (JSC::JSArrayBufferView::neuter):
      (JSC::JSArrayBufferView::byteOffset):
      * runtime/JSGenericTypedArrayView.h:
      * runtime/JSGenericTypedArrayViewInlines.h:
      (JSC::::setWithSpecificType):
      (JSC::::set):
      (JSC::::existingBuffer):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt and Mark Hahnenberg.
              
      Made it possible for shouldBe() to compare typed arrays to each other and to any array-like
      object.
              
      Added a bunch of tests for different kinds of overlapping typedArray.set()'s.
              
      For sanity, also added the reduced test case from the bug. Interestingly, though, that test
      case already passed on trunk - probably by luck (we had incidentally changed the default
      copy direction from one that happened to not work to one that happened to be fine, but only
      for this test).
      
      * fast/js/jsc-test-list:
      * fast/js/resources/js-test-pre.js:
      (isTypedArray):
      (isResultCorrect):
      (stringify):
      (shouldBe):
      * fast/js/script-tests/typed-array-copy.js: Added.
      * fast/js/script-tests/typedarray-set-destination-smaller-than-source.js: Added.
      * fast/js/script-tests/typedarray-set-overlapping-elements-of-same-size.js: Added.
      * fast/js/script-tests/typedarray-set-same-type-memmove.js: Added.
      (arraysEqual):
      * fast/js/script-tests/typedarray-set-source-smaller-than-destination.js: Added.
      * fast/js/typed-array-copy-expected.txt: Added.
      * fast/js/typed-array-copy.html: Added.
      * fast/js/typedarray-set-destination-smaller-than-source-expected.txt: Added.
      * fast/js/typedarray-set-destination-smaller-than-source.html: Added.
      * fast/js/typedarray-set-overlapping-elements-of-same-size-expected.txt: Added.
      * fast/js/typedarray-set-overlapping-elements-of-same-size.html: Added.
      * fast/js/typedarray-set-same-type-memmove-expected.txt: Added.
      * fast/js/typedarray-set-same-type-memmove.html: Added.
      * fast/js/typedarray-set-source-smaller-than-destination-expected.txt: Added.
      * fast/js/typedarray-set-source-smaller-than-destination.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154518 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      067496d0
  11. 22 Aug, 2013 5 commits
    • mhahnenberg@apple.com's avatar
      JSObject and JSArray code shouldn't have to tiptoe around garbage collection · af9d9722
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120179
      
      Reviewed by Geoffrey Garen.
      
      There are many places in the code for JSObject and JSArray where they are manipulating their
      Butterfly/Structure, e.g. after expanding their out-of-line backing storage via allocating. Within
      these places there are certain "critical sections" where a GC would be disastrous. Gen GC looks
      like it will make this dance even more intricate. To make everybody's lives easier we should use
      the DeferGC mechanism in these functions to make these GC critical sections both obvious in the
      code and trivially safe. Deferring collections will usually only last marginally longer, thus we
      should not incur any additional overhead.
      
      * heap/Heap.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::unshiftCountSlowCase):
      * runtime/JSObject.cpp:
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureLengthSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154471 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      af9d9722
    • barraclough@apple.com's avatar
      Don't leak registers for redeclared variables · 6962a520
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120174
      
      Reviewed by Geoff Garen.
      
      We currently always allocate registers for new global variables, but these are wasted when the variable is being redeclared.
      Only allocate new registers when necessary.
      
      No performance impact.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      * runtime/Executable.cpp:
      (JSC::ProgramExecutable::initializeGlobalProperties):
          - Don't allocate the register here.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::addGlobalVar):
          - Allocate the register here instead.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154466 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6962a520
    • barraclough@apple.com's avatar
      Error.stack should not be enumerable · a928469d
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120171
      
      Reviewed by Oliver Hunt.
      
      Breaks ECMA tests.
      
      Source/JavaScriptCore: 
      
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::finishCreation):
          - None -> DontEnum
      
      LayoutTests: 
      
      * fast/js/exception-properties-expected.txt:
      * fast/js/script-tests/exception-properties.js:
          - Update test expectations.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154460 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a928469d
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=120128 · dd40a7eb
      barraclough@apple.com authored
      Remove putDirectVirtual
      
      Reviewed by Sam Weinig.
      
      This could most generously be described as 'vestigial'.
      No performance impact.
      
      * API/JSObjectRef.cpp:
      (JSObjectSetProperty):
          - changed to use defineOwnProperty
      * debugger/DebuggerActivation.cpp:
      * debugger/DebuggerActivation.h:
          - remove putDirectVirtual
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
          - changed to use defineOwnProperty
      * runtime/ClassInfo.h:
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.cpp:
      * runtime/JSObject.h:
      * runtime/JSProxy.cpp:
      * runtime/JSProxy.h:
      * runtime/JSSymbolTableObject.cpp:
      * runtime/JSSymbolTableObject.h:
          - remove putDirectVirtual
      * runtime/PropertyDescriptor.h:
      (JSC::PropertyDescriptor::PropertyDescriptor):
          - added constructor for convenience
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154459 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dd40a7eb
    • commit-queue@webkit.org's avatar
      errorDescriptionForValue() should not assume error value is an Object · ac4bd2b4
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=119812
      
      Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-22
      Reviewed by Geoffrey Garen.
      
      Added a check to make sure that the JSValue was an object before casting it as an object. Also, in case the parameterized JSValue
      has no type, the function now returns the empty string.
      * runtime/ExceptionHelpers.cpp:
      (JSC::errorDescriptionForValue):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154457 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ac4bd2b4
  12. 21 Aug, 2013 4 commits
    • barraclough@apple.com's avatar
      Clarify var/const/function declaration · 1d962d08
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120144
      
      Reviewed by Sam Weinig.
      
      Add methods to JSGlobalObject to declare vars, consts, and functions.
      
      * runtime/Executable.cpp:
      (JSC::ProgramExecutable::initializeGlobalProperties):
      * runtime/Executable.h:
          - Moved declaration code to JSGlobalObject
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::addGlobalVar):
          - internal implementation of addVar, addConst, addFunction
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::addVar):
      (JSC::JSGlobalObject::addConst):
      (JSC::JSGlobalObject::addFunction):
          - Added methods to declare vars, consts, and functions
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154434 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1d962d08
    • mhahnenberg@apple.com's avatar
      Rename/refactor setButterfly/setStructure · ab08d670
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120138
      
      Reviewed by Geoffrey Garen.
      
      setButterfly becomes setStructureAndButterfly.
      
      Also removed the Butterfly* argument from setStructure and just implicitly
      used m_butterfly internally since that's what every single client of setStructure
      was doing already.
      
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/JSObject.cpp:
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::seal):
      (JSC::JSObject::freeze):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::reifyStaticFunctionsForDelete):
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSC::JSObject::setStructureAndButterfly):
      (JSC::JSObject::setStructure):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      * runtime/Structure.cpp:
      (JSC::Structure::flattenDictionaryStructure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154426 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ab08d670
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=120127 · f39a4ec4
      barraclough@apple.com authored
      Remove JSObject::propertyIsEnumerable
      
      Unreviewed typo fix
      
      * runtime/JSObject.h:
          - fix typo
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154423 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f39a4ec4
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=120139 · 61ff98cd
      barraclough@apple.com authored
      PropertyDescriptor argument to define methods should be const
      
      Rubber stamped by Sam Weinig.
      
      This should never be modified, and this way we can use rvalues.
      
      Source/JavaScriptCore: 
      
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::defineOwnProperty):
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::defineOwnProperty):
      * runtime/Arguments.h:
      * runtime/ClassInfo.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      * runtime/JSArray.h:
      * runtime/JSArrayBuffer.cpp:
      (JSC::JSArrayBuffer::defineOwnProperty):
      * runtime/JSArrayBuffer.h:
      * runtime/JSArrayBufferView.cpp:
      (JSC::JSArrayBufferView::defineOwnProperty):
      * runtime/JSArrayBufferView.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::defineOwnProperty):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      * runtime/JSGenericTypedArrayView.h:
      * runtime/JSGenericTypedArrayViewInlines.h:
      (JSC::::defineOwnProperty):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::defineOwnProperty):
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::putDescriptor):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::defineOwnProperty):
      * runtime/JSProxy.h:
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::defineOwnProperty):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::defineOwnProperty):
      * runtime/RegExpObject.h:
      * runtime/StringObject.cpp:
      (JSC::StringObject::defineOwnProperty):
      * runtime/StringObject.h:
          - make PropertyDescriptor const
      
      Source/WebCore: 
      
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::defineOwnProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::defineOwnProperty):
      (WebCore::JSLocationPrototype::defineOwnProperty):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
          - make PropertyDescriptor const
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154422 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      61ff98cd