1. 26 Sep, 2013 2 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r156474. · bf43ed96
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/156474
      https://bugs.webkit.org/show_bug.cgi?id=121966
      
      Broke the builds. (Requested by xenon on #webkit).
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::registerName):
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::nameForRegister):
      * bytecode/CodeBlock.h:
      (JSC::unmodifiedArgumentsRegister):
      (JSC::CodeBlock::isKnownNotImmediate):
      (JSC::CodeBlock::setThisRegister):
      (JSC::CodeBlock::thisRegister):
      (JSC::CodeBlock::setArgumentsRegister):
      (JSC::CodeBlock::argumentsRegister):
      (JSC::CodeBlock::uncheckedArgumentsRegister):
      (JSC::CodeBlock::setActivationRegister):
      (JSC::CodeBlock::activationRegister):
      (JSC::CodeBlock::uncheckedActivationRegister):
      (JSC::CodeBlock::usesArguments):
      (JSC::CodeBlock::isCaptured):
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
      (JSC::LazyOperandValueProfileKey::operator!):
      (JSC::LazyOperandValueProfileKey::hash):
      (JSC::LazyOperandValueProfileKey::operand):
      (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
      (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
      * bytecode/MethodOfGettingAValueProfile.cpp:
      (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/Operands.h:
      (JSC::localToOperand):
      (JSC::operandIsLocal):
      (JSC::operandToLocal):
      (JSC::operandIsArgument):
      (JSC::operandToArgument):
      (JSC::argumentToOperand):
      (JSC::Operands::operand):
      (JSC::Operands::hasOperand):
      (JSC::Operands::setOperand):
      (JSC::Operands::operandForIndex):
      (JSC::Operands::setOperandFirstTime):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedCodeBlock::setThisRegister):
      (JSC::UnlinkedCodeBlock::setActivationRegister):
      (JSC::UnlinkedCodeBlock::setArgumentsRegister):
      (JSC::UnlinkedCodeBlock::usesArguments):
      (JSC::UnlinkedCodeBlock::argumentsRegister):
      (JSC::UnlinkedCodeBlock::usesGlobalObject):
      (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
      (JSC::UnlinkedCodeBlock::globalObjectRegister):
      (JSC::UnlinkedCodeBlock::thisRegister):
      (JSC::UnlinkedCodeBlock::activationRegister):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * bytecode/VirtualRegister.h:
      (WTF::printInternal):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate):
      (JSC::BytecodeGenerator::addVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
      (JSC::BytecodeGenerator::newRegister):
      (JSC::BytecodeGenerator::emitLoadGlobalObject):
      (JSC::BytecodeGenerator::emitGetArgumentsLength):
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::createArgumentsIfNecessary):
      (JSC::BytecodeGenerator::emitReturn):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::registerFor):
      * bytecompiler/RegisterID.h:
      (JSC::RegisterID::RegisterID):
      (JSC::RegisterID::setIndex):
      (JSC::RegisterID::index):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::thisObject):
      * dfg/DFGAbstractHeap.h:
      (JSC::DFG::AbstractHeap::Payload::Payload):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      (JSC::DFG::::clobberCapturedVars):
      * dfg/DFGArgumentPosition.h:
      (JSC::DFG::ArgumentPosition::dump):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::newVariableAccessData):
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::setDirect):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
      (JSC::DFG::ByteCodeParser::findArgumentPosition):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::getToInt32):
      (JSC::DFG::ByteCodeParser::getThis):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitFunctionChecks):
      (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedActivationRegisterFor):
      (JSC::DFG::Graph::valueProfileFor):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (JSC::DFG::Node::hasVirtualRegister):
      (JSC::DFG::Node::virtualRegister):
      (JSC::DFG::Node::setVirtualRegister):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      (JSC::DFG::OSREntrypointCreationPhase::run):
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGRegisterBank.h:
      (JSC::DFG::RegisterBank::tryAllocate):
      (JSC::DFG::RegisterBank::allocateSpecific):
      (JSC::DFG::RegisterBank::retain):
      (JSC::DFG::RegisterBank::isInUse):
      (JSC::DFG::RegisterBank::dump):
      (JSC::DFG::RegisterBank::releaseAtIndex):
      (JSC::DFG::RegisterBank::allocateInternal):
      (JSC::DFG::RegisterBank::MapEntry::MapEntry):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::allocate):
      (JSC::DFG::ScoreBoard::use):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::checkConsistency):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::allocate):
      (JSC::DFG::SpeculativeJIT::fprAllocate):
      (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
      (JSC::DFG::SpeculativeJIT::flushRegisters):
      (JSC::DFG::SpeculativeJIT::isFlushed):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
      (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
      (JSC::DFG::SpeculativeJIT::setNodeForOperand):
      (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::validateCPS):
      (JSC::DFG::Validate::checkOperand):
      (JSC::DFG::Validate::reportValidationContext):
      * dfg/DFGValueRecoveryOverride.h:
      (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::operand):
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
      (JSC::DFG::VariableAccessData::flushFormat):
      * dfg/DFGVariableEvent.h:
      (JSC::DFG::VariableEvent::spill):
      (JSC::DFG::VariableEvent::setLocal):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLExitArgumentForOperand.h:
      (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
      (JSC::FTL::ExitArgumentForOperand::operand):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
      (JSC::FTL::LowerDFGToLLVM::observeMovHint):
      (JSC::FTL::LowerDFGToLLVM::addressFor):
      (JSC::FTL::LowerDFGToLLVM::payloadFor):
      (JSC::FTL::LowerDFGToLLVM::tagFor):
      * ftl/FTLOSREntry.cpp:
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSRExit.cpp:
      (JSC::FTL::OSRExit::convertToForward):
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      (JSC::unwindCallFrame):
      (JSC::Interpreter::unwind):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::addressFor):
      (JSC::AssemblyHelpers::tagFor):
      (JSC::AssemblyHelpers::payloadFor):
      (JSC::AssemblyHelpers::argumentsRegisterFor):
      * jit/JIT.h:
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITInlines.h:
      (JSC::JIT::emitGetVirtualRegister):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_tear_off_arguments):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_enter):
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_enter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::argumentsGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bf43ed96
    • msaboff@apple.com's avatar
      VirtualRegister should be a class · 1796ad0f
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121732
      
      Reviewed by Geoffrey Garen.
      
      This is a refactoring change.  Changed VirtualRegister from an enum to a class.
      Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
      and the similar functions for locals to VirtualRegister class.
      
      This is in preparation for changing the offset for the first local register from
      0 to -1.  This is needed since most native calling conventions have the architected
      frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
      pointer.  Local values start below that address.
      
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      * bytecode/MethodOfGettingAValueProfile.cpp:
      * bytecode/Operands.h:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecode/UnlinkedCodeBlock.h:
      * bytecode/ValueRecovery.h:
      * bytecode/VirtualRegister.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * bytecompiler/BytecodeGenerator.h:
      * bytecompiler/RegisterID.h:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGAbstractHeap.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      * dfg/DFGArgumentPosition.h:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      * dfg/DFGCapabilities.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCode.cpp:
      * dfg/DFGNode.h:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGScoreBoard.h:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGValidate.cpp:
      * dfg/DFGValueRecoveryOverride.h:
      * dfg/DFGVariableAccessData.h:
      * dfg/DFGVariableEvent.h:
      * dfg/DFGVariableEventStream.cpp:
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      * ftl/FTLExitArgumentForOperand.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLLowerDFGToLLVM.cpp:
      * ftl/FTLOSREntry.cpp:
      * ftl/FTLOSRExit.cpp:
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * jit/AssemblyHelpers.h:
      * jit/JIT.h:
      * jit/JITCall.cpp:
      * jit/JITInlines.h:
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITStubs.cpp:
      * llint/LLIntSlowPaths.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * runtime/CommonSlowPaths.cpp:
      * runtime/JSActivation.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156474 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1796ad0f
  2. 24 Jul, 2013 2 commits
    • oliver@apple.com's avatar
      fourthTier: should use ConcurrentJITLock[er] directly and not through typedef · d205666b
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=116561
      
      Rubber stamped by Geoffrey Garen.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::computeUpdatedPrediction):
      (JSC::ArrayProfile::briefDescription):
      * bytecode/ArrayProfile.h:
      (ArrayProfile):
      (JSC::ArrayProfile::expectedStructure):
      (JSC::ArrayProfile::structureIsPolymorphic):
      (JSC::ArrayProfile::hasDefiniteStructure):
      (JSC::ArrayProfile::observedArrayModes):
      (JSC::ArrayProfile::mayInterceptIndexedAccesses):
      (JSC::ArrayProfile::mayStoreToHole):
      (JSC::ArrayProfile::outOfBounds):
      (JSC::ArrayProfile::usesOriginalArrayStructures):
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpValueProfiling):
      (JSC::CodeBlock::dumpArrayProfiling):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC::CodeBlock::updateAllArrayPredictions):
      (JSC::CodeBlock::nameForRegister):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (CodeBlock):
      * bytecode/CodeBlockLock.h: Removed.
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFor):
      * bytecode/LazyOperandValueProfile.cpp:
      (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
      (JSC::CompressedLazyOperandValueProfileHolder::add):
      (JSC::LazyOperandValueProfileParser::initialize):
      (JSC::LazyOperandValueProfileParser::prediction):
      * bytecode/LazyOperandValueProfile.h:
      (CompressedLazyOperandValueProfileHolder):
      (LazyOperandValueProfileParser):
      * bytecode/MethodOfGettingAValueProfile.cpp:
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFor):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ValueProfile.h:
      (JSC::ValueProfileBase::briefDescription):
      (JSC::ValueProfileBase::computeUpdatedPrediction):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::addVar):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::fromObserved):
      * dfg/DFGArrayMode.h:
      (ArrayMode):
      (JSC::DFG::ArrayMode::withProfile):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getArrayMode):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * jit/JITInlines.h:
      (JSC::JIT::chooseArrayMode):
      * jit/JITStubs.cpp:
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::lazyLinkFor):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      * runtime/Executable.cpp:
      (JSC::ProgramExecutable::addGlobalVar):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::getOwnNonIndexPropertyNames):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      * runtime/JSScope.cpp:
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolvePut):
      * runtime/JSSegmentedVariableObject.cpp:
      (JSC::JSSegmentedVariableObject::findRegisterIndex):
      (JSC::JSSegmentedVariableObject::addRegisters):
      * runtime/JSSegmentedVariableObject.h:
      (JSSegmentedVariableObject):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      (Structure):
      * runtime/SymbolTable.h:
      (SymbolTable):
      (JSC::SymbolTable::find):
      (JSC::SymbolTable::get):
      (JSC::SymbolTable::inlineGet):
      (JSC::SymbolTable::begin):
      (JSC::SymbolTable::end):
      (JSC::SymbolTable::size):
      (JSC::SymbolTable::add):
      (JSC::SymbolTable::set):
      (JSC::SymbolTable::contains):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153170 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d205666b
    • oliver@apple.com's avatar
      fourthTier: value profiles and array profiles should be thread-safe enough to... · c14eb7d0
      oliver@apple.com authored
      fourthTier: value profiles and array profiles should be thread-safe enough to be accessible in a concurrent compilation thread
      https://bugs.webkit.org/show_bug.cgi?id=114906
      
      Source/JavaScriptCore:
      
      Reviewed by Oliver Hunt.
      
      This introduces thread safety to value profiles, array profiles, and
      array allocation profiles.
      
      We already have three separate operations that happen on profiles:
      (1) writing, which the JIT, LLInt, and OSR exit do; (2) updating,
      which happens during GC, from OSR entry slow-paths, and in the DFG;
      and (3) reading, which happens in the DFG. For example, the JIT/LLInt
      and OSR exit write to ValueProfile::m_buckets, which gets synthesized
      into ValueProfile::m_prediction (and other fields) during update, and
      the latter gets read by the DFG. Note that (2) must also happen in
      the DFG since only the DFG knows which code blocks it will inline,
      and those blocks' profiles may not have otherwise been updated via
      any other mechanism.
      
      I refer to these three operations as writing, updating, and reading.
      
      Consequently, both profile updating and profile reading may happen
      asynchronously, if the JIT is asynchronous.
      
      The locking protocol for profiles works as follows:
      
      - Writing does not require locking, but is only allowed on the main
        thread. We require that these fields can be stored atomically by
        the profiling code, even without locks. For value profiles, this
        only works on 64-bit platforms, currently. For array profiles,
        which consist of multiple separate fields, this means that an
        asynchronous update of the profile may see slight inconsistencies
        (like a structure that doesn't quite match the array modes bits),
        but these should be harmless: at worst, the DFG will specialize
        too much and we'll have OSR exits.
      
      - Updating a value profile requires holding a lock, but must assume
        that the fields written by the profiling code in JIT/LLInt may
        be written to without locking.
      
      - Reading a value profile requires holding a lock.
      
      The one major exception to these rules is the ArrayAllocationProfile,
      which requires no locking. We do this because it's used so often and
      in places where we don't necessarily have access to the owning
      CodeBlock, so if we did want it to be locked it would have to have
      its own lock. Also, I believe that it is sound to just make this
      profile racy and not worry about locking at all. All that was needed
      were some changes to ensure that we explicitly read some raced-over
      fields only once.
      
      Two additional interesting things in this change:
      
      - To make it easy to see which profile methods require locking, they
        take a const CodeBlockLocker& as an argument. I saw this idiom for
        identifying which methods require which locks to be held being used
        in LLVM, and I quite like it.
      
      - Lazy operand value profiles, which are created lazily and at any
        time, require the CodeBlockLock to be held when they are being
        created. Writes to them are lockless and main-thread-only, but as
        with other profiles, updates and reads require locking.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ArrayAllocationProfile.cpp:
      (JSC::ArrayAllocationProfile::updateIndexingType):
      * bytecode/ArrayAllocationProfile.h:
      (JSC::ArrayAllocationProfile::selectIndexingType):
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::computeUpdatedPrediction):
      (JSC::ArrayProfile::briefDescription):
      * bytecode/ArrayProfile.h:
      (ArrayProfile):
      (JSC::ArrayProfile::expectedStructure):
      (JSC::ArrayProfile::structureIsPolymorphic):
      (JSC::ArrayProfile::hasDefiniteStructure):
      (JSC::ArrayProfile::observedArrayModes):
      (JSC::ArrayProfile::mayInterceptIndexedAccesses):
      (JSC::ArrayProfile::mayStoreToHole):
      (JSC::ArrayProfile::outOfBounds):
      (JSC::ArrayProfile::usesOriginalArrayStructures):
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpValueProfiling):
      (JSC::CodeBlock::dumpArrayProfiling):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC::CodeBlock::updateAllArrayPredictions):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::updateAllPredictionsAndCheckIfShouldOptimizeNow):
      (CodeBlock):
      * bytecode/CodeBlockLock.h: Added.
      (JSC):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFor):
      * bytecode/LazyOperandValueProfile.cpp:
      (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
      (JSC::CompressedLazyOperandValueProfileHolder::add):
      (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
      (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
      (JSC):
      (JSC::LazyOperandValueProfileParser::initialize):
      (JSC::LazyOperandValueProfileParser::prediction):
      * bytecode/LazyOperandValueProfile.h:
      (CompressedLazyOperandValueProfileHolder):
      (LazyOperandValueProfileParser):
      * bytecode/MethodOfGettingAValueProfile.cpp:
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFor):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ValueProfile.h:
      (JSC::ValueProfileBase::briefDescription):
      (ValueProfileBase):
      (JSC::ValueProfileBase::computeUpdatedPrediction):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::fromObserved):
      * dfg/DFGArrayMode.h:
      (ArrayMode):
      (JSC::DFG::ArrayMode::withProfile):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getArrayMode):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * jit/JITInlines.h:
      (JSC::JIT::chooseArrayMode):
      * jit/JITStubs.cpp:
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::lazyLinkFor):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      * runtime/JSScope.cpp:
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolvePut):
      
      Source/WTF:
      
      Reviewed by Oliver Hunt.
      
      Add ability to abstract whether or not the CodeBlock requires locking at all,
      since some platforms may not support the byte spin-locking and/or may not want
      to, if they turn off concurrent JIT.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/ByteSpinLock.h:
      * wtf/NoLock.h: Added.
      (WTF):
      (NoLock):
      (WTF::NoLock::lock):
      (WTF::NoLock::unlock):
      (WTF::NoLock::isHeld):
      * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153123 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c14eb7d0
  3. 23 Jan, 2013 1 commit
    • oliver@apple.com's avatar
      Replace ASSERT_NOT_REACHED with RELEASE_ASSERT_NOT_REACHED in JSC · 5598c181
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=107736
      
      Reviewed by Mark Hahnenberg.
      
      Mechanical change with no performance impact.
      
      * API/JSBlockAdaptor.mm:
      (BlockArgumentTypeDelegate::typeVoid):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::construct):
      (JSC::::call):
      * API/JSScriptRef.cpp:
      * API/ObjCCallbackFunction.mm:
      (ArgumentTypeDelegate::typeVoid):
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::link):
      (JSC::ARMv7Assembler::replaceWithLoad):
      (JSC::ARMv7Assembler::replaceWithAddressComputation):
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::invert):
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::countLeadingZeros32):
      (JSC::MacroAssemblerARM::divDouble):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::absDouble):
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::absDouble):
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::shllImm8r):
      (JSC::SH4Assembler::shlrImm8r):
      (JSC::SH4Assembler::cmplRegReg):
      (JSC::SH4Assembler::branch):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::replaceWithLoad):
      (JSC::X86Assembler::replaceWithAddressComputation):
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CodeBlock.cpp:
      (JSC::debugHookName):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/DataFormat.h:
      (JSC::needDataFormatConversion):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      (JSC::exitKindIsCountable):
      * bytecode/MethodOfGettingAValueProfile.cpp:
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/Opcode.h:
      (JSC::opcodeLength):
      * bytecode/PolymorphicPutByIdList.cpp:
      (JSC::PutByIdAccess::fromStructureStubInfo):
      (JSC::PutByIdAccess::visitWeak):
      * bytecode/StructureStubInfo.cpp:
      (JSC::StructureStubInfo::deref):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::emitGetLocalVar):
      (JSC::BytecodeGenerator::beginSwitch):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::BinaryOpNode::emitBytecode):
      (JSC::emitReadModifyAssignment):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      * dfg/DFGCommon.h:
      (JSC::DFG::useKindToString):
      * dfg/DFGDoubleFormatState.h:
      (JSC::DFG::mergeDoubleFormatStates):
      (JSC::DFG::doubleFormatStateToString):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::blessArrayOperation):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::valueOfJSConstant):
      (JSC::DFG::Node::successor):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::nodeFlagsAsString):
      * dfg/DFGNodeType.h:
      (JSC::DFG::defaultFlags):
      * dfg/DFGRepatch.h:
      (JSC::DFG::dfgResetGetByID):
      (JSC::DFG::dfgResetPutByID):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::call):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::bitOp):
      (JSC::DFG::SpeculativeJIT::shiftOp):
      (JSC::DFG::SpeculativeJIT::integerResult):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableEvent.cpp:
      (JSC::DFG::VariableEvent::dump):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * heap/BlockAllocator.h:
      (JSC::BlockAllocator::regionSetFor):
      * heap/GCThread.cpp:
      (JSC::GCThread::gcThreadMain):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::isLive):
      * interpreter/CallFrame.h:
      (JSC::ExecState::inlineCallFrame):
      * interpreter/Interpreter.cpp:
      (JSC::getCallerInfo):
      (JSC::getStackFrameCodeType):
      (JSC::Interpreter::execute):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emitSlow_op_mod):
      * jit/JITArithmetic32_64.cpp:
      (JSC::JIT::emitBinaryDoubleOp):
      (JSC::JIT::emitSlow_op_mod):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::isDirectPutById):
      * jit/JITStubs.cpp:
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * parser/Lexer.cpp:
      (JSC::::lex):
      * parser/Nodes.h:
      (JSC::ExpressionNode::emitBytecodeInConditionContext):
      * parser/Parser.h:
      (JSC::Parser::getTokenName):
      (JSC::Parser::updateErrorMessageSpecialCase):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::operatorStackPop):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/DatePrototype.cpp:
      (JSC::formatLocaleDate):
      * runtime/Executable.cpp:
      (JSC::samplingDescription):
      * runtime/Executable.h:
      (JSC::ScriptExecutable::unlinkCalls):
      * runtime/Identifier.cpp:
      (JSC):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::getCallData):
      * runtime/JSArray.cpp:
      (JSC::JSArray::push):
      (JSC::JSArray::sort):
      * runtime/JSCell.cpp:
      (JSC::JSCell::defaultValue):
      (JSC::JSCell::getOwnPropertyNames):
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC::JSCell::className):
      (JSC::JSCell::getPropertyNames):
      (JSC::JSCell::customHasInstance):
      (JSC::JSCell::putDirectVirtual):
      (JSC::JSCell::defineOwnProperty):
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSNameScope.cpp:
      (JSC::JSNameScope::put):
      * runtime/JSObject.cpp:
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::canSetIndexQuicklyForPutDirect):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::hasSparseMap):
      (JSC::JSObject::inSparseIndexingMode):
      * runtime/JSScope.cpp:
      (JSC::JSScope::isDynamicScope):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::putDirectVirtual):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/RegExp.cpp:
      (JSC::RegExp::compile):
      (JSC::RegExp::compileMatchOnly):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::sample):
      * yarr/YarrCanonicalizeUCS2.h:
      (JSC::Yarr::getCanonicalPair):
      (JSC::Yarr::areCanonicallyEquivalent):
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::Interpreter::matchCharacterClass):
      (JSC::Yarr::Interpreter::matchBackReference):
      (JSC::Yarr::Interpreter::backtrackParenthesesTerminalEnd):
      (JSC::Yarr::Interpreter::matchParentheses):
      (JSC::Yarr::Interpreter::backtrackParentheses):
      (JSC::Yarr::Interpreter::matchDisjunction):
      * yarr/YarrJIT.cpp:
      (JSC::Yarr::YarrGenerator::generateTerm):
      (JSC::Yarr::YarrGenerator::backtrackTerm):
      * yarr/YarrParser.h:
      (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
      (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
      * yarr/YarrPattern.cpp:
      (JSC::Yarr::YarrPatternConstructor::atomCharacterClassBuiltIn):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140594 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5598c181
  4. 23 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit value profiling should have graceful handling of local variables and arguments · 31659dee
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=79310
      
      Reviewed by Gavin Barraclough.
              
      Previously, if we OSR exited because a prediction in a local was wrong, we'd
      only realize what the true type of the local was if the regular value profiling
      kicked in and told us. Unless the local was block-locally copy propagated, in
      which case we'd know from an OSR exit profile.
              
      This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
      exit because of a mispredicted local or argument type, we'll know what the type of
      the local or argument should be immediately upon exiting.
              
      The way that local variable OSR exit profiling works is that we now have a lazily
      added set of OSR-exit-only value profiles for exit sites that are BadType and that
      cited a GetLocal as their value source. The value profiles are only added if the
      OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
      operand. The look-up is performed by querying the
      CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
      the bytecode index and the operand. Because the value profiles are added at random
      times, they are not sorted; instead they are just stored in an arbitrarily-ordered
      SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
      creates a LazyOperandValueProfileParser, which turns the
      CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
      of DFG parsing.
              
      Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
      into which values observed during OSR exit would be placed. Now it uses a lazy
      thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
      either contain a ValueProfile inside it (which works for previous uses of OSR exit
      profiling) or it may just have knowledge of how to go about creating the
      LazyOperandValueProfile in the case that the OSR exit is actually taken. This
      ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
      value profiling buckets unless we actually did OSR exit on every single operand,
      in every single instruction, in each code block (that's probably unlikely).
              
      This appears to be neutral on the major benchmarks, but is a double-digit speed-up
      on code deliberately written to have data flow that spans basic blocks and where
      the code exhibits post-optimization polymorphism in a local variable.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::lazyOperandValueProfiles):
      * bytecode/LazyOperandValueProfile.cpp: Added.
      (JSC):
      (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
      (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
      (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
      (JSC::CompressedLazyOperandValueProfileHolder::add):
      (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
      (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
      (JSC::LazyOperandValueProfileParser::getIfPresent):
      (JSC::LazyOperandValueProfileParser::prediction):
      * bytecode/LazyOperandValueProfile.h: Added.
      (JSC):
      (LazyOperandValueProfileKey):
      (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
      (JSC::LazyOperandValueProfileKey::operator!):
      (JSC::LazyOperandValueProfileKey::operator==):
      (JSC::LazyOperandValueProfileKey::hash):
      (JSC::LazyOperandValueProfileKey::bytecodeOffset):
      (JSC::LazyOperandValueProfileKey::operand):
      (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
      (JSC::LazyOperandValueProfileKeyHash::hash):
      (JSC::LazyOperandValueProfileKeyHash::equal):
      (LazyOperandValueProfileKeyHash):
      (WTF):
      (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
      (LazyOperandValueProfile):
      (JSC::LazyOperandValueProfile::key):
      (CompressedLazyOperandValueProfileHolder):
      (LazyOperandValueProfileParser):
      * bytecode/MethodOfGettingAValueProfile.cpp: Added.
      (JSC):
      (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/MethodOfGettingAValueProfile.h: Added.
      (JSC):
      (MethodOfGettingAValueProfile):
      (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
      (JSC::MethodOfGettingAValueProfile::operator!):
      * bytecode/ValueProfile.cpp: Removed.
      * bytecode/ValueProfile.h:
      (JSC):
      (ValueProfileBase):
      (JSC::ValueProfileBase::ValueProfileBase):
      (JSC::ValueProfileBase::dump):
      (JSC::ValueProfileBase::computeUpdatedPrediction):
      (JSC::MinimalValueProfile::MinimalValueProfile):
      (ValueProfileWithLogNumberOfBuckets):
      (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
      (JSC::ValueProfile::ValueProfile):
      (JSC::getValueProfileBytecodeOffset):
      (JSC::getRareCaseProfileBytecodeOffset):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
      (DFG):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueProfileFor):
      (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
      (Graph):
      * dfg/DFGNode.h:
      (Node):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPhase.cpp:
      (JSC::DFG::Phase::beginPhase):
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
      (VariableAccessData):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108677 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      31659dee
  5. 18 Feb, 2012 2 commits
    • fpizlo@apple.com's avatar
      DFGPropagator.cpp has too many things · a18833ed
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=78956
      
      Reviewed by Oliver Hunt.
              
      Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
      various things and put them into separate files. These new phases follow
      the naming convention "DFG<name>Phase" where <name> is a noun. They are
      called via functions of the form "perform<name>".
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
      (DFG):
      (JSC::DFG::performArithNodeFlagsInference):
      * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
      (DFG):
      * dfg/DFGCFAPhase.cpp: Added.
      (DFG):
      (JSC::DFG::performCFA):
      * dfg/DFGCFAPhase.h: Added.
      (DFG):
      * dfg/DFGCSEPhase.cpp: Added.
      (DFG):
      (JSC::DFG::performCSE):
      * dfg/DFGCSEPhase.h: Added.
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGPhase.cpp: Added.
      (DFG):
      (JSC::DFG::Phase::beginPhase):
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGPhase.h: Added.
      (DFG):
      (Phase):
      (JSC::DFG::Phase::Phase):
      (JSC::DFG::Phase::~Phase):
      (JSC::DFG::Phase::globalData):
      (JSC::DFG::Phase::codeBlock):
      (JSC::DFG::Phase::profiledBlock):
      (JSC::DFG::Phase::beginPhase):
      (JSC::DFG::Phase::endPhase):
      (JSC::DFG::runPhase):
      * dfg/DFGPredictionPropagationPhase.cpp: Added.
      (DFG):
      (JSC::DFG::performPredictionPropagation):
      * dfg/DFGPredictionPropagationPhase.h: Added.
      (DFG):
      * dfg/DFGPropagator.cpp: Removed.
      * dfg/DFGPropagator.h: Removed.
      * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
      (DFG):
      (JSC::DFG::performVirtualRegisterAllocation):
      * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
      (DFG):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108166 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a18833ed
    • fpizlo@apple.com's avatar
      DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and · adf274c5
      fpizlo@apple.com authored
      the CodeBlock that was used for profiling
      https://bugs.webkit.org/show_bug.cgi?id=78954
      
      Reviewed by Gavin Barraclough.
      
      * bytecode/CodeBlock.h:
      (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
      (JSC):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::AbstractState):
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAbstractState.h:
      * dfg/DFGAssemblyHelpers.h:
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::parse):
      * dfg/DFGByteCodeParser.h:
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::Graph):
      (Graph):
      (JSC::DFG::Graph::getJSConstantPrediction):
      (JSC::DFG::Graph::addShouldSpeculateInteger):
      (JSC::DFG::Graph::isInt32Constant):
      (JSC::DFG::Graph::isDoubleConstant):
      (JSC::DFG::Graph::isNumberConstant):
      (JSC::DFG::Graph::isBooleanConstant):
      (JSC::DFG::Graph::isFunctionConstant):
      (JSC::DFG::Graph::valueOfJSConstant):
      (JSC::DFG::Graph::valueOfInt32Constant):
      (JSC::DFG::Graph::valueOfNumberConstant):
      (JSC::DFG::Graph::valueOfBooleanConstant):
      (JSC::DFG::Graph::valueOfFunctionConstant):
      (JSC::DFG::Graph::baselineCodeBlockFor):
      (JSC::DFG::Graph::valueProfileFor):
      (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JITCompiler):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::Propagator):
      (JSC::DFG::Propagator::isNotNegZero):
      (JSC::DFG::Propagator::isNotZero):
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::doRoundOfDoubleVoting):
      (JSC::DFG::Propagator::globalCFA):
      (JSC::DFG::propagate):
      * dfg/DFGPropagator.h:
      (DFG):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::isConstant):
      (JSC::DFG::SpeculativeJIT::isJSConstant):
      (JSC::DFG::SpeculativeJIT::isInt32Constant):
      (JSC::DFG::SpeculativeJIT::isDoubleConstant):
      (JSC::DFG::SpeculativeJIT::isNumberConstant):
      (JSC::DFG::SpeculativeJIT::isBooleanConstant):
      (JSC::DFG::SpeculativeJIT::isFunctionConstant):
      (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
      (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
      (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108154 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      adf274c5
  6. 15 Sep, 2011 1 commit
    • fpizlo@apple.com's avatar
      The DFG non-speculative JIT is no longer used and should be removed. · 903c378f
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68177
      
      Reviewed by Geoffrey Garen.
              
      This removes the non-speculative JIT and everything that relied on it,
      including the ability to turn on DFG but not tiered compilation the,
      ability to perform speculation failure into non-speculative JIT code,
      and the ability to statically terminate speculation.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.pro:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.h:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitLoopHint):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getStrongPrediction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGenerationInfo.h:
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGJITCodeGenerator.cpp:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileBody):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGNode.h:
      * dfg/DFGNonSpeculativeJIT.cpp: Removed.
      * dfg/DFGNonSpeculativeJIT.h: Removed.
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGPropagator.cpp:
      * dfg/DFGPropagator.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::osrExits):
      (JSC::DFG::SpeculativeJIT::speculationRecovery):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      * jit/JITCode.h:
      (JSC::JITCode::bottomTierJIT):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      * wtf/Platform.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95240 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      903c378f
  7. 06 Sep, 2011 1 commit
    • fpizlo@apple.com's avatar
      JavaScriptCore does not have tiered compilation · 594887ab
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=67176
      
      Reviewed by Gavin Barraclough.
      
      This adds the ability to have multiple CodeBlocks associated with
      a particular role in an Executable.  These are stored in
      descending order of compiler tier.  CodeBlocks are optimized when
      a counter (m_executeCounter) that is incremented in loops and
      epilogues becomes positive.  Optimizing means that all calls to
      the old CodeBlock are unlinked.
      
      The DFG can now pull in predictions from ValueProfiles, and
      propagate them along the graph.  To support the new phase while
      maintaing some level of abstraction, a DFGDriver was introduced
      that encapsulates how to run the DFG compiler.
      
      This is turned off by default because it's not yet a performance
      win on all benchmarks.  It speeds up crypto and richards by
      10% and 6% respectively, but still does not do as good of a job
      as it could.  Notably, the DFG backend has not changed, and
      is largely oblivious to the new information being made available
      to it.
      
      When turned off (the default), this patch is performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::branchAdd32):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::branchAdd32):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CallLinkInfo::unlink):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::clearEvalCache):
      (JSC::replaceExistingEntries):
      (JSC::CodeBlock::copyDataFromAlternative):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::ProgramCodeBlock::compileOptimized):
      (JSC::EvalCodeBlock::compileOptimized):
      (JSC::FunctionCodeBlock::compileOptimized):
      * bytecode/CodeBlock.h:
      (JSC::GlobalCodeBlock::GlobalCodeBlock):
      (JSC::ProgramCodeBlock::ProgramCodeBlock):
      (JSC::EvalCodeBlock::EvalCodeBlock):
      (JSC::FunctionCodeBlock::FunctionCodeBlock):
      * bytecode/ValueProfile.h:
      (JSC::ValueProfile::dump):
      (JSC::ValueProfile::computeStatistics):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * bytecompiler/BytecodeGenerator.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::dynamicallyPredict):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::parse):
      * dfg/DFGDriver.cpp: Added.
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGDriver.h: Added.
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::predict):
      (JSC::DFG::Graph::predictGlobalVar):
      (JSC::DFG::Graph::isConstant):
      (JSC::DFG::Graph::isJSConstant):
      (JSC::DFG::Graph::isInt32Constant):
      (JSC::DFG::Graph::isDoubleConstant):
      (JSC::DFG::Graph::valueOfJSConstant):
      (JSC::DFG::Graph::valueOfInt32Constant):
      (JSC::DFG::Graph::valueOfDoubleConstant):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::isConstant):
      (JSC::DFG::JITCompiler::isJSConstant):
      (JSC::DFG::JITCompiler::isInt32Constant):
      (JSC::DFG::JITCompiler::isDoubleConstant):
      (JSC::DFG::JITCompiler::valueOfJSConstant):
      (JSC::DFG::JITCompiler::valueOfInt32Constant):
      (JSC::DFG::JITCompiler::valueOfDoubleConstant):
      * dfg/DFGNode.h:
      (JSC::DFG::isCellPrediction):
      (JSC::DFG::isNumberPrediction):
      (JSC::DFG::predictionToString):
      (JSC::DFG::mergePrediction):
      (JSC::DFG::makePrediction):
      (JSC::DFG::Node::valueOfJSConstant):
      (JSC::DFG::Node::isInt32Constant):
      (JSC::DFG::Node::isDoubleConstant):
      (JSC::DFG::Node::valueOfInt32Constant):
      (JSC::DFG::Node::valueOfDoubleConstant):
      (JSC::DFG::Node::predict):
      * dfg/DFGPropagation.cpp: Added.
      (JSC::DFG::Propagator::Propagator):
      (JSC::DFG::Propagator::fixpoint):
      (JSC::DFG::Propagator::setPrediction):
      (JSC::DFG::Propagator::mergePrediction):
      (JSC::DFG::Propagator::propagateNode):
      (JSC::DFG::Propagator::propagateForward):
      (JSC::DFG::Propagator::propagateBackward):
      (JSC::DFG::propagate):
      * dfg/DFGPropagation.h: Added.
      (JSC::DFG::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::dfgLinkFor):
      * heap/HandleHeap.h:
      (JSC::HandleHeap::Node::Node):
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      (JSC::JIT::emitTimeoutCheck):
      (JSC::JIT::privateCompile):
      (JSC::JIT::linkFor):
      * jit/JIT.h:
      (JSC::JIT::emitOptimizationCheck):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      * jit/JITCode.h:
      (JSC::JITCode::JITCode):
      (JSC::JITCode::bottomTierJIT):
      (JSC::JITCode::topTierJIT):
      (JSC::JITCode::nextTierJIT):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::EvalExecutable::compile):
      (JSC::ProgramExecutable::compile):
      (JSC::FunctionExecutable::compileForCall):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::compileOptimizedFor):
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
      (WTF::BasicRawSentinelNode::setPrev):
      (WTF::BasicRawSentinelNode::setNext):
      (WTF::BasicRawSentinelNode::prev):
      (WTF::BasicRawSentinelNode::next):
      (WTF::BasicRawSentinelNode::isOnList):
      (WTF::::remove):
      (WTF::::SentinelLinkedList):
      (WTF::::begin):
      (WTF::::end):
      (WTF::::push):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94559 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      594887ab
  8. 17 Mar, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 56603 - DFG JIT related cleanup · d9976840
      barraclough@apple.com authored
      Move node generation out to separate function, move binarySearch algorithm out
      to StdLibExtras, fix Graph::dump() to print comma between non-node children,
      even if there are no node children.
      
      Reviewed by Sam Weinig.
      
      * bytecode/CodeBlock.h:
      (JSC::getCallReturnOffset):
      (JSC::CodeBlock::getStubInfo):
      (JSC::CodeBlock::getCallLinkInfo):
      (JSC::CodeBlock::getMethodCallLinkInfo):
      (JSC::CodeBlock::bytecodeOffset):
          - Move binaryChop to binarySearch in StdLibExtras
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::parse):
      (JSC::DFG::parse):
          - Make m_noArithmetic a member, initialize m_currentIndex in the constructor.
      * dfg/DFGByteCodeParser.h:
          - Change parse() to not take a start index (always 0).
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
          - Fix Graph::dump() to print comma between non-node children, even if there are no node children.
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
          - Initialize m_compileIndex in constructor.
      * dfg/DFGNonSpeculativeJIT.cpp:
      (JSC::DFG::NonSpeculativeJIT::compile):
      * dfg/DFGNonSpeculativeJIT.h:
          - Spilt out compilation of individual node.
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationConvertThis):
      * dfg/DFGOperations.h:
          - Cleanup parameter name.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.h:
          - Spilt out compilation of individual node.
      * runtime/Executable.cpp:
      (JSC::tryDFGCompile):
          - Change parse() to not take a start index (always 0).
      * wtf/StdLibExtras.h:
      (WTF::binarySearch):
          - Move binaryChop to binarySearch in StdLibExtras
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81403 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d9976840
  9. 14 Mar, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 56284 - Add a dataflow intermediate representation for use in JIT generation. · 2302c04f
      barraclough@apple.com authored
      Reviewed by Geoffrey Garen & Oliver Hunt.
      
      The JSC JIT presently generates code directly from the bytecode used by the interpreter.
      This is not an optimal intermediate representation for JIT code generation, since it does
      not capture liveness information of values, and provides little opportunity to perform
      any static analysis for even primitive types. The JIT currently generates two code paths,
      a fast path handling common cases, and a slower path handling less common operand types.
      However the slow path jumps back into the fast path, meaning that information arising
      from the earlier type checks cannot be propagated to later operations.
      
      This patch adds:
          * a dataflow intermediate representation capable of describing a single basic block
            of operations,
          * a mechanism to convert a simple, single-block bytecode functions to the new IR,
          * and a JIT code generator capable of generating code from this representation.
      
      The JIT generates two code paths, with the slower path not reentering the fast path
      mid-block, allowing speculative optimizations to be made on the hot path, with type
      information arising from these speculative decisions able to be propagated through the
      dataflow. Code generation of both speculative and non-speculative paths exploits the type
      and liveness information represented in the dataflow graph to attempt to avoid redundant
      boxing and type-checking of values, and to remove unnecessary spills of temporary values
      to the RegisterFile.
      
      The dataflow JIT currently can only support a subset of bytecode operations, limited to
      arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
      dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
      expanded to include, control-flow, function calls, and then the long-tail of remaining
      bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
      this only supports x86-64.
      
      The status of the dataflow JIT is currently work-in-progress. Limitations of the present
      JIT code generation may cause performance regressions, particularly:
          * the policy to only generate arithmetic code on the speculative path using integer
            instructions, never using floating point.
          * the policy to only generate arithmetic code on the non-speculative path using
            floating point instructions, never using integer.
          * always generating JSValue adds on the non-speculative path as a call out to a
            C-function, never handling this in JIT code.
          * always assuming by-Value property accesses on the speculative path to be array
            accesses.
          * generating all by-Value property accesses from the non-speculative path as a call
            out to a C-function.
          * generating all by-Indentifer property accesses as a call out to a C-function.
      Due to these regressions, the code is landed in a state where it is disabled in most
      cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
      addressed, the JIT will be allowed to trigger in more cases.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
          - Added new files to Xcode project.
      * dfg: Added.
          - Added directory for new code.
      * dfg/DFGByteCodeParser.cpp: Added.
      * dfg/DFGByteCodeParser.h: Added.
          - Contruct a DFG::Graph representation from a bytecode CodeBlock.
      * dfg/DFGGenerationInfo.h: Added.
          - Track type & register information for VirtualRegisters during JIT code generation.
      * dfg/DFGGraph.cpp: Added.
      * dfg/DFGGraph.h: Added.
          - Dataflow graph intermediate representation for code generation.
      * dfg/DFGJITCodeGenerator.cpp: Added.
      * dfg/DFGJITCodeGenerator.h: Added.
          - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
      * dfg/DFGJITCompiler.cpp: Added.
      * dfg/DFGJITCompiler.h: Added.
          - Class responsible for driving code generation of speculativeJIT & non-speculative
            code paths from the dataflow graph.
      * dfg/DFGNonSpeculativeJIT.cpp: Added.
      * dfg/DFGNonSpeculativeJIT.h: Added.
          - Used to generate the non-speculative code path, this make no assumptions
            about operand types.
      * dfg/DFGOperations.cpp: Added.
      * dfg/DFGOperations.h: Added.
          - Helper functions called from the JIT generated code.
      * dfg/DFGRegisterBank.h: Added.
          - Used to track contents of physical registers during JIT code generation.
      * dfg/DFGSpeculativeJIT.cpp: Added.
      * dfg/DFGSpeculativeJIT.h: Added.
          - Used to generate the speculative code path, this make assumptions about
            operand types to enable optimization.
      * runtime/Executable.cpp:
          - Add code to attempt to use the DFG JIT to compile a function, with fallback
            to the existing JIT.
      * wtf/Platform.h:
          - Added compile guards to enable the DFG JIT.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81079 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2302c04f
  10. 09 Feb, 2011 1 commit
    • pvarga@webkit.org's avatar
      Replace PCRE with Yarr in WebCore · 4ab8255f
      pvarga@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=53496
      
      Reviewed by Gavin Barraclough.
      
      Rollback r77626 with windows build fix.
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.exp:
      * JavaScriptCore.gyp/JavaScriptCore.gyp:
      * JavaScriptCore.gypi:
      * JavaScriptCore.pro:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * create_regex_tables:
      * runtime/RegExp.cpp:
      * wtf/Platform.h:
      * yarr/Yarr.h:
      * yarr/YarrJIT.cpp:
      * yarr/YarrJIT.h:
      * yarr/YarrParser.h:
      * yarr/YarrPattern.h:
      * yarr/YarrSyntaxChecker.h:
      * yarr/yarr.pri: Added.
      
      Source/WebCore:
      
      No new tests needed.
      
      * Android.jscbindings.mk:
      * CMakeLists.txt:
      * ForwardingHeaders/pcre/pcre.h: Removed.
      * ForwardingHeaders/yarr/Yarr.h: Added.
      * ForwardingHeaders/yarr/YarrInterpreter.h: Added.
      * ForwardingHeaders/yarr/YarrPattern.h: Added.
      * WebCore.gyp/WebCore.gyp:
      * WebCore.pro:
      * WebCore.vcproj/WebCore.vcproj:
      * WebCore.vcproj/copyForwardingHeaders.cmd:
      * platform/text/RegularExpression.cpp:
      (WebCore::RegularExpression::Private::create):
      (WebCore::RegularExpression::Private::Private):
      (WebCore::RegularExpression::Private::compile):
      (WebCore::RegularExpression::match):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78042 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4ab8255f
  11. 04 Feb, 2011 2 commits
    • loislo@chromium.org's avatar
      2011-02-04 Sheriff Bot <webkit.review.bot@gmail.com> · 66fc8e99
      loislo@chromium.org authored
              Unreviewed, rolling out r77625 and r77626.
              http://trac.webkit.org/changeset/77625
              http://trac.webkit.org/changeset/77626
              https://bugs.webkit.org/show_bug.cgi?id=53765
      
              It broke Windows builds (Requested by Ossy_ on #webkit).
      
              * Android.jscbindings.mk:
              * CMakeLists.txt:
              * ForwardingHeaders/pcre/pcre.h: Added.
              * ForwardingHeaders/yarr/Yarr.h: Removed.
              * ForwardingHeaders/yarr/YarrInterpreter.h: Removed.
              * ForwardingHeaders/yarr/YarrPattern.h: Removed.
              * WebCore.gyp/WebCore.gyp:
              * WebCore.pro:
              * WebCore.vcproj/WebCore.vcproj:
              * WebCore.vcproj/copyForwardingHeaders.cmd:
              * platform/text/RegularExpression.cpp:
              (WebCore::RegularExpression::Private::regexp):
              (WebCore::RegularExpression::Private::compile):
              (WebCore::RegularExpression::Private::Private):
              (WebCore::RegularExpression::Private::create):
              (WebCore::RegularExpression::Private::~Private):
              (WebCore::RegularExpression::match):
      
      2011-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
      
              Unreviewed, rolling out r77625 and r77626.
              http://trac.webkit.org/changeset/77625
              http://trac.webkit.org/changeset/77626
              https://bugs.webkit.org/show_bug.cgi?id=53765
      
              It broke Windows builds (Requested by Ossy_ on #webkit).
      
              * JavaScriptCore.exp:
              * JavaScriptCore.gyp/JavaScriptCore.gyp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * create_regex_tables:
              * runtime/RegExp.cpp:
              * wtf/Platform.h:
              * yarr/Yarr.h:
              * yarr/YarrJIT.cpp:
              * yarr/YarrJIT.h:
              * yarr/YarrParser.h:
              * yarr/YarrPattern.h:
              * yarr/YarrSyntaxChecker.h:
              * yarr/yarr.pri: Removed.
      
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77630 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      66fc8e99
    • pvarga@webkit.org's avatar
      2011-02-04 Peter Varga <pvarga@webkit.org> · 43e81a73
      pvarga@webkit.org authored
              Reviewed by Gavin Barraclough.
      
              Replace PCRE with Yarr in WebCore
              https://bugs.webkit.org/show_bug.cgi?id=53496
      
              * JavaScriptCore.exp:
              * JavaScriptCore.gyp/JavaScriptCore.gyp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * create_regex_tables:
              * runtime/RegExp.cpp:
              * wtf/Platform.h:
              * yarr/Yarr.h:
              * yarr/YarrJIT.cpp:
              * yarr/YarrJIT.h:
              * yarr/YarrParser.h:
              * yarr/YarrPattern.h:
              * yarr/YarrSyntaxChecker.h:
              * yarr/yarr.pri: Added.
      2011-02-04  Peter Varga  <pvarga@webkit.org>
      
              Reviewed by Gavin Barraclough.
      
              Replace PCRE with Yarr in WebCore
              https://bugs.webkit.org/show_bug.cgi?id=53496
      
              No new tests needed.
      
              * Android.jscbindings.mk:
              * CMakeLists.txt:
              * ForwardingHeaders/pcre/pcre.h: Removed.
              * ForwardingHeaders/yarr/Yarr.h: Added.
              * ForwardingHeaders/yarr/YarrInterpreter.h: Added.
              * ForwardingHeaders/yarr/YarrPattern.h: Added.
              * WebCore.gyp/WebCore.gyp:
              * WebCore.pro:
              * WebCore.vcproj/WebCore.vcproj:
              * WebCore.vcproj/copyForwardingHeaders.cmd:
              * platform/text/RegularExpression.cpp:
              (WebCore::RegularExpression::Private::create):
              (WebCore::RegularExpression::Private::Private):
              (WebCore::RegularExpression::Private::compile):
              (WebCore::RegularExpression::match):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77625 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43e81a73
  12. 10 Jan, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 52079 - Syntax errors should be early errors. · 7e6bd6d6
      barraclough@apple.com authored
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      From chapter 16 the spec:
          An implementation must report most errors at the time the relevant ECMAScript language construct is
          evaluated. An early error is an error that can be detected and reported prior to the evaluation of
          any construct in the Program containing the error. An implementation must report early errors in a
          Program prior to the first evaluation of that Program. Early errors in eval code are reported at
          the time eval is called but prior to evaluation of any construct within the eval code. All errors
          that are not early errors are runtime errors.
      
          An implementation must treat any instance of the following kinds of errors as an early error:
              * Any syntax error."
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
          Added new files.
      * bytecode/CodeBlock.cpp:
          Removed op_throw_syntax_error.
      * bytecode/Opcode.h:
          Removed op_throw_syntax_error.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate):
          If m_expressionTooDeep then throw a runtime error.
      (JSC::BytecodeGenerator::BytecodeGenerator):
          Initialize m_expressionTooDeep.
      (JSC::BytecodeGenerator::emitThrowExpressionTooDeepException):
          Sets m_expressionTooDeep.
      * bytecompiler/BytecodeGenerator.h:
          Added m_expressionTooDeep, removed emitThrowSyntaxError.
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::ContinueNode::emitBytecode):
      (JSC::BreakNode::emitBytecode):
      (JSC::ReturnNode::emitBytecode):
      (JSC::LabelNode::emitBytecode):
          Conditions that threw syntax error are now handled during parsing;
          during bytecompilation these are now just ASSERTs.
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      * jit/JIT.h:
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
          Removed op_throw_syntax_error.
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::createRegExp):
          Renamed; added syntax check.
      * parser/JSParser.cpp:
      (JSC::JSParser::breakIsValid):
      (JSC::JSParser::hasLabel):
      (JSC::JSParser::Scope::Scope):
      (JSC::JSParser::Scope::setIsFunction):
      (JSC::JSParser::Scope::isFunctionBoundary):
      (JSC::JSParser::ScopeRef::hasContainingScope):
      (JSC::JSParser::ScopeRef::containingScope):
      (JSC::JSParser::AutoPopScopeRef::AutoPopScopeRef):
      (JSC::JSParser::AutoPopScopeRef::~AutoPopScopeRef):
      (JSC::JSParser::AutoPopScopeRef::setPopped):
      (JSC::JSParser::popScopeInternal):
      (JSC::JSParser::popScope):
      (JSC::jsParse):
      (JSC::JSParser::JSParser):
      (JSC::JSParser::parseProgram):
      (JSC::JSParser::parseBreakStatement):
      (JSC::JSParser::parseContinueStatement):
      (JSC::JSParser::parseReturnStatement):
      (JSC::JSParser::parseTryStatement):
      (JSC::JSParser::parseFunctionInfo):
      (JSC::JSParser::parseExpressionOrLabelStatement):
      (JSC::JSParser::parsePrimaryExpression):
      * parser/JSParser.h:
      * parser/Nodes.h:
      * parser/Parser.cpp:
      (JSC::Parser::parse):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::createRegExp):
          Renamed; added syntax check.
      * runtime/ExceptionHelpers.cpp:
      (JSC::createOutOfMemoryError):
      (JSC::throwOutOfMemoryError):
      * runtime/ExceptionHelpers.h:
          Broke out createOutOfMemoryError.
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
          Add check for exception after bytecode generation.
      * runtime/RegExpConstructor.cpp:
      (JSC::constructRegExp):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
          RegExp error prefixes not included in error string.
      * yarr/RegexParser.h:
      (JSC::Yarr::Parser::parse):
          Removed regexBegin/regexEnd/regexError.
      * yarr/RegexPattern.cpp:
      (JSC::Yarr::RegexPatternConstructor::regexBegin):
          Removed regexEnd/regexError.
      (JSC::Yarr::compileRegex):
          Add call to regexBegin (no longer called from the parser).
      * yarr/YarrSyntaxChecker.cpp: Added.
      (JSC::Yarr::SyntaxChecker::assertionBOL):
      (JSC::Yarr::SyntaxChecker::assertionEOL):
      (JSC::Yarr::SyntaxChecker::assertionWordBoundary):
      (JSC::Yarr::SyntaxChecker::atomPatternCharacter):
      (JSC::Yarr::SyntaxChecker::atomBuiltInCharacterClass):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassBegin):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassAtom):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassRange):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassBuiltIn):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassEnd):
      (JSC::Yarr::SyntaxChecker::atomParenthesesSubpatternBegin):
      (JSC::Yarr::SyntaxChecker::atomParentheticalAssertionBegin):
      (JSC::Yarr::SyntaxChecker::atomParenthesesEnd):
      (JSC::Yarr::SyntaxChecker::atomBackReference):
      (JSC::Yarr::SyntaxChecker::quantifyAtom):
      (JSC::Yarr::SyntaxChecker::disjunction):
      (JSC::Yarr::checkSyntax):
      * yarr/YarrSyntaxChecker.h: Added.
          Check RegExp syntax.
      
      LayoutTests: 
      
      Fix syntax errors in layout tests, and update expected results.
      
      * editing/selection/select-crash-001.html:
      * editing/selection/select-crash-002.html:
      * fast/canvas/webgl/renderbuffer-initialization.html:
      * fast/forms/25153.html:
      * fast/forms/textfield-drag-into-disabled.html:
      * fast/js/exception-codegen-crash-expected.txt:
      * fast/js/exception-codegen-crash.html:
      * fast/js/kde/parse-expected.txt:
      * fast/js/kde/script-tests/parse.js:
      * fast/js/large-expressions-expected.txt:
      * fast/js/named-function-expression-expected.txt:
      * fast/js/parser-syntax-check-expected.txt:
      * fast/js/script-tests/large-expressions.js:
      * fast/js/script-tests/named-function-expression.js:
      * fast/js/script-tests/parser-syntax-check.js:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A11.1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A11_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A12.1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A12_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T4-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A5_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A5_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A5_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A6-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A8_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A8_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T4-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A5_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A5_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A5_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A6-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A8_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A8_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T10-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T4-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T5-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T6-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T7-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T8-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T9-expected.txt:
      * http/tests/security/isolatedWorld/events.html:
      * http/tests/security/isolatedWorld/userGestureEvents.html:
      * svg/custom/resources/use-instanceRoot-event-listeners.js:
      * svg/custom/rgbcolor-syntax.svg:
      * svg/custom/use-instanceRoot-modifications.svg:
      * svg/custom/use-property-changes-through-svg-dom.svg:
      * webarchive/adopt-attribute-styled-body-webarchive-expected.webarchive:
      * webarchive/resources/adopt-attribute-styled-body-iframe.html:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75408 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7e6bd6d6
  13. 08 Jan, 2011 1 commit
  14. 09 Sep, 2009 1 commit
  15. 07 Apr, 2009 1 commit
  16. 30 Oct, 2008 1 commit
  17. 11 Aug, 2008 1 commit
  18. 21 May, 2008 1 commit
  19. 23 Feb, 2008 1 commit
    • ddkilzer@apple.com's avatar
      WebCore: · 267da135
      ddkilzer@apple.com authored
              Please clarify licensing for some files
              <http://bugs.webkit.org/show_bug.cgi?id=14970>
      
              Reviewed by Darin.
      
              * bindings/objc/WebScriptObject.h: Added Apple BSD-style license.
              * bindings/objc/WebScriptObjectPrivate.h: Ditto.
              * platform/text/mac/ShapeArabic.c: Added ICU license from WebCore/icu/LICENSE.
      
      WebKit/mac:
      
              Please clarify licensing for some files
              <http://bugs.webkit.org/show_bug.cgi?id=14970>
      
              Reviewed by Darin.
      
              * Plugins/WebNetscapeDeprecatedFunctions.c: Updated copyright statement
              and added Apple BSD-style license.
              * Plugins/WebNetscapeDeprecatedFunctions.h: Ditto.
      
      WebKitTools:
      
              Please clarify licensing for some files
              <http://bugs.webkit.org/show_bug.cgi?id=14970>
      
              Reviewed by Darin.
      
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.cpp: Added
              copyright statement.  Replaced license with newer Apple BSD-style license.
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.h: Ditto.
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.cpp: Ditto.
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.h: Ditto.
              * DumpRenderTree/TestNetscapePlugIn.subproj/main.cpp: Ditto.
              * DumpRenderTree/win/TestNetscapePlugin/main.c: Ditto.
              * mangleme/LICENSE: Added (LGPL).
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@30520 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      267da135
  20. 30 Mar, 2007 2 commits
    • andersca's avatar
      Reviewed by Geoff. · b5e193f8
      andersca authored
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.c:
              (testAllocate):
              (testEnumerate):
              Add casts.
              
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.h:
              Don't use #import, use #include.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20619 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b5e193f8
    • andersca's avatar
      JavaScriptCore: · 77d5e0d0
      andersca authored
              Reviewed by Geoff.
      
              Implement _NPN_Enumerate support.
              
              * JavaScriptCore.exp:
              * bindings/NP_jsobject.cpp:
              (_NPN_Enumerate):
              * bindings/c/c_instance.cpp:
              (KJS::Bindings::CInstance::getPropertyNames):
              * bindings/c/c_instance.h:
              * bindings/npapi.h:
              * bindings/npruntime.h:
              * bindings/npruntime_impl.h:
              * bindings/runtime.h:
              (KJS::Bindings::Instance::getPropertyNames):
              * bindings/runtime_object.cpp:
              (RuntimeObjectImp::getPropertyNames):
              * bindings/runtime_object.h:
              (KJS::RuntimeObjectImp::getInternalInstance):
      
      LayoutTests:
      
              Reviewed by Geoff.
      
              Add enumeration test.
              
              * plugins/netscape-enumerate-expected.txt: Added.
              * plugins/netscape-enumerate.html: Added.
      
      WebKit:
      
              Reviewed by Geoff.
      
              * Plugins/WebNetscapePluginPackage.m:
              (-[WebNetscapePluginPackage load]):
              Initialize pushpopupsenabledstate, poppopupsenabledstate and enumerate.
              
              * Plugins/npapi.m:
              (NPN_PushPopupsEnabledState):
              (NPN_PopPopupsEnabledState):
              Add stubs for these functions.
              
              * Plugins/npfunctions.h:
              Add new methods to NPNetscapeFuncs.
      
      WebKitTools:
      
              Reviewed by Geoff.
      
              * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
              Add TestObject.c and TestObject.h
              
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c:
              (pluginGetProperty):
              Implement the testObject property.
              
              (pluginInvoke):
              Implement testEnumerate which takes an object and an array and enumerates
              the properties of the object and adds them to the array.
              
              (pluginAllocate):
              Allocate the test object.
              
              (pluginDeallocate):
              Free the test object.
              
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.c: Added.
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.h: Added.
              Add a test object with two enumerable properties.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20613 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      77d5e0d0
  21. 29 Mar, 2007 1 commit
    • ggaren's avatar
      LayoutTests: · 2663f9a7
      ggaren authored
              Reviewed by Beth Dakin.
              
              Layout test for <rdar://problem/5091330> REGRESSION: Repro crash in 
              -[WebBaseNetscapePluginView(WebNPPCallbacks) destroyStream:reason:] 
              navigating away from page with DivX movie plug-in (13203)
      
              * plugins/destroy-stream-twice-expected.txt: Added.
              * plugins/destroy-stream-twice.html: Added.
      
      WebKit:
      
              Reviewed by Beth Dakin, reviewed by Maciej Stachowiak.
              
              Layout test for <rdar://problem/5091330> REGRESSION: Repro crash in 
              -[WebBaseNetscapePluginView(WebNPPCallbacks) destroyStream:reason:] 
              navigating away from page with DivX movie plug-in (13203)
              
              Changed LOG_ERROR to LOG so the layout test doesn't produce console spew
              every time you run it.
      
              * Plugins/WebBaseNetscapePluginView.mm:
              (-[WebBaseNetscapePluginView destroyStream:reason:]):
      
      WebKitTools:
      
              Reviewed by Beth Dakin.
              
              Layout test for <rdar://problem/5091330> REGRESSION: Repro crash in 
              -[WebBaseNetscapePluginView(WebNPPCallbacks) destroyStream:reason:] 
              navigating away from page with DivX movie plug-in (13203)
              
              Added hasStream property and destroyStream function, used by layout test.
      
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c:
              (pluginGetProperty):
              (pluginInvoke):
              (pluginAllocate):
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.h:
              * DumpRenderTree/TestNetscapePlugIn.subproj/main.c:
              (NPP_NewStream):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20597 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2663f9a7
  22. 05 Mar, 2007 1 commit
    • andersca's avatar
      LayoutTests: · 526c36f0
      andersca authored
              Reviewed by Adam, Darin.
      
              <rdar://problem/5025212>
              In Mail, a crash occurs at WebCore::Frame::tree() when clicking on embedded flash object
      
              * plugins/get-url-with-blank-target-expected.txt: Added.
              * plugins/get-url-with-blank-target.html: Added.
      
      WebKit:
      
              Reviewed by Adam, Darin.
       
              <rdar://problem/5025212>
              In Mail, a crash occurs at WebCore::Frame::tree() when clicking on embedded flash object
      
              * Plugins/WebBaseNetscapePluginView.mm:
              (-[WebBaseNetscapePluginView loadPluginRequest:]):
              Handle the case where the web view returned from the delegate method is null. Also, send out an error notification
              in that case so we can catch it.
      
      WebKitTools:
      
              Reviewed by Adam, Darin.
      
              <rdar://problem/5025212>
              In Mail, a crash occurs at WebCore::Frame::tree() when clicking on embedded flash object
              
              Add a "getURLNotify" method to the plugin object. This lets you pass a URL, a target and a callback function
              to be run when the URL has finished (or failed) loading.
              
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c:
              (pluginInvoke):
              (handleCallback):
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.h:
              * DumpRenderTree/TestNetscapePlugIn.subproj/main.c:
              (NPP_URLNotify):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@19966 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      526c36f0
  23. 06 Nov, 2006 1 commit
    • ap's avatar
      Reviewed by Maciej. · fdfb9d6f
      ap authored
              http://bugs.webkit.org/show_bug.cgi?id=11517
              REGRESSION: Flash clicks/interactivity not working properly
      
      WebCore:
              * bridge/mac/FrameMac.mm:
              (WebCore::FrameMac::handleMouseMoveEvent):
              (WebCore::FrameMac::handleMouseReleaseEvent):
              Restore parts of event dispatching that were removed when fixing
              bug 7323 - just bypass those for subframes.
      
      WebKitTools:
              Teach TestNetscapePlugin to log events passed to it. To enable, set eventLoggingEnabled to true:
      
              <embed name="plg" type="application/x-webkit-test-netscape" width=100 height=100></embed>
              <script>
                  plg.eventLoggingEnabled = true;
                  // use eventSender to simulate events...
              </script>
      
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c:
              (pluginGetProperty):
              (pluginSetProperty):
              (pluginAllocate):
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.h:
              * DumpRenderTree/TestNetscapePlugIn.subproj/main.c:
              (NPP_HandleEvent):
      
      LayoutTests:
              * plugins/mouse-events-expected.txt: Added.
              * plugins/mouse-events.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@17611 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fdfb9d6f
  24. 09 Mar, 2006 1 commit
    • darin's avatar
      Reviewed by John Sullivan. · 24fbf130
      darin authored
              - fix http://bugzilla.opendarwin.org/show_bug.cgi?id=7681
                memory leak in the plug-in tests
      
              * DumpRenderTree/TestNetscapePlugIn.subproj/main.c:
              (NPP_Destroy): Added code to release the plug-in object. This is the leak fix.
              (NPP_SetWindow): Remove unneeded code to store the window pointer.
      
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c:
              Moved the browser global in here since it's declared in this file's header.
              Changed the code to set up the pluginClass structure to not use function
              pointer casts. Those are dangerous because they can hide many types of mismatch.
              And indeed when I did this I discovered that many functions were missing their
              boolean return values or had parameter declarations with the wrong types.
              (pluginGetProperty): Use STRINGZ_TO_NPVARIANT macro for greater simplicity and
              clarity. Added boolean return value: return true when successful and false when not.
              (pluginSetProperty): Added boolean return value, return false since we have no
              properties we can set.
              (pluginInvoke): Added boolean return value. Return true when successful and false
              when not. Use NPVARIANT macros where appropriate. Added a missing release for the
              return value from calling the browser. Changed code to put the strings in malloc
              buffers instead of relying on GCC's extension that allows variable-sized arrays
              on the stack.
              (pluginInvokeDefault): Added boolean return value, return false since we have no
              default function to call.
              (pluginInvalidate): Added missing parameter. Removed comment.
              (pluginAllocate): Removed unneeded cast. This is C code, not C++, so you don't have
              to cast the result of malloc.
              (pluginDeallocate): Removed uneeded cast.
      
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.h: Removed some unneeded
              includes. Changed our PluginObject to use NPObject instead of re-declaring fields
              that match NPObject's fields. Removed unused NPWindow pointer.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@13233 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      24fbf130
  25. 05 Jan, 2006 1 commit
    • ggaren's avatar
      LayoutTests: · 7dd73f87
      ggaren authored
              Layout test for http://bugzilla.opendarwin.org/show_bug.cgi?id=6318
              REGRESSION: Repro crash in JS called from Flash on bdash.net.nz
      
              * fast/plugins/netscape-back-forward-expected.txt: Added.
              * fast/plugins/netscape-back-forward.html: Added.
              * fast/plugins/resources/go-back.html: Added.
      
      WebKit:
      
              Reviewed by Darin.
      
              - Fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=6361
              Add plugin support to DumpRenderTree
      
              * WebKit.exp: export WebPluginDatabase class, which DumpRenderTree
              needs to add plugins to the runtime.
      
      WebKitTools:
      
              Reviewed by darin.
      
              - Fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=6361
              Add plugin support to DumpRenderTree
      
              Also wrote first test plugin.
      
              * DumpRenderTree/DumpRenderTree.m:
              (main):
              (1) Put the WebView in an invisible window, because PlugIns are
              optimized not to load if there's no parent window.
              (2) Tell WebKit to load any PlugIns in the directory from which we
              loaded. This means we can build nasty PlugIns alongside DumpRenderTree
              and they'll load automagically during layout testing, but they won't be
              added to the user's system, hosing apps like Safari.
      
              * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj: Added new
              test PlugIn to project.
      
              PlugIn added to project:
      
              * DumpRenderTree/TestNetscapePlugIn.subproj/Info.plist: Added.
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c: Added.
              (getPluginClass):
              (initializeIdentifiers):
              (pluginHasProperty):
              (pluginHasMethod):
              (pluginGetProperty):
              (pluginSetProperty):
              (pluginInvoke):
              (pluginInvokeDefault):
              (pluginInvalidate):
              (pluginAllocate):
              (pluginDeallocate):
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.h: Added.
              * DumpRenderTree/TestNetscapePlugIn.subproj/main.c: Added.
              (NP_Initialize):
              (NP_GetEntryPoints):
              (NP_Shutdown):
              (NPP_New):
              (NPP_Destroy):
              (NPP_SetWindow):
              (NPP_NewStream):
              (NPP_DestroyStream):
              (NPP_WriteReady):
              (NPP_Write):
              (NPP_StreamAsFile):
              (NPP_Print):
              (NPP_HandleEvent):
              (NPP_URLNotify):
              (NPP_GetValue):
              (NPP_SetValue):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@11885 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7dd73f87