GitLab

https://bugs.webkit.org/show_bug.cgi?id=120912

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Add support for ES6 WeakMap.  Add the cluster of boilerplate
classes around the core WeakMapData class.

WeakMapData is a simple object->value hash table that uses a
combo of WeakReferenceHarvester to conditionally keep the weak
value reference live, and UnconditionalFinalizer to clean the
dead keys from the table post-GC.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::weakMapDataStructure):
* runtime/JSWeakMap.cpp: Added.
(JSC::JSWeakMap::finishCreation):
(JSC::JSWeakMap::visitChildren):
* runtime/JSWeakMap.h: Added.
(JSC::JSWeakMap::createStructure):
(JSC::JSWeakMap::create):
(JSC::JSWeakMap::weakMapData):
(JSC::JSWeakMap::JSWeakMap):
* runtime/WeakMapConstructor.cpp: Added.
(JSC::WeakMapConstructor::finishCreation):
(JSC::constructWeakMap):
(JSC::WeakMapConstructor::getConstructData):
(JSC::WeakMapConstructor::getCallData):
* runtime/WeakMapConstructor.h: Added.
(JSC::WeakMapConstructor::create):
(JSC::WeakMapConstructor::createStructure):
(JSC::WeakMapConstructor::WeakMapConstructor):
* runtime/WeakMapData.cpp: Added.
(JSC::WeakMapData::WeakMapData):
(JSC::WeakMapData::finishCreation):
(JSC::WeakMapData::destroy):
(JSC::WeakMapData::visitChildren):
(JSC::WeakMapData::set):
(JSC::WeakMapData::get):
(JSC::WeakMapData::remove):
(JSC::WeakMapData::contains):
(JSC::WeakMapData::clear):
(JSC::WeakMapData::DeadKeyCleaner::visitWeakReferences):
(JSC::WeakMapData::DeadKeyCleaner::finalizeUnconditionally):
* runtime/WeakMapData.h: Added.
(JSC::WeakMapData::create):
(JSC::WeakMapData::createStructure):
(JSC::WeakMapData::DeadKeyCleaner::DeadKeyCleaner):
* runtime/WeakMapPrototype.cpp: Added.
(JSC::WeakMapPrototype::finishCreation):
(JSC::getWeakMapData):
(JSC::protoFuncWeakMapClear):
(JSC::protoFuncWeakMapDelete):
(JSC::protoFuncWeakMapGet):
(JSC::protoFuncWeakMapHas):
(JSC::protoFuncWeakMapSet):
* runtime/WeakMapPrototype.h: Added.
(JSC::WeakMapPrototype::create):
(JSC::WeakMapPrototype::createStructure):
(JSC::WeakMapPrototype::WeakMapPrototype):

LayoutTests:

Basic tests.

* js/basic-weakmap-expected.txt: Added.
* js/basic-weakmap.html: Added.
* js/script-tests/basic-weakmap.js: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155473 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* GNUmakefile.list.am: Add the missing files to the build.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155180 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120697

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore: 

* API/JSCTestRunnerUtils.cpp:
(JSC::numberOfDFGCompiles):
(JSC::setNeverInline):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionNeverInlineFunction):
(functionNumberOfDFGCompiles):
* runtime/TestRunnerUtils.cpp: Added.
(JSC::getExecutable):
(JSC::numberOfDFGCompiles):
(JSC::setNeverInline):
* runtime/TestRunnerUtils.h: Added.

LayoutTests: 

* fast/js/resources/standalone-pre.js:
(testPassed):
(testFailed):
(dfgCompiled):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120706.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

Also did some minor refactoring:
- Renamed StackIterator::iterate() to StackVisitor::visit().
- Make StackVisitor::visit() a static method.
- Move the instantiation of the StackVisitor instance into StackVisitor::visit()
  from CallFrame::iterate().
- Removed StackIterator::resetIterator() and inline its body into the
  StackVisitor constructor since this is the only remaining caller of it.

* API/JSContextRef.cpp:
(BacktraceFunctor::operator()):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* interpreter/CallFrame.h:
(JSC::ExecState::iterate):
* interpreter/Interpreter.cpp:
(JSC::DumpRegisterFunctor::operator()):
(JSC::unwindCallFrame):
(JSC::getStackFrameCodeType):
(JSC::GetStackTraceFunctor::operator()):
(JSC::UnwindFunctor::operator()):
* interpreter/Interpreter.h:
* interpreter/StackIterator.cpp: Removed.
* interpreter/StackIterator.h: Removed.
* interpreter/StackVisitor.cpp: Copied from Source/JavaScriptCore/interpreter/StackIterator.cpp.
(JSC::StackVisitor::StackVisitor):
(JSC::StackVisitor::gotoNextFrame):
(JSC::StackVisitor::readFrame):
(JSC::StackVisitor::readNonInlinedFrame):
(JSC::StackVisitor::readInlinedFrame):
(JSC::StackVisitor::Frame::codeType):
(JSC::StackVisitor::Frame::functionName):
(JSC::StackVisitor::Frame::sourceURL):
(JSC::StackVisitor::Frame::toString):
(JSC::StackVisitor::Frame::arguments):
(JSC::StackVisitor::Frame::computeLineAndColumn):
(JSC::StackVisitor::Frame::retrieveExpressionInfo):
(JSC::StackVisitor::Frame::setToEnd):
(JSC::StackVisitor::Frame::print):
(DebugPrintFrameFunctor::operator()):
* interpreter/StackVisitor.h: Copied from Source/JavaScriptCore/interpreter/StackIterator.h.
(JSC::StackVisitor::visit):
* jsc.cpp:
(FunctionJSCStackFunctor::operator()):
* profiler/ProfileGenerator.cpp:
(JSC::AddParentForConsoleStartFunctor::operator()):
* runtime/JSFunction.cpp:
(JSC::RetrieveArgumentsFunctor::operator()):
(JSC::RetrieveCallerFunctionFunctor::operator()):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::GlobalFuncProtoGetterFunctor::operator()):
(JSC::GlobalFuncProtoSetterFunctor::operator()):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):

Source/WebCore: 

No new tests.

* ForwardingHeaders/interpreter/StackIterator.h: Removed.
* ForwardingHeaders/interpreter/StackVisitor.h: Copied from Source/WebCore/ForwardingHeaders/interpreter/StackIterator.h.
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::SendFunctor::operator()):
* bindings/js/ScriptCallStackFactory.cpp:
(WebCore::CreateScriptCallStackFunctor::operator()):
(WebCore::CreateScriptCallStackForConsoleFunctor::operator()):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=112838

Source/JavaScriptCore: 

Reviewed by Mark Hahnenberg.
        
This adds the ability for the DFG to tier-up into the FTL. This works in both
of the expected tier-up modes:
        
Replacement: frequently called functions eventually have their entrypoint
replaced with one that goes into FTL-compiled code. Note, this will be a
slow-down for now since we don't yet have LLVM calling convention integration.
        
OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
        
This means that if the DFG detects that a function is an FTL candidate, it
inserts execution counting code similar to the kind that the baseline JIT
would use. If you trip on a loop count in a loop header that is an OSR
candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
OSR almost always also implies future replacement.
        
OSR entry into the FTL is really cool. It uses a specialized FTL compile of
the code, where early in the DFG pipeline we replace the original root block
with an OSR entrypoint block that jumps to the pre-header of the hot loop.
The OSR entrypoint loads all live state at the loop pre-header using loads
from a scratch buffer, which gets populated by the runtime's OSR entry
preparation code (FTL::prepareOSREntry()). This approach appears to work well
with all of our subsequent optimizations, including prediction propagation,
CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
with concurrent compilation: when we hit the tier-up trigger we spawn a
compilation plan at the bytecode index from which we triggered; once the
compilation finishes the next trigger will try to enter, at that bytecode
index. If it can't - for example because the code has moved on to another
loop - then we just try again. Loops that get hot enough for OSR entry (about
25,000 iterations) will probably still be running when a concurrent compile
finishes, so this doesn't appear to be a big problem.
        
This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
get a bigger speed-up by adding some more intelligence and tweaking LLVM to
compile code faster. Those things will happen eventually but this is a good
start. Probably this code will see more tuning as we get more coverage in the
FTL JIT, but I'll worry about that in future patches.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::hasOptimizedReplacement):
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
* bytecode/CodeBlock.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDriver.cpp:
(JSC::DFG::compileImpl):
(JSC::DFG::compile):
* dfg/DFGDriver.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::killBlockAndItsContents):
(JSC::DFG::Graph::killUnreachableBlocks):
* dfg/DFGGraph.h:
* dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::initialize):
* dfg/DFGJITCode.cpp:
(JSC::DFG::JITCode::reconstruct):
(JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
(JSC::DFG::JITCode::optimizeNextInvocation):
(JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
(JSC::DFG::JITCode::optimizeAfterWarmUp):
(JSC::DFG::JITCode::optimizeSoon):
(JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
(JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
* dfg/DFGJITCode.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
(JSC::DFG::JITFinalizer::finalizeCommon):
* dfg/DFGLoopPreHeaderCreationPhase.cpp:
(JSC::DFG::createPreHeader):
(JSC::DFG::LoopPreHeaderCreationPhase::run):
* dfg/DFGLoopPreHeaderCreationPhase.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasUnlinkedLocal):
(JSC::DFG::Node::unlinkedLocal):
* dfg/DFGNodeType.h:
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntrypointCreationPhase.cpp: Added.
(JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
(JSC::DFG::OSREntrypointCreationPhase::run):
(JSC::DFG::performOSREntrypointCreation):
* dfg/DFGOSREntrypointCreationPhase.h: Added.
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPlan.h:
* dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
(JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
(JSC::DFG::TierUpCheckInjectionPhase::run):
(JSC::DFG::performTierUpCheckInjection):
* dfg/DFGTierUpCheckInjectionPhase.h: Added.
* dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
(JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
(JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
(JSC::DFG::ToFTLDeferredCompilationCallback::create):
(JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLDeferredCompilationCallback.h: Added.
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
* dfg/DFGWorklist.cpp:
(JSC::DFG::globalWorklist):
* dfg/DFGWorklist.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLCapabilities.h:
* ftl/FTLForOSREntryJITCode.cpp: Added.
(JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
(JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
(JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
(JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
* ftl/FTLForOSREntryJITCode.h: Added.
(JSC::FTL::ForOSREntryJITCode::entryBuffer):
(JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
(JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
(JSC::FTL::ForOSREntryJITCode::countEntryFailure):
(JSC::FTL::ForOSREntryJITCode::entryFailureCount):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
(JSC::FTL::LowerDFGToLLVM::compileGetLocal):
(JSC::FTL::LowerDFGToLLVM::addWeakReference):
* ftl/FTLOSREntry.cpp: Added.
(JSC::FTL::prepareOSREntry):
* ftl/FTLOSREntry.h: Added.
* ftl/FTLOutput.h:
(JSC::FTL::Output::crashNonTerminal):
(JSC::FTL::Output::crash):
* ftl/FTLState.cpp:
(JSC::FTL::State::State):
* interpreter/Register.h:
(JSC::Register::unboxedDouble):
* jit/JIT.cpp:
(JSC::JIT::emitEnterOptimizationCheck):
* jit/JITCode.cpp:
(JSC::JITCode::ftlForOSREntry):
* jit/JITCode.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
* runtime/Options.h:
* runtime/VM.cpp:
(JSC::VM::ensureWorklist):
* runtime/VM.h:

LayoutTests: 

Reviewed by Mark Hahnenberg.
        
Fix marsaglia to check the result instead of printing, and add a second
version that relies on OSR entry.

* fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
* fast/js/regress/marsaglia-osr-entry.html: Added.
* fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
(marsaglia):
* fast/js/regress/script-tests/marsaglia.js:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120567

Reviewed by Oliver Hunt.
        
This is a risky change from a performance standpoint, but I believe it's
necessary. This makes all CodeBlocks get swept by GC. Nobody but the GC
can delete CodeBlocks because the GC always holds a reference to them.
Once a CodeBlock reaches just one reference (i.e. the one from the GC)
then the GC will free it only if it's not on the stack.
        
This allows me to get rid of the jettisoning logic. We need this for FTL
tier-up. Well; we don't need it, but it will help prevent a lot of bugs.
Previously, if you wanted to to replace one code block with another, you
had to remember to tell the GC that the previous code block is
"jettisoned". We would need to do this when tiering up from DFG to FTL
and when dealing with DFG-to-FTL OSR entry code blocks. There are a lot
of permutations here - tiering up to the FTL, OSR entering into the FTL,
deciding that an OSR entry code block is not relevant anymore - just to
name a few. In each of these cases we'd have to jettison the previous
code block. It smells like a huge source of future bugs.
        
So I made jettisoning implicit by making the GC always watch out for a
CodeBlock being owned solely by the GC.
        
This change is performance neutral.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::jettison):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
(JSC::CodeBlockSet::mark):
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::CommonData):
* heap/CodeBlockSet.cpp: Added.
(JSC::CodeBlockSet::CodeBlockSet):
(JSC::CodeBlockSet::~CodeBlockSet):
(JSC::CodeBlockSet::add):
(JSC::CodeBlockSet::clearMarks):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
(JSC::CodeBlockSet::traceMarked):
* heap/CodeBlockSet.h: Added.
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::add):
* heap/ConservativeRoots.h:
* heap/DFGCodeBlocks.cpp: Removed.
* heap/DFGCodeBlocks.h: Removed.
* heap/Heap.cpp:
(JSC::Heap::markRoots):
(JSC::Heap::deleteAllCompiledCode):
(JSC::Heap::deleteUnmarkedCompiledCode):
* heap/Heap.h:
* interpreter/JSStack.cpp:
(JSC::JSStack::gatherConservativeRoots):
* interpreter/JSStack.h:
* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode):
* runtime/Executable.h:
* runtime/VM.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154986 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120549

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

We simply reuse the MapData type from JSMap making the
it much simpler.

* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/CommonIdentifiers.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::setStructure):
* runtime/JSSet.cpp: Added.
(JSC::JSSet::visitChildren):
(JSC::JSSet::finishCreation):
* runtime/JSSet.h: Added.
(JSC::JSSet::createStructure):
(JSC::JSSet::create):
(JSC::JSSet::mapData):
(JSC::JSSet::JSSet):
* runtime/SetConstructor.cpp: Added.
(JSC::SetConstructor::finishCreation):
(JSC::callSet):
(JSC::constructSet):
(JSC::SetConstructor::getConstructData):
(JSC::SetConstructor::getCallData):
* runtime/SetConstructor.h: Added.
(JSC::SetConstructor::create):
(JSC::SetConstructor::createStructure):
(JSC::SetConstructor::SetConstructor):
* runtime/SetPrototype.cpp: Added.
(JSC::SetPrototype::finishCreation):
(JSC::getMapData):
(JSC::setProtoFuncAdd):
(JSC::setProtoFuncClear):
(JSC::setProtoFuncDelete):
(JSC::setProtoFuncForEach):
(JSC::setProtoFuncHas):
(JSC::setProtoFuncSize):
* runtime/SetPrototype.h: Added.
(JSC::SetPrototype::create):
(JSC::SetPrototype::createStructure):
(JSC::SetPrototype::SetPrototype):

LayoutTests:

Add tests

* fast/js/basic-set-expected.txt: Added.
* fast/js/basic-set.html: Added.
* fast/js/script-tests/basic-set.js: Added.
(set new):
(otherString.string_appeared_here.set add):
(try.set forEach):
(set forEach):
(set gc):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120503

Reviewed by Geoffrey Garen.

Unreviewed build fix attempt for GTK, Qt Windows and CMake based ports.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* Target.pri:
* runtime/MapData.h:
(JSC::MapData::KeyType::KeyType):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154864 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120333

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Implement support for the ES6 Map type and related classes.

* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/CopyToken.h: Add a new token to track copying the backing store
* runtime/CommonIdentifiers.h: Add new identifiers
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
    Add new structures and prototypes

* runtime/JSMap.cpp: Added.
* runtime/JSMap.h: Added.
    New JSMap class to represent a Map instance

* runtime/MapConstructor.cpp: Added.
* runtime/MapConstructor.h: Added.
    The Map constructor

* runtime/MapData.cpp: Added.
* runtime/MapData.h: Added.
    The most interesting data structure.  The roughly corresponds
    to the ES6 notion of MapData.  It provides the core JSValue->JSValue
    map implementation.  We implement it using 2 hashtables and a flat
    table.  Due to the different semantics of string comparisons vs.
    all others we need have one map keyed by String and the other by
    generic JSValue.  The actual table is represented more or less
    exactly as described in the ES6 draft - a single contiguous list of
    key/value pairs.  The entire map could be achieved with just this
    table, however we need the HashMaps in order to maintain O(1) lookup.

    Deleted values are simply cleared as the draft says, however the
    implementation compacts the storage on copy as long as the are no
    active iterators.

* runtime/MapPrototype.cpp: Added.
* runtime/MapPrototype.h: Added.
    Implement Map prototype functions

* runtime/VM.cpp:
    Add new structures.

LayoutTests:

Tests

* fast/js/basic-map-expected.txt: Added.
* fast/js/basic-map.html: Added.
* fast/js/script-tests/basic-map.js: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154861 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120489

Reviewed by Geoffrey Garen.
        
If the baseline JIT hits an OSR entry trigger into the DFG and we already have a
DFG compilation but we've also started one or more FTL compilations, then we
shouldn't get confused. Previously we would have gotten confused because we would
see an in-process deferred compile (the FTL compile) and also an optimized
replacement (the DFG code).
        
If the baseline JIT hits an OSR entry trigger into the DFG and we previously
did two things in this order: triggered a tier-up compilation from the DFG into
the FTL, and then jettisoned the DFG code because it exited a bunch, then we
shouldn't be confused by the presence of an in-process deferred compile (the FTL
compile). Previously we would have waited for that compile to finish; but the more
sensible thing to do is to let it complete and then invalidate it, while at the
same time enqueueing a DFG compile to create a new, more valid, DFG code block.
        
If the DFG JIT hits a loop OSR entry trigger (into the FTL) and it has already
triggered an FTL compile for replacement, then it should fire off a second compile
instead of thinking that it can wait for that one to finish. Or vice-versa. We
need to allow for two FTL compiles to be enqueued at the same time (one for
replacement and one for OSR entry in a loop).
        
Then there's also the problem that DFG::compile() is almost certainly going to be
the hook for triggering both DFG compiles and the two kinds of FTL compiles, but
right now there is no way to tell it which one you want.
        
This fixes these problems and removes a bunch of potential confusion by making the
key for a compile in the DFG::Worklist be a CompilationMode (one of DFGMode,
FTLMode, or FTLForOSREntryMode). That mode is also passed to DFG::compile().
        
Awkwardly, this still leaves us in a no DFG->FTL tier-up situation - so
DFG::compile() is always passed DFGMode and then it might do an FTL compile if
possible. Fixing that is a bigger issue for a later changeset.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::checkIfOptimizationThresholdReached):
* dfg/DFGCompilationKey.cpp: Added.
(JSC::DFG::CompilationKey::dump):
* dfg/DFGCompilationKey.h: Added.
(JSC::DFG::CompilationKey::CompilationKey):
(JSC::DFG::CompilationKey::operator!):
(JSC::DFG::CompilationKey::isHashTableDeletedValue):
(JSC::DFG::CompilationKey::profiledBlock):
(JSC::DFG::CompilationKey::mode):
(JSC::DFG::CompilationKey::operator==):
(JSC::DFG::CompilationKey::hash):
(JSC::DFG::CompilationKeyHash::hash):
(JSC::DFG::CompilationKeyHash::equal):
* dfg/DFGCompilationMode.cpp: Added.
(WTF::printInternal):
* dfg/DFGCompilationMode.h: Added.
* dfg/DFGDriver.cpp:
(JSC::DFG::compileImpl):
(JSC::DFG::compile):
* dfg/DFGDriver.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::key):
* dfg/DFGPlan.h:
* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::enqueue):
(JSC::DFG::Worklist::compilationState):
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
(JSC::DFG::Worklist::runThread):
* dfg/DFGWorklist.h:
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154854 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120453

Reviewed by Oliver Hunt.
        
Instead of saying:
        
    codeBlock->prepareForExecution(stuff, BaselineJIT, more stuff)
        
we should just say:
        
    JIT::compile(stuff, codeBlock, more stuff);
        
And similarly for the LLInt and DFG.
        
This kills a bunch of code, since CodeBlock::prepareForExecution() is just a
wrapper that uses the JITType argument to call into the appropriate execution
engine, which is what the user wanted to do in the first place.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
* bytecode/CodeBlock.h:
* dfg/DFGDriver.cpp:
(JSC::DFG::compileImpl):
(JSC::DFG::compile):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGWorklist.cpp:
(JSC::DFG::globalWorklist):
* dfg/DFGWorklist.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JIT.h:
(JSC::JIT::compile):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* llint/LLIntEntrypoint.cpp: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.cpp.
(JSC::LLInt::setFunctionEntrypoint):
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):
(JSC::LLInt::setEntrypoint):
* llint/LLIntEntrypoint.h: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.h.
* llint/LLIntEntrypoints.cpp: Removed.
* llint/LLIntEntrypoints.h: Removed.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
* runtime/Executable.cpp:
(JSC::ScriptExecutable::prepareForExecutionImpl):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154833 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120326

Reviewed by Oliver Hunt.
        
Rolling r154804 back in after fixing no-LLInt build.
        
Previously Executable owned the code for generating JIT code; you always had
to go through Executable. But often you also had to go through CodeBlock,
because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
So you'd ask CodeBlock to do something, which would dispatch through a
virtual method that would select the appropriate Executable subtype's method.
This all meant that the same code would often be duplicated, because most of
the work needed to compile something was identical regardless of code type.
But then we tried to fix this, by having templatized helpers in
ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
out what happened when you asked for something to be compiled, you'd go on a
wild ride that started with CodeBlock, touched upon Executable, and then
ricocheted into either ExecutionHarness or JITDriver (likely both).
        
Another awkwardness was that for concurrent compiles, the DFG::Worklist had
super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
done once the compilation finished.
        
Also, most of the DFG JIT drivers assumed that they couldn't install the
JITCode into the CodeBlock directly - instead they would return it via a
reference, which happened to be a reference to the JITCode pointer in
Executable. This was super weird.
        
Finally, there was no notion of compiling code into a special CodeBlock that
wasn't used for handling calls into an Executable. I'd like this for FTL OSR
entry.
        
This patch solves these problems by reducing all of that complexity into just
three primitives:
        
- Executable::newCodeBlock(). This gives you a new code block, either for call
  or for construct, and either to serve as the baseline code or the optimized
  code. The new code block is then owned by the caller; Executable doesn't
  register it anywhere. The new code block has no JITCode and isn't callable,
  but it has all of the bytecode.
        
- CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
  produces a JITCode, and then installs the JITCode into the CodeBlock. This
  method takes a JITType, and always compiles with that JIT. If you ask for
  JITCode::InterpreterThunk then you'll get JITCode that just points to the
  LLInt entrypoints. Once this returns, it is possible to call into the
  CodeBlock if you do so manually - but the Executable still won't know about
  it so JS calls to that Executable will still be routed to whatever CodeBlock
  is associated with the Executable.
        
- Executable::installCode(). This takes a CodeBlock and makes it the code-for-
  entry for that Executable. This involves unlinking the Executable's last
  CodeBlock, if there was one. This also tells the GC about any effect on
  memory usage and does a bunch of weird data structure rewiring, since
  Executable caches some of CodeBlock's fields for the benefit of virtual call
  fast paths.
        
This functionality is then wrapped around three convenience methods:
        
- Executable::prepareForExecution(). If there is no code block for that
  Executable, then one is created (newCodeBlock()), compiled
  (CodeBlock::prepareForExecution()) and installed (installCode()).
        
- CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
  can serve as an optimized replacement of the current one.
        
- CodeBlock::install(). Asks the Executable to install this code block.
        
This patch allows me to kill *a lot* of code and to remove a lot of
specializations for functions vs. not-functions, and a lot of places where we
pass around JITCode references and such. ExecutionHarness and JITDriver are
both gone. Overall this patch has more red than green.
        
It also allows me to work on FTL OSR entry and tier-up:
        
- FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
  to do some compilation, but it will require the DFG::Worklist to do
  something different than what JITStubs.cpp would want, once the compilation
  finishes. This patch introduces a callback mechanism for that purpose.
        
- FTL OSR entry: this will involve creating a special auto-jettisoned
  CodeBlock that is used only for FTL OSR entry. The new set of primitives
  allows for this: Executable can vend you a fresh new CodeBlock, and you can
  ask that CodeBlock to compile itself with any JIT of your choosing. Or you
  can take that CodeBlock and compile it yourself. Previously the act of
  producing a CodeBlock-for-optimization and the act of compiling code for it
  were tightly coupled; now you can separate them and you can create such
  auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::unlinkIncomingCalls):
(JSC::CodeBlock::prepareForExecutionImpl):
(JSC::CodeBlock::prepareForExecution):
(JSC::CodeBlock::prepareForExecutionAsynchronously):
(JSC::CodeBlock::install):
(JSC::CodeBlock::newReplacement):
(JSC::FunctionCodeBlock::jettisonImpl):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::hasBaselineJITProfiling):
* bytecode/DeferredCompilationCallback.cpp: Added.
(JSC::DeferredCompilationCallback::DeferredCompilationCallback):
(JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
* bytecode/DeferredCompilationCallback.h: Added.
* dfg/DFGDriver.cpp:
(JSC::DFG::tryCompile):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
* dfg/DFGFailedFinalizer.cpp:
(JSC::DFG::FailedFinalizer::finalize):
(JSC::DFG::FailedFinalizer::finalizeFunction):
* dfg/DFGFailedFinalizer.h:
* dfg/DFGFinalizer.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGJITFinalizer.h:
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGOperations.cpp:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::notifyReady):
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
(JSC::DFG::Plan::finalizeAndNotifyCallback):
* dfg/DFGPlan.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
(JSC::DFG::Worklist::runThread):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalize):
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLJITFinalizer.h:
* heap/Heap.h:
(JSC::Heap::isDeferred):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* jit/JITDriver.h: Removed.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::jitCompileFor):
(JSC::lazyLinkFor):
* jit/JITToDFGDeferredCompilationCallback.cpp: Added.
(JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::create):
(JSC::JITToDFGDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
* jit/JITToDFGDeferredCompilationCallback.h: Added.
* llint/LLIntEntrypoints.cpp:
(JSC::LLInt::setFunctionEntrypoint):
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):
* llint/LLIntEntrypoints.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::setUpCall):
* runtime/ArrayPrototype.cpp:
(JSC::isNumericCompareFunction):
* runtime/CommonSlowPaths.cpp:
* runtime/CompilationResult.cpp:
(WTF::printInternal):
* runtime/CompilationResult.h:
* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
(JSC::ScriptExecutable::prepareForExecutionImpl):
* runtime/Executable.h:
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
(JSC::ExecutableBase::offsetOfNumParametersFor):
(JSC::ScriptExecutable::prepareForExecution):
(JSC::FunctionExecutable::jettisonOptimizedCodeFor):
* runtime/ExecutionHarness.h: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=119657.

Reviewed by Geoffrey Garen.

* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* interpreter/CallFrame.h:
- Removed references to StackIteratorPrivate.h.
* interpreter/StackIterator.cpp:
(JSC::StackIterator::numberOfFrames):
(JSC::StackIterator::gotoFrameAtIndex):
(JSC::StackIterator::gotoNextFrame):
(JSC::StackIterator::resetIterator):
(JSC::StackIterator::find):
(JSC::StackIterator::readFrame):
(JSC::StackIterator::readNonInlinedFrame):
- Reads in the current CallFrame's data for non-inlined frames.
(JSC::inlinedFrameOffset):
- Convenience function to compute the inlined frame offset based on the
  CodeOrigin. If the offset is 0, then we're looking at the physical frame.
  Otherwise, it's an inlined frame.
(JSC::StackIterator::readInlinedFrame):
- Determines the inlined frame's caller frame. Will read in the caller
  frame if it is also an inlined frame i.e. we haven't reached the
  outer most frame yet. Otherwise, will call readNonInlinedFrame() to
  read on the outer most frame.
  This is based on the old StackIterator::Frame::logicalFrame().
(JSC::StackIterator::updateFrame):
- Reads the data of the caller frame of the current one. This function
  is renamed and moved from the old StackIterator::Frame::logicalCallerFrame(),
  but is now simplified because it delegates to the readInlinedFrame()
  to get the caller for inlined frames.
(JSC::StackIterator::Frame::arguments):
- Fixed to use the inlined frame versions of Arguments::create() and
  Arguments::tearOff() when the frame is an inlined frame.
(JSC::StackIterator::Frame::print):
(debugPrintCallFrame):
(debugPrintStack):
- Because sometimes, we want to see the whole stack while debugging.
* interpreter/StackIterator.h:
(JSC::StackIterator::Frame::argumentCount):
(JSC::StackIterator::Frame::callerFrame):
(JSC::StackIterator::Frame::callee):
(JSC::StackIterator::Frame::scope):
(JSC::StackIterator::Frame::codeBlock):
(JSC::StackIterator::Frame::bytecodeOffset):
(JSC::StackIterator::Frame::inlinedFrameInfo):
(JSC::StackIterator::Frame::isJSFrame):
(JSC::StackIterator::Frame::isInlinedFrame):
(JSC::StackIterator::Frame::callFrame):
(JSC::StackIterator::Frame::Frame):
(JSC::StackIterator::Frame::~Frame):
- StackIterator::Frame now caches commonly used accessed values from
  the CallFrame. It still delegates argument queries to the CallFrame.
(JSC::StackIterator::operator*):
(JSC::StackIterator::operator->):
(JSC::StackIterator::operator!=):
(JSC::StackIterator::operator++):
(JSC::StackIterator::end):
(JSC::StackIterator::operator==):
* interpreter/StackIteratorPrivate.h: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154821 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/154804
https://bugs.webkit.org/show_bug.cgi?id=120477

Broke Windows build (assumes LLInt features not enabled on
this build) (Requested by bfulgham on #webkit).

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::linkIncomingCall):
(JSC::CodeBlock::unlinkIncomingCalls):
(JSC::CodeBlock::reoptimize):
(JSC::ProgramCodeBlock::replacement):
(JSC::EvalCodeBlock::replacement):
(JSC::FunctionCodeBlock::replacement):
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::FunctionCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::ProgramCodeBlock::jitCompileImpl):
(JSC::EvalCodeBlock::jitCompileImpl):
(JSC::FunctionCodeBlock::jitCompileImpl):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::jitType):
(JSC::CodeBlock::jitCompile):
* bytecode/DeferredCompilationCallback.cpp: Removed.
* bytecode/DeferredCompilationCallback.h: Removed.
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
(JSC::DFG::tryFinalizePlan):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
(JSC::DFG::tryFinalizePlan):
* dfg/DFGFailedFinalizer.cpp:
(JSC::DFG::FailedFinalizer::finalize):
(JSC::DFG::FailedFinalizer::finalizeFunction):
* dfg/DFGFailedFinalizer.h:
* dfg/DFGFinalizer.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGJITFinalizer.h:
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGOperations.cpp:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::finalize):
* dfg/DFGPlan.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
(JSC::DFG::Worklist::runThread):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalize):
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLJITFinalizer.h:
* heap/Heap.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* jit/JITDriver.h: Added.
(JSC::jitCompileIfAppropriateImpl):
(JSC::jitCompileFunctionIfAppropriateImpl):
(JSC::jitCompileIfAppropriate):
(JSC::jitCompileFunctionIfAppropriate):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::jitCompileFor):
(JSC::lazyLinkFor):
* jit/JITToDFGDeferredCompilationCallback.cpp: Removed.
* jit/JITToDFGDeferredCompilationCallback.h: Removed.
* llint/LLIntEntrypoints.cpp:
(JSC::LLInt::getFunctionEntrypoint):
(JSC::LLInt::getEvalEntrypoint):
(JSC::LLInt::getProgramEntrypoint):
* llint/LLIntEntrypoints.h:
(JSC::LLInt::getEntrypoint):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::setUpCall):
* runtime/ArrayPrototype.cpp:
(JSC::isNumericCompareFunction):
* runtime/CommonSlowPaths.cpp:
* runtime/CompilationResult.cpp:
(WTF::printInternal):
* runtime/CompilationResult.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::compileOptimized):
(JSC::EvalExecutable::jitCompile):
(JSC::EvalExecutable::compileInternal):
(JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
(JSC::ProgramExecutable::compileOptimized):
(JSC::ProgramExecutable::jitCompile):
(JSC::ProgramExecutable::compileInternal):
(JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::jitCompileForCall):
(JSC::FunctionExecutable::jitCompileForConstruct):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
(JSC::FunctionExecutable::compileForConstructInternal):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
* runtime/Executable.h:
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
(JSC::ExecutableBase::offsetOfNumParametersFor):
(JSC::ExecutableBase::catchRoutineFor):
(JSC::EvalExecutable::compile):
(JSC::ProgramExecutable::compile):
(JSC::FunctionExecutable::compileForCall):
(JSC::FunctionExecutable::compileForConstruct):
(JSC::FunctionExecutable::compileFor):
(JSC::FunctionExecutable::compileOptimizedFor):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
(JSC::FunctionExecutable::jitCompileFor):
* runtime/ExecutionHarness.h: Added.
(JSC::prepareForExecutionImpl):
(JSC::prepareFunctionForExecutionImpl):
(JSC::installOptimizedCode):
(JSC::prepareForExecution):
(JSC::prepareFunctionForExecution):
(JSC::replaceWithDeferredOptimizedCode):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120326

Reviewed by Oliver Hunt.
        
Previously Executable owned the code for generating JIT code; you always had
to go through Executable. But often you also had to go through CodeBlock,
because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
So you'd ask CodeBlock to do something, which would dispatch through a
virtual method that would select the appropriate Executable subtype's method.
This all meant that the same code would often be duplicated, because most of
the work needed to compile something was identical regardless of code type.
But then we tried to fix this, by having templatized helpers in
ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
out what happened when you asked for something to be compiled, you'd go on a
wild ride that started with CodeBlock, touched upon Executable, and then
ricocheted into either ExecutionHarness or JITDriver (likely both).
        
Another awkwardness was that for concurrent compiles, the DFG::Worklist had
super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
done once the compilation finished.
        
Also, most of the DFG JIT drivers assumed that they couldn't install the
JITCode into the CodeBlock directly - instead they would return it via a
reference, which happened to be a reference to the JITCode pointer in
Executable. This was super weird.
        
Finally, there was no notion of compiling code into a special CodeBlock that
wasn't used for handling calls into an Executable. I'd like this for FTL OSR
entry.
        
This patch solves these problems by reducing all of that complexity into just
three primitives:
        
- Executable::newCodeBlock(). This gives you a new code block, either for call
  or for construct, and either to serve as the baseline code or the optimized
  code. The new code block is then owned by the caller; Executable doesn't
  register it anywhere. The new code block has no JITCode and isn't callable,
  but it has all of the bytecode.
        
- CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
  produces a JITCode, and then installs the JITCode into the CodeBlock. This
  method takes a JITType, and always compiles with that JIT. If you ask for
  JITCode::InterpreterThunk then you'll get JITCode that just points to the
  LLInt entrypoints. Once this returns, it is possible to call into the
  CodeBlock if you do so manually - but the Executable still won't know about
  it so JS calls to that Executable will still be routed to whatever CodeBlock
  is associated with the Executable.
        
- Executable::installCode(). This takes a CodeBlock and makes it the code-for-
  entry for that Executable. This involves unlinking the Executable's last
  CodeBlock, if there was one. This also tells the GC about any effect on
  memory usage and does a bunch of weird data structure rewiring, since
  Executable caches some of CodeBlock's fields for the benefit of virtual call
  fast paths.
        
This functionality is then wrapped around three convenience methods:
        
- Executable::prepareForExecution(). If there is no code block for that
  Executable, then one is created (newCodeBlock()), compiled
  (CodeBlock::prepareForExecution()) and installed (installCode()).
        
- CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
  can serve as an optimized replacement of the current one.
        
- CodeBlock::install(). Asks the Executable to install this code block.
        
This patch allows me to kill *a lot* of code and to remove a lot of
specializations for functions vs. not-functions, and a lot of places where we
pass around JITCode references and such. ExecutionHarness and JITDriver are
both gone. Overall this patch has more red than green.
        
It also allows me to work on FTL OSR entry and tier-up:
        
- FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
  to do some compilation, but it will require the DFG::Worklist to do
  something different than what JITStubs.cpp would want, once the compilation
  finishes. This patch introduces a callback mechanism for that purpose.
        
- FTL OSR entry: this will involve creating a special auto-jettisoned
  CodeBlock that is used only for FTL OSR entry. The new set of primitives
  allows for this: Executable can vend you a fresh new CodeBlock, and you can
  ask that CodeBlock to compile itself with any JIT of your choosing. Or you
  can take that CodeBlock and compile it yourself. Previously the act of
  producing a CodeBlock-for-optimization and the act of compiling code for it
  were tightly coupled; now you can separate them and you can create such
  auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::prepareForExecution):
(JSC::CodeBlock::install):
(JSC::CodeBlock::newReplacement):
(JSC::FunctionCodeBlock::jettisonImpl):
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::hasBaselineJITProfiling):
* bytecode/DeferredCompilationCallback.cpp: Added.
(JSC::DeferredCompilationCallback::DeferredCompilationCallback):
(JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
* bytecode/DeferredCompilationCallback.h: Added.
* dfg/DFGDriver.cpp:
(JSC::DFG::tryCompile):
* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
* dfg/DFGFailedFinalizer.cpp:
(JSC::DFG::FailedFinalizer::finalize):
(JSC::DFG::FailedFinalizer::finalizeFunction):
* dfg/DFGFailedFinalizer.h:
* dfg/DFGFinalizer.h:
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGJITFinalizer.h:
* dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
* dfg/DFGOperations.cpp:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
(JSC::DFG::Plan::finalizeAndNotifyCallback):
* dfg/DFGPlan.h:
* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalize):
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLJITFinalizer.h:
* heap/Heap.h:
(JSC::Heap::isDeferred):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
* jit/JITDriver.h: Removed.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::jitCompileFor):
(JSC::lazyLinkFor):
* jit/JITToDFGDeferredCompilationCallback.cpp: Added.
(JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
(JSC::JITToDFGDeferredCompilationCallback::create):
(JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
* jit/JITToDFGDeferredCompilationCallback.h: Added.
* llint/LLIntEntrypoints.cpp:
(JSC::LLInt::setFunctionEntrypoint):
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):
* llint/LLIntEntrypoints.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::setUpCall):
* runtime/ArrayPrototype.cpp:
(JSC::isNumericCompareFunction):
* runtime/CommonSlowPaths.cpp:
* runtime/CompilationResult.cpp:
(WTF::printInternal):
* runtime/CompilationResult.h:
* runtime/Executable.cpp:
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
(JSC::ScriptExecutable::prepareForExecutionImpl):
* runtime/Executable.h:
(JSC::ScriptExecutable::prepareForExecution):
(JSC::FunctionExecutable::jettisonOptimizedCodeFor):
* runtime/ExecutionHarness.h: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154804 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120270

Reviewed by Filip Pizlo.

.: 

* Source/autotools/FindDependencies.m4: Disable FTL JIT if the JIT itself is disabled or if the C++ compiler
being used is not Clang. Check for llvm-config and use it to properly test for the LLVM >= 3.4 dependency.
* Source/autotools/PrintBuildConfiguration.m4: Print out the status of the FTL JIT support.
* Source/autotools/ReadCommandLineArguments.m4: Add a configuration flag for enabling the feature, defaulting
to 'no' used as the default value for now. This should switch to 'auto' at some point in future.
* Source/autotools/SetupAutoconfHeader.m4: Define ENABLE_FTL_JIT to a specific value if possible.
Also define HAVE_LLVM to 1 if the LLVM dependency was satisfied.

Source/JavaScriptCore: 

* GNUmakefile.am: Add LLVM_LIBS to the list of linker flags and LLVM_CFLAGS to the list of
compiler flags for the JSC library.
* GNUmakefile.list.am: Add the missing build targets.
* ftl/FTLAbbreviations.h: Include the <cstring> header and use std::strlen. This avoids compilation
failures when using the Clang compiler with the libstdc++ standard library.
(JSC::FTL::mdKindID):
(JSC::FTL::mdString):

Source/WTF: 

* wtf/Platform.h: Define ENABLE_FTL_JIT to the value of 1 for the GTK port if building for the x86-64
architecture with LLVM present and the define not being previously defined. This is applicable when
configuring the Automake build with '--enable-ftl-jit=auto'.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154747 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=120260

Reviewed by Darin Adler.

Source/JavaScriptCore: 

Add an initial implementation of Promises - http://dom.spec.whatwg.org/#promises.
- Despite Promises being defined in the DOM, the implementation is being put in JSC
  in preparation for the Promises eventually being defined in ECMAScript.

* CMakeLists.txt:
* DerivedSources.make:
* DerivedSources.pri:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
Add new files.

* jsc.cpp:
Update jsc's GlobalObjectMethodTable to stub out the new QueueTaskToEventLoop callback. This mean's
you can't quite use Promises with with the command line tool yet.
    
* interpreter/CallFrame.h:
(JSC::ExecState::promisePrototypeTable):
(JSC::ExecState::promiseConstructorTable):
(JSC::ExecState::promiseResolverPrototypeTable):
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:
Add supporting code for the new static lookup tables.

* runtime/CommonIdentifiers.h:
Add 3 new identifiers, "Promise", "PromiseResolver", and "then".

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
Add supporting code Promise and PromiseResolver's constructors and structures.

* runtime/JSGlobalObject.h:
(JSC::TaskContext::~TaskContext):
Add a new callback to the GlobalObjectMethodTable to post a task on the embedder's runloop.

(JSC::JSGlobalObject::promisePrototype):
(JSC::JSGlobalObject::promiseResolverPrototype):
(JSC::JSGlobalObject::promiseStructure):
(JSC::JSGlobalObject::promiseResolverStructure):
(JSC::JSGlobalObject::promiseCallbackStructure):
(JSC::JSGlobalObject::promiseWrapperCallbackStructure):
Add supporting code Promise and PromiseResolver's constructors and structures.

* runtime/JSPromise.cpp: Added.
* runtime/JSPromise.h: Added.
* runtime/JSPromiseCallback.cpp: Added.
* runtime/JSPromiseCallback.h: Added.
* runtime/JSPromiseConstructor.cpp: Added.
* runtime/JSPromiseConstructor.h: Added.
* runtime/JSPromisePrototype.cpp: Added.
* runtime/JSPromisePrototype.h: Added.
* runtime/JSPromiseResolver.cpp: Added.
* runtime/JSPromiseResolver.h: Added.
* runtime/JSPromiseResolverConstructor.cpp: Added.
* runtime/JSPromiseResolverConstructor.h: Added.
* runtime/JSPromiseResolverPrototype.cpp: Added.
* runtime/JSPromiseResolverPrototype.h: Added.
Add Promise implementation.

Source/WebCore: 

Add an initial implementation of Promises - http://dom.spec.whatwg.org/#promises.
- Despite Promises being defined in the DOM, the implementation is being put in JSC
  in preparation for the Promises eventually being defined in ECMAScript.

Tests: fast/js/Promise-already-fulfilled.html
       fast/js/Promise-already-rejected.html
       fast/js/Promise-already-resolved.html
       fast/js/Promise-catch-in-workers.html
       fast/js/Promise-catch.html
       fast/js/Promise-chain.html
       fast/js/Promise-exception.html
       fast/js/Promise-fulfill-in-workers.html
       fast/js/Promise-fulfill.html
       fast/js/Promise-init-in-workers.html
       fast/js/Promise-init.html
       fast/js/Promise-reject-in-workers.html
       fast/js/Promise-reject.html
       fast/js/Promise-resolve-chain.html
       fast/js/Promise-resolve-in-workers.html
       fast/js/Promise-resolve-with-then-exception.html
       fast/js/Promise-resolve-with-then-fulfill.html
       fast/js/Promise-resolve-with-then-reject.html
       fast/js/Promise-resolve.html
       fast/js/Promise-simple-fulfill-inside-callback.html
       fast/js/Promise-simple-fulfill.html
       fast/js/Promise-simple-in-workers.html
       fast/js/Promise-simple.html
       fast/js/Promise-static-fulfill.html
       fast/js/Promise-static-reject.html
       fast/js/Promise-static-resolve.html
       fast/js/Promise-then-in-workers.html
       fast/js/Promise-then-without-callbacks-in-workers.html
       fast/js/Promise-then-without-callbacks.html
       fast/js/Promise-then.html
       fast/js/Promise-types.html
       fast/js/Promise.html

* GNUmakefile.list.am:
* Target.pri:
* UseJSC.cmake:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSBindingsAllInOne.cpp:
Add new files.

* bindings/js/JSDOMGlobalObjectTask.cpp: Added.
(WebCore::JSGlobalObjectCallback::create):
(WebCore::JSGlobalObjectCallback::~JSGlobalObjectCallback):
(WebCore::JSGlobalObjectCallback::call):
(WebCore::JSGlobalObjectCallback::JSGlobalObjectCallback):
(WebCore::JSGlobalObjectTask::JSGlobalObjectTask):
(WebCore::JSGlobalObjectTask::~JSGlobalObjectTask):
(WebCore::JSGlobalObjectTask::performTask):
* bindings/js/JSDOMGlobalObjectTask.h: Added.
(WebCore::JSGlobalObjectTask::create):
Add a new task type to be used with the GlobalObjectMethodTable's new QueueTaskToEventLoop callback.

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::queueTaskToEventLoop):
* bindings/js/JSDOMWindowBase.h:
Implement the GlobalObjectMethodTable callback, QueueTaskToEventLoop. 

* bindings/js/JSMainThreadExecState.h:
All using JSMainThreadExecState as a simple RAII object.

* bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::JSWorkerGlobalScopeBase):
(WebCore::JSWorkerGlobalScopeBase::allowsAccessFrom):
(WebCore::JSWorkerGlobalScopeBase::supportsProfiling):
(WebCore::JSWorkerGlobalScopeBase::supportsRichSourceInfo):
(WebCore::JSWorkerGlobalScopeBase::shouldInterruptScript):
(WebCore::JSWorkerGlobalScopeBase::javaScriptExperimentsEnabled):
(WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
* bindings/js/JSWorkerGlobalScopeBase.h:
Add a GlobalObjectMethodTable and implement QueueTaskToEventLoop. Forward the other callbacks
to JSGlobalObject so they retain their existing behavior.

LayoutTests: 

Add tests adapted from the Mozilla and Blink projects.

* fast/js/Promise-already-fulfilled-expected.txt: Added.
* fast/js/Promise-already-fulfilled.html: Added.
* fast/js/Promise-already-rejected-expected.txt: Added.
* fast/js/Promise-already-rejected.html: Added.
* fast/js/Promise-already-resolved-expected.txt: Added.
* fast/js/Promise-already-resolved.html: Added.
* fast/js/Promise-catch-expected.txt: Added.
* fast/js/Promise-catch-in-workers-expected.txt: Added.
* fast/js/Promise-catch-in-workers.html: Added.
* fast/js/Promise-catch.html: Added.
* fast/js/Promise-chain-expected.txt: Added.
* fast/js/Promise-chain.html: Added.
* fast/js/Promise-exception-expected.txt: Added.
* fast/js/Promise-exception.html: Added.
* fast/js/Promise-expected.txt: Added.
* fast/js/Promise-fulfill-expected.txt: Added.
* fast/js/Promise-fulfill-in-workers-expected.txt: Added.
* fast/js/Promise-fulfill-in-workers.html: Added.
* fast/js/Promise-fulfill.html: Added.
* fast/js/Promise-init-expected.txt: Added.
* fast/js/Promise-init-in-workers-expected.txt: Added.
* fast/js/Promise-init-in-workers.html: Added.
* fast/js/Promise-init.html: Added.
* fast/js/Promise-reject-expected.txt: Added.
* fast/js/Promise-reject-in-workers-expected.txt: Added.
* fast/js/Promise-reject-in-workers.html: Added.
* fast/js/Promise-reject.html: Added.
* fast/js/Promise-resolve-chain-expected.txt: Added.
* fast/js/Promise-resolve-chain.html: Added.
* fast/js/Promise-resolve-expected.txt: Added.
* fast/js/Promise-resolve-in-workers-expected.txt: Added.
* fast/js/Promise-resolve-in-workers.html: Added.
* fast/js/Promise-resolve-with-then-exception-expected.txt: Added.
* fast/js/Promise-resolve-with-then-exception.html: Added.
* fast/js/Promise-resolve-with-then-fulfill-expected.txt: Added.
* fast/js/Promise-resolve-with-then-fulfill.html: Added.
* fast/js/Promise-resolve-with-then-reject-expected.txt: Added.
* fast/js/Promise-resolve-with-then-reject.html: Added.
* fast/js/Promise-resolve.html: Added.
* fast/js/Promise-simple-expected.txt: Added.
* fast/js/Promise-simple-fulfill-expected.txt: Added.
* fast/js/Promise-simple-fulfill-inside-callback-expected.txt: Added.
* fast/js/Promise-simple-fulfill-inside-callback.html: Added.
* fast/js/Promise-simple-fulfill.html: Added.
* fast/js/Promise-simple-in-workers-expected.txt: Added.
* fast/js/Promise-simple-in-workers.html: Added.
* fast/js/Promise-simple.html: Added.
* fast/js/Promise-static-fulfill-expected.txt: Added.
* fast/js/Promise-static-fulfill.html: Added.
* fast/js/Promise-static-reject-expected.txt: Added.
* fast/js/Promise-static-reject.html: Added.
* fast/js/Promise-static-resolve-expected.txt: Added.
* fast/js/Promise-static-resolve.html: Added.
* fast/js/Promise-then-expected.txt: Added.
* fast/js/Promise-then-in-workers-expected.txt: Added.
* fast/js/Promise-then-in-workers.html: Added.
* fast/js/Promise-then-without-callbacks-expected.txt: Added.
* fast/js/Promise-then-without-callbacks-in-workers-expected.txt: Added.
* fast/js/Promise-then-without-callbacks-in-workers.html: Added.
* fast/js/Promise-then-without-callbacks.html: Added.
* fast/js/Promise-then.html: Added.
* fast/js/Promise-types-expected.txt: Added.
* fast/js/Promise-types.html: Added.
* fast/js/Promise.html: Added.
* fast/js/resources/Promise-catch-in-workers.js: Added.
* fast/js/resources/Promise-fulfill-in-workers.js: Added.
* fast/js/resources/Promise-init-in-workers.js: Added.
* fast/js/resources/Promise-reject-in-workers.js: Added.
* fast/js/resources/Promise-resolve-in-workers.js: Added.
* fast/js/resources/Promise-simple-in-workers.js: Added.
* fast/js/resources/Promise-then-in-workers.js: Added.
* fast/js/resources/Promise-then-without-callbacks-in-workers.js: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154629 268f45cc-cd09-0410-ab3c-d52691b4dbfc

FloatTypedArrayAdaptor::toJSValue should almost certainly not use jsNumber() since that attempts int conversions
https://bugs.webkit.org/show_bug.cgi?id=120228

Source/JavaScriptCore: 

Reviewed by Oliver Hunt.
        
It turns out that there were three problems:
        
- Using jsNumber() meant that we were converting doubles to integers and then
  possibly back again whenever doing a set() between floating point arrays.
        
- Slow-path accesses to double typed arrays were slower than necessary because
  of the to-int conversion attempt.
        
- The use of JSValue as an intermediate for converting between differen types
  in typedArray.set() resulted in worse code than I had previously expected.
        
This patch solves the problem by using template double-dispatch to ensure that
that C++ compiler sees the simplest possible combination of casts between any
combination of typed array types, while still preserving JS and typed array
conversion semantics. Conversions are done as follows:
        
    SourceAdaptor::convertTo<TargetAdaptor>(value)
        
Internally, convertTo() calls one of three possible methods on TargetAdaptor,
with one method for each of int32_t, uint32_t, and double. This means that the
C++ compiler will at worst see a widening cast to one of those types followed
by a narrowing conversion (not necessarily a cast - may have clamping or the
JS toInt32() function).
        
This change doesn't just affect typedArray.set(); it also affects slow-path
accesses to typed arrays as well. This patch also adds a bunch of new test
coverage.
        
This change is a ~50% speed-up on typedArray.set() involving floating point
types.

* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/GenericTypedArrayView.h:
(JSC::GenericTypedArrayView::set):
* runtime/JSDataViewPrototype.cpp:
(JSC::setData):
* runtime/JSGenericTypedArrayView.h:
(JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
(JSC::JSGenericTypedArrayView::setIndexQuickly):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::::setWithSpecificType):
(JSC::::set):
* runtime/ToNativeFromValue.h: Added.
(JSC::toNativeFromValue):
* runtime/TypedArrayAdaptors.h:
(JSC::IntegralTypedArrayAdaptor::toJSValue):
(JSC::IntegralTypedArrayAdaptor::toDouble):
(JSC::IntegralTypedArrayAdaptor::toNativeFromInt32):
(JSC::IntegralTypedArrayAdaptor::toNativeFromUint32):
(JSC::IntegralTypedArrayAdaptor::toNativeFromDouble):
(JSC::IntegralTypedArrayAdaptor::convertTo):
(JSC::FloatTypedArrayAdaptor::toJSValue):
(JSC::FloatTypedArrayAdaptor::toDouble):
(JSC::FloatTypedArrayAdaptor::toNativeFromInt32):
(JSC::FloatTypedArrayAdaptor::toNativeFromUint32):
(JSC::FloatTypedArrayAdaptor::toNativeFromDouble):
(JSC::FloatTypedArrayAdaptor::convertTo):
(JSC::Uint8ClampedAdaptor::toJSValue):
(JSC::Uint8ClampedAdaptor::toDouble):
(JSC::Uint8ClampedAdaptor::toNativeFromInt32):
(JSC::Uint8ClampedAdaptor::toNativeFromUint32):
(JSC::Uint8ClampedAdaptor::toNativeFromDouble):
(JSC::Uint8ClampedAdaptor::convertTo):

LayoutTests: 

Reviewed by Oliver Hunt.
        
Add coverage for three things:
        
- Typed array accesses with corner-case values.
        
- Typed array set() (i.e. copy) between arrays of different types.
        
- Performance of typedArray.set() involving different types.
        
This required some changes to our test harnesses, since they previously
couldn't consistently do numerical array comparisons in a reliable way.

* fast/js/regress/Float32Array-to-Float64Array-set-expected.txt: Added.
* fast/js/regress/Float32Array-to-Float64Array-set.html: Added.
* fast/js/regress/Float64Array-to-Int16Array-set-expected.txt: Added.
* fast/js/regress/Float64Array-to-Int16Array-set.html: Added.
* fast/js/regress/Int16Array-to-Int32Array-set-expected.txt: Added.
* fast/js/regress/Int16Array-to-Int32Array-set.html: Added.
* fast/js/regress/script-tests/Float32Array-to-Float64Array-set.js: Added.
* fast/js/regress/script-tests/Float64Array-to-Int16Array-set.js: Added.
* fast/js/regress/script-tests/Int16Array-to-Int32Array-set.js: Added.
* fast/js/resources/js-test-pre.js:
(areNumbersEqual):
(areArraysEqual):
(isResultCorrect):
* fast/js/resources/standalone-pre.js:
(areNumbersEqual):
(areArraysEqual):
(isTypedArray):
(isResultCorrect):
(stringify):
(shouldBe):
* fast/js/script-tests/typed-array-access.js: Added.
(bitsToString):
(bitsToValue):
(valueToBits):
(roundTrip):
* fast/js/script-tests/typed-array-set-different-types.js: Added.
(MyRandom):
(.reference):
(.usingConstruct):
* fast/js/typed-array-access-expected.txt: Added.
* fast/js/typed-array-access.html: Added.
* fast/js/typed-array-set-different-types-expected.txt: Added.
* fast/js/typed-array-set-different-types.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154569 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Reviewed by Oliver Hunt.

The concurrent compilation thread should interact minimally with the Heap, including not
triggering WriteBarriers. This is a prerequisite for generational GC.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::addOrFindConstant):
(JSC::CodeBlock::findConstant):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addConstantLazily):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getJSConstantForValue):
(JSC::DFG::ByteCodeParser::constantUndefined):
(JSC::DFG::ByteCodeParser::constantNull):
(JSC::DFG::ByteCodeParser::one):
(JSC::DFG::ByteCodeParser::constantNaN):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::notifyCompilingStructureTransition):
* dfg/DFGCommonData.h:
* dfg/DFGDesiredTransitions.cpp: Added.
(JSC::DFG::DesiredTransition::DesiredTransition):
(JSC::DFG::DesiredTransition::reallyAdd):
(JSC::DFG::DesiredTransitions::DesiredTransitions):
(JSC::DFG::DesiredTransitions::~DesiredTransitions):
(JSC::DFG::DesiredTransitions::addLazily):
(JSC::DFG::DesiredTransitions::reallyAdd):
* dfg/DFGDesiredTransitions.h: Added.
* dfg/DFGDesiredWeakReferences.cpp: Added.
(JSC::DFG::DesiredWeakReferences::DesiredWeakReferences):
(JSC::DFG::DesiredWeakReferences::~DesiredWeakReferences):
(JSC::DFG::DesiredWeakReferences::addLazily):
(JSC::DFG::DesiredWeakReferences::reallyAdd):
* dfg/DFGDesiredWeakReferences.h: Added.
* dfg/DFGDesiredWriteBarriers.cpp: Added.
(JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
(JSC::DFG::DesiredWriteBarrier::trigger):
(JSC::DFG::DesiredWriteBarriers::DesiredWriteBarriers):
(JSC::DFG::DesiredWriteBarriers::~DesiredWriteBarriers):
(JSC::DFG::DesiredWriteBarriers::addImpl):
(JSC::DFG::DesiredWriteBarriers::trigger):
* dfg/DFGDesiredWriteBarriers.h: Added.
(JSC::DFG::DesiredWriteBarriers::add):
(JSC::DFG::initializeLazyWriteBarrier):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::truncateConstantToInt32):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::convertToConstant):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addWeakReference):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::reallyAdd):
* dfg/DFGPlan.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::set):
(JSC::WriteBarrier::WriteBarrier):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=119064

.: 

Reviewed by Oliver Hunt.

Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.

* Source/autotools/symbols.filter:

Source/JavaScriptCore: 

Reviewed by Oliver Hunt.
        
Typed arrays were previously deficient in several major ways:
        
- They were defined separately in WebCore and in the jsc shell. The two
  implementations were different, and the jsc shell one was basically wrong.
  The WebCore one was quite awful, also.
        
- Typed arrays were not visible to the JIT except through some weird hooks.
  For example, the JIT could not ask "what is the Structure that this typed
  array would have if I just allocated it from this global object". Also,
  it was difficult to wire any of the typed array intrinsics, because most
  of the functionality wasn't visible anywhere in JSC.
        
- Typed array allocation was brain-dead. Allocating a typed array involved
  two JS objects, two GC weak handles, and three malloc allocations.
        
- Neutering. It involved keeping tabs on all native views but not the view
  wrappers, even though the native views can autoneuter just by asking the
  buffer if it was neutered anytime you touch them; while the JS view
  wrappers are the ones that you really want to reach out to.
        
- Common case-ing. Most typed arrays have one buffer and one view, and
  usually nobody touches the buffer. Yet we created all of that stuff
  anyway, using data structures optimized for the case where you had a lot
  of views.
        
- Semantic goofs. Typed arrays should, in the future, behave like ES
  features rather than DOM features, for example when it comes to exceptions.
  Firefox already does this and I agree with them.
        
This patch cleanses our codebase of these sins:
        
- Typed arrays are almost entirely defined in JSC. Only the lifecycle
  management of native references to buffers is left to WebCore.
        
- Allocating a typed array requires either two GC allocations (a cell and a
  copied storage vector) or one GC allocation, a malloc allocation, and a
  weak handle (a cell and a malloc'd storage vector, plus a finalizer for the
  latter). The latter is only used for oversize arrays. Remember that before
  it was 7 allocations no matter what.
        
- Typed arrays require just 4 words of overhead: Structure*, Butterfly*,
  mode/length, void* vector. Before it was a lot more than that - remember,
  there were five additional objects that did absolutely nothing for anybody.
        
- Native views aren't tracked by the buffer, or by the wrappers. They are
  transient. In the future we'll probably switch to not even having them be
  malloc'd.
        
- Native array buffers have an efficient way of tracking all of their JS view
  wrappers, both for neutering, and for lifecycle management. The GC
  special-cases native array buffers. This saves a bunch of grief; for example
  it means that a JS view wrapper can refer to its buffer via the butterfly,
  which would be dead by the time we went to finalize.
        
- Typed array semantics now match Firefox, which also happens to be where the
  standards are going. The discussion on webkit-dev seemed to confirm that
  Chrome is also heading in this direction. This includes making
  Uint8ClampedArray not a subtype of Uint8Array, and getting rid of
  ArrayBufferView as a JS-visible construct.
        
This is up to a 10x speed-up on programs that allocate a lot of typed arrays.
It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for
further typed array optimizations in the JSC JITs, including inlining typed
array allocation, inlining more of the accessors, reducing the cost of type
checks, etc.
        
An additional property of this patch is that typed arrays are mostly
implemented using templates. This deduplicates a bunch of code, but does mean
that we need some hacks for exporting s_info's of template classes. See
JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly
low-impact compared to code duplication.
        
Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.

* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.list.am:
* JSCTypedArrayStubs.h: Removed.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/ByValInfo.h:
(JSC::hasOptimizableIndexingForClassInfo):
(JSC::jitArrayModeForClassInfo):
(JSC::typedArrayTypeForJITArrayMode):
* bytecode/SpeculatedType.cpp:
(JSC::speculationFromClassInfo):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::toTypedArrayType):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::typedArrayType):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
(JSC::DFG::SpeculativeJIT::compileGetArrayLength):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* heap/CopyToken.h:
* heap/DeferGC.h:
(JSC::DeferGCForAWhile::DeferGCForAWhile):
(JSC::DeferGCForAWhile::~DeferGCForAWhile):
* heap/GCIncomingRefCounted.h: Added.
(JSC::GCIncomingRefCounted::GCIncomingRefCounted):
(JSC::GCIncomingRefCounted::~GCIncomingRefCounted):
(JSC::GCIncomingRefCounted::numberOfIncomingReferences):
(JSC::GCIncomingRefCounted::incomingReferenceAt):
(JSC::GCIncomingRefCounted::singletonFlag):
(JSC::GCIncomingRefCounted::hasVectorOfCells):
(JSC::GCIncomingRefCounted::hasAnyIncoming):
(JSC::GCIncomingRefCounted::hasSingleton):
(JSC::GCIncomingRefCounted::singleton):
(JSC::GCIncomingRefCounted::vectorOfCells):
* heap/GCIncomingRefCountedInlines.h: Added.
(JSC::::addIncomingReference):
(JSC::::filterIncomingReferences):
* heap/GCIncomingRefCountedSet.h: Added.
(JSC::GCIncomingRefCountedSet::size):
* heap/GCIncomingRefCountedSetInlines.h: Added.
(JSC::::GCIncomingRefCountedSet):
(JSC::::~GCIncomingRefCountedSet):
(JSC::::addReference):
(JSC::::sweep):
(JSC::::removeAll):
(JSC::::removeDead):
* heap/Heap.cpp:
(JSC::Heap::addReference):
(JSC::Heap::extraSize):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::collect):
(JSC::Heap::decrementDeferralDepth):
(JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
* heap/Heap.h:
* interpreter/CallFrame.h:
(JSC::ExecState::dataViewTable):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::privateCompilePutByVal):
(JSC::JIT::emitIntTypedArrayGetByVal):
(JSC::JIT::emitFloatTypedArrayGetByVal):
(JSC::JIT::emitIntTypedArrayPutByVal):
(JSC::JIT::emitFloatTypedArrayPutByVal):
* jsc.cpp:
(GlobalObject::finishCreation):
* runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::transfer):
* runtime/ArrayBuffer.h:
(JSC::ArrayBuffer::createAdopted):
(JSC::ArrayBuffer::ArrayBuffer):
(JSC::ArrayBuffer::gcSizeEstimateInBytes):
(JSC::ArrayBuffer::pin):
(JSC::ArrayBuffer::unpin):
(JSC::ArrayBufferContents::tryAllocate):
* runtime/ArrayBufferView.cpp:
(JSC::ArrayBufferView::ArrayBufferView):
(JSC::ArrayBufferView::~ArrayBufferView):
(JSC::ArrayBufferView::setNeuterable):
* runtime/ArrayBufferView.h:
(JSC::ArrayBufferView::isNeutered):
(JSC::ArrayBufferView::buffer):
(JSC::ArrayBufferView::baseAddress):
(JSC::ArrayBufferView::byteOffset):
(JSC::ArrayBufferView::verifySubRange):
(JSC::ArrayBufferView::clampOffsetAndNumElements):
(JSC::ArrayBufferView::calculateOffsetAndLength):
* runtime/ClassInfo.h:
* runtime/CommonIdentifiers.h:
* runtime/DataView.cpp: Added.
(JSC::DataView::DataView):
(JSC::DataView::create):
(JSC::DataView::wrap):
* runtime/DataView.h: Added.
(JSC::DataView::byteLength):
(JSC::DataView::getType):
(JSC::DataView::get):
(JSC::DataView::set):
* runtime/Float32Array.h:
* runtime/Float64Array.h:
* runtime/GenericTypedArrayView.h: Added.
(JSC::GenericTypedArrayView::data):
(JSC::GenericTypedArrayView::set):
(JSC::GenericTypedArrayView::setRange):
(JSC::GenericTypedArrayView::zeroRange):
(JSC::GenericTypedArrayView::zeroFill):
(JSC::GenericTypedArrayView::length):
(JSC::GenericTypedArrayView::byteLength):
(JSC::GenericTypedArrayView::item):
(JSC::GenericTypedArrayView::checkInboundData):
(JSC::GenericTypedArrayView::getType):
* runtime/GenericTypedArrayViewInlines.h: Added.
(JSC::::GenericTypedArrayView):
(JSC::::create):
(JSC::::createUninitialized):
(JSC::::subarray):
(JSC::::wrap):
* runtime/IndexingHeader.h:
(JSC::IndexingHeader::arrayBuffer):
(JSC::IndexingHeader::setArrayBuffer):
* runtime/Int16Array.h:
* runtime/Int32Array.h:
* runtime/Int8Array.h:
* runtime/JSArrayBuffer.cpp: Added.
(JSC::JSArrayBuffer::JSArrayBuffer):
(JSC::JSArrayBuffer::finishCreation):
(JSC::JSArrayBuffer::create):
(JSC::JSArrayBuffer::createStructure):
(JSC::JSArrayBuffer::getOwnPropertySlot):
(JSC::JSArrayBuffer::getOwnPropertyDescriptor):
(JSC::JSArrayBuffer::put):
(JSC::JSArrayBuffer::defineOwnProperty):
(JSC::JSArrayBuffer::deleteProperty):
(JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):
* runtime/JSArrayBuffer.h: Added.
(JSC::JSArrayBuffer::impl):
(JSC::toArrayBuffer):
* runtime/JSArrayBufferConstructor.cpp: Added.
(JSC::JSArrayBufferConstructor::JSArrayBufferConstructor):
(JSC::JSArrayBufferConstructor::finishCreation):
(JSC::JSArrayBufferConstructor::create):
(JSC::JSArrayBufferConstructor::createStructure):
(JSC::constructArrayBuffer):
(JSC::JSArrayBufferConstructor::getConstructData):
(JSC::JSArrayBufferConstructor::getCallData):
* runtime/JSArrayBufferConstructor.h: Added.
* runtime/JSArrayBufferPrototype.cpp: Added.
(JSC::arrayBufferProtoFuncSlice):
(JSC::JSArrayBufferPrototype::JSArrayBufferPrototype):
(JSC::JSArrayBufferPrototype::finishCreation):
(JSC::JSArrayBufferPrototype::create):
(JSC::JSArrayBufferPrototype::createStructure):
* runtime/JSArrayBufferPrototype.h: Added.
* runtime/JSArrayBufferView.cpp: Added.
(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
(JSC::JSArrayBufferView::JSArrayBufferView):
(JSC::JSArrayBufferView::finishCreation):
(JSC::JSArrayBufferView::getOwnPropertySlot):
(JSC::JSArrayBufferView::getOwnPropertyDescriptor):
(JSC::JSArrayBufferView::put):
(JSC::JSArrayBufferView::defineOwnProperty):
(JSC::JSArrayBufferView::deleteProperty):
(JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
(JSC::JSArrayBufferView::finalize):
* runtime/JSArrayBufferView.h: Added.
(JSC::JSArrayBufferView::sizeOf):
(JSC::JSArrayBufferView::ConstructionContext::operator!):
(JSC::JSArrayBufferView::ConstructionContext::structure):
(JSC::JSArrayBufferView::ConstructionContext::vector):
(JSC::JSArrayBufferView::ConstructionContext::length):
(JSC::JSArrayBufferView::ConstructionContext::mode):
(JSC::JSArrayBufferView::ConstructionContext::butterfly):
(JSC::JSArrayBufferView::mode):
(JSC::JSArrayBufferView::vector):
(JSC::JSArrayBufferView::length):
(JSC::JSArrayBufferView::offsetOfVector):
(JSC::JSArrayBufferView::offsetOfLength):
(JSC::JSArrayBufferView::offsetOfMode):
* runtime/JSArrayBufferViewInlines.h: Added.
(JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary):
(JSC::JSArrayBufferView::buffer):
(JSC::JSArrayBufferView::impl):
(JSC::JSArrayBufferView::neuter):
(JSC::JSArrayBufferView::byteOffset):
* runtime/JSCell.cpp:
(JSC::JSCell::slowDownAndWasteMemory):
(JSC::JSCell::getTypedArrayImpl):
* runtime/JSCell.h:
* runtime/JSDataView.cpp: Added.
(JSC::JSDataView::JSDataView):
(JSC::JSDataView::create):
(JSC::JSDataView::createUninitialized):
(JSC::JSDataView::set):
(JSC::JSDataView::typedImpl):
(JSC::JSDataView::getOwnPropertySlot):
(JSC::JSDataView::getOwnPropertyDescriptor):
(JSC::JSDataView::slowDownAndWasteMemory):
(JSC::JSDataView::getTypedArrayImpl):
(JSC::JSDataView::createStructure):
* runtime/JSDataView.h: Added.
* runtime/JSDataViewPrototype.cpp: Added.
(JSC::JSDataViewPrototype::JSDataViewPrototype):
(JSC::JSDataViewPrototype::create):
(JSC::JSDataViewPrototype::createStructure):
(JSC::JSDataViewPrototype::getOwnPropertySlot):
(JSC::JSDataViewPrototype::getOwnPropertyDescriptor):
(JSC::getData):
(JSC::setData):
(JSC::dataViewProtoFuncGetInt8):
(JSC::dataViewProtoFuncGetInt16):
(JSC::dataViewProtoFuncGetInt32):
(JSC::dataViewProtoFuncGetUint8):
(JSC::dataViewProtoFuncGetUint16):
(JSC::dataViewProtoFuncGetUint32):
(JSC::dataViewProtoFuncGetFloat32):
(JSC::dataViewProtoFuncGetFloat64):
(JSC::dataViewProtoFuncSetInt8):
(JSC::dataViewProtoFuncSetInt16):
(JSC::dataViewProtoFuncSetInt32):
(JSC::dataViewProtoFuncSetUint8):
(JSC::dataViewProtoFuncSetUint16):
(JSC::dataViewProtoFuncSetUint32):
(JSC::dataViewProtoFuncSetFloat32):
(JSC::dataViewProtoFuncSetFloat64):
* runtime/JSDataViewPrototype.h: Added.
* runtime/JSFloat32Array.h: Added.
* runtime/JSFloat64Array.h: Added.
* runtime/JSGenericTypedArrayView.h: Added.
(JSC::JSGenericTypedArrayView::byteLength):
(JSC::JSGenericTypedArrayView::byteSize):
(JSC::JSGenericTypedArrayView::typedVector):
(JSC::JSGenericTypedArrayView::canGetIndexQuickly):
(JSC::JSGenericTypedArrayView::canSetIndexQuickly):
(JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue):
(JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble):
(JSC::JSGenericTypedArrayView::getIndexQuickly):
(JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue):
(JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
(JSC::JSGenericTypedArrayView::setIndexQuickly):
(JSC::JSGenericTypedArrayView::canAccessRangeQuickly):
(JSC::JSGenericTypedArrayView::typedImpl):
(JSC::JSGenericTypedArrayView::createStructure):
(JSC::JSGenericTypedArrayView::info):
(JSC::toNativeTypedView):
* runtime/JSGenericTypedArrayViewConstructor.h: Added.
* runtime/JSGenericTypedArrayViewConstructorInlines.h: Added.
(JSC::::JSGenericTypedArrayViewConstructor):
(JSC::::finishCreation):
(JSC::::create):
(JSC::::createStructure):
(JSC::constructGenericTypedArrayView):
(JSC::::getConstructData):
(JSC::::getCallData):
* runtime/JSGenericTypedArrayViewInlines.h: Added.
(JSC::::JSGenericTypedArrayView):
(JSC::::create):
(JSC::::createUninitialized):
(JSC::::validateRange):
(JSC::::setWithSpecificType):
(JSC::::set):
(JSC::::getOwnPropertySlot):
(JSC::::getOwnPropertyDescriptor):
(JSC::::put):
(JSC::::defineOwnProperty):
(JSC::::deleteProperty):
(JSC::::getOwnPropertySlotByIndex):
(JSC::::putByIndex):
(JSC::::deletePropertyByIndex):
(JSC::::getOwnNonIndexPropertyNames):
(JSC::::getOwnPropertyNames):
(JSC::::visitChildren):
(JSC::::copyBackingStore):
(JSC::::slowDownAndWasteMemory):
(JSC::::getTypedArrayImpl):
* runtime/JSGenericTypedArrayViewPrototype.h: Added.
* runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added.
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewProtoFuncSubarray):
(JSC::::JSGenericTypedArrayViewPrototype):
(JSC::::finishCreation):
(JSC::::create):
(JSC::::createStructure):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::arrayBufferPrototype):
(JSC::JSGlobalObject::arrayBufferStructure):
(JSC::JSGlobalObject::typedArrayStructure):
* runtime/JSInt16Array.h: Added.
* runtime/JSInt32Array.h: Added.
* runtime/JSInt8Array.h: Added.
* runtime/JSTypedArrayConstructors.cpp: Added.
* runtime/JSTypedArrayConstructors.h: Added.
* runtime/JSTypedArrayPrototypes.cpp: Added.
* runtime/JSTypedArrayPrototypes.h: Added.
* runtime/JSTypedArrays.cpp: Added.
* runtime/JSTypedArrays.h: Added.
* runtime/JSUint16Array.h: Added.
* runtime/JSUint32Array.h: Added.
* runtime/JSUint8Array.h: Added.
* runtime/JSUint8ClampedArray.h: Added.
* runtime/Operations.h:
* runtime/Options.h:
* runtime/SimpleTypedArrayController.cpp: Added.
(JSC::SimpleTypedArrayController::SimpleTypedArrayController):
(JSC::SimpleTypedArrayController::~SimpleTypedArrayController):
(JSC::SimpleTypedArrayController::toJS):
* runtime/SimpleTypedArrayController.h: Added.
* runtime/Structure.h:
(JSC::Structure::couldHaveIndexingHeader):
* runtime/StructureInlines.h:
(JSC::Structure::hasIndexingHeader):
* runtime/TypedArrayAdaptors.h: Added.
(JSC::IntegralTypedArrayAdaptor::toNative):
(JSC::IntegralTypedArrayAdaptor::toJSValue):
(JSC::IntegralTypedArrayAdaptor::toDouble):
(JSC::FloatTypedArrayAdaptor::toNative):
(JSC::FloatTypedArrayAdaptor::toJSValue):
(JSC::FloatTypedArrayAdaptor::toDouble):
(JSC::Uint8ClampedAdaptor::toNative):
(JSC::Uint8ClampedAdaptor::toJSValue):
(JSC::Uint8ClampedAdaptor::toDouble):
(JSC::Uint8ClampedAdaptor::clamp):
* runtime/TypedArrayController.cpp: Added.
(JSC::TypedArrayController::TypedArrayController):
(JSC::TypedArrayController::~TypedArrayController):
* runtime/TypedArrayController.h: Added.
* runtime/TypedArrayDescriptor.h: Removed.
* runtime/TypedArrayInlines.h: Added.
* runtime/TypedArrayType.cpp: Added.
(JSC::classInfoForType):
(WTF::printInternal):
* runtime/TypedArrayType.h: Added.
(JSC::toIndex):
(JSC::isTypedView):
(JSC::elementSize):
(JSC::isInt):
(JSC::isFloat):
(JSC::isSigned):
(JSC::isClamped):
* runtime/TypedArrays.h: Added.
* runtime/Uint16Array.h:
* runtime/Uint32Array.h:
* runtime/Uint8Array.h:
* runtime/Uint8ClampedArray.h:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:

Source/WebCore: 

Reviewed by Oliver Hunt.

Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a
client of them. There is only one layering violation: WebCore installs a
WebCoreTypedArrayController on VM, which makes the
ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default,
JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer
alive but if ArrayBuffer is kept alive from native code then the
JSArrayByffer may die. WebCoreTypedArrayController will keep the
JSArrayBuffer alive if the ArrayBuffer is in the opaque root set.
        
To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is
changed to make most references to wrappers refer to JSObject* rather than
JSDOMWrapper*.
        
Array buffer views are now transient; the JS array buffer view wrappers
don't own them or keep them alive. This required a bunch of changes to make
bindings code use RefPtr<ArrayBufferView> to hold onto their views.
        
Also there is a bunch of new code to make JSC-provided array buffers and
views obey the toJS/to<ClassName> idiom for wrapping and unwrapping.
        
Finally, the DataView API is now completely different: the JSDataView
provides the same user-visible JS API but using its own internal magic; the
C++ code that uses DataView now uses a rather different API that is not
aware of usual DOM semantics, since it's in JSC and not WebCore. It's
equally useful for all of WebCore's purposes, but some code had to change
to adapt the new conventions.
        
Some tests have been changed or rebased due to changes in behavior, that
bring us into conformance with where the standards are going and allow us to
match Firefox behavior.

Automake work and some additional GTK changes courtesy of
Zan Dobersek <zdobersek@igalia.com>.
        
Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>.

* CMakeLists.txt:
* DerivedSources.make:
* ForwardingHeaders/runtime/DataView.h: Added.
* ForwardingHeaders/runtime/JSArrayBuffer.h: Added.
* ForwardingHeaders/runtime/JSArrayBufferView.h: Added.
* ForwardingHeaders/runtime/JSDataView.h: Added.
* ForwardingHeaders/runtime/JSTypedArrays.h: Added.
* ForwardingHeaders/runtime/TypedArrayController.h: Added.
* ForwardingHeaders/runtime/TypedArrayInlines.h: Added.
* ForwardingHeaders/runtime/TypedArrays.h: Added.
* GNUmakefile.list.am:
* Modules/webaudio/RealtimeAnalyser.h:
* Target.pri:
* UseJSC.cmake:
* WebCore.exp.in:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/DOMWrapperWorld.h:
* bindings/js/JSArrayBufferCustom.cpp: Removed.
* bindings/js/JSArrayBufferViewHelper.h: Removed.
* bindings/js/JSAudioContextCustom.cpp:
* bindings/js/JSBindingsAllInOne.cpp:
* bindings/js/JSBlobCustom.cpp:
* bindings/js/JSCSSRuleCustom.cpp:
(WebCore::toJS):
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::toJS):
* bindings/js/JSCryptoCustom.cpp:
(WebCore::JSCrypto::getRandomValues):
* bindings/js/JSDOMBinding.h:
(WebCore::wrapperOwner):
(WebCore::wrapperContext):
(WebCore::getInlineCachedWrapper):
(WebCore::setInlineCachedWrapper):
(WebCore::clearInlineCachedWrapper):
(WebCore::getCachedWrapper):
(WebCore::cacheWrapper):
(WebCore::uncacheWrapper):
(WebCore::wrap):
(WebCore::toJS):
(WebCore::toArrayBufferView):
(WebCore::toInt8Array):
(WebCore::toInt16Array):
(WebCore::toInt32Array):
(WebCore::toUint8Array):
(WebCore::toUint8ClampedArray):
(WebCore::toUint16Array):
(WebCore::toUint32Array):
(WebCore::toFloat32Array):
(WebCore::toFloat64Array):
(WebCore::toDataView):
* bindings/js/JSDataViewCustom.cpp: Removed.
* bindings/js/JSDictionary.cpp:
* bindings/js/JSDictionary.h:
* bindings/js/JSDocumentCustom.cpp:
(WebCore::JSDocument::location):
(WebCore::toJS):
* bindings/js/JSEventCustom.cpp:
(WebCore::toJS):
* bindings/js/JSFileReaderCustom.cpp:
* bindings/js/JSHTMLCollectionCustom.cpp:
(WebCore::toJS):
* bindings/js/JSHTMLTemplateElementCustom.cpp:
(WebCore::JSHTMLTemplateElement::content):
* bindings/js/JSImageDataCustom.cpp:
(WebCore::toJS):
* bindings/js/JSInjectedScriptHostCustom.cpp:
* bindings/js/JSMessageEventCustom.cpp:
* bindings/js/JSMessagePortCustom.cpp:
* bindings/js/JSSVGPathSegCustom.cpp:
(WebCore::toJS):
* bindings/js/JSStyleSheetCustom.cpp:
(WebCore::toJS):
* bindings/js/JSTrackCustom.cpp:
(WebCore::toJS):
* bindings/js/JSWebGLRenderingContextCustom.cpp:
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::send):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::transferArrayBuffers):
* bindings/js/WebCoreJSClientData.h:
(WebCore::initNormalWorldClientData):
* bindings/js/WebCoreTypedArrayController.cpp: Added.
(WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController):
(WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController):
(WebCore::WebCoreTypedArrayController::toJS):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
* bindings/js/WebCoreTypedArrayController.h: Added.
(WebCore::WebCoreTypedArrayController::wrapperOwner):
* bindings/scripts/CodeGenerator.pm:
(ForAllParents):
(ParseInterface):
(SkipIncludeHeader):
(IsTypedArrayType):
(IsWrapperType):
* bindings/scripts/CodeGeneratorJS.pm:
(AddIncludesForType):
(GenerateHeader):
(GenerateImplementation):
(GenerateParametersCheck):
(GetNativeType):
(JSValueToNative):
(NativeToJSValue):
(GenerateConstructorDefinition):
(GenerateConstructorHelperMethods):
* fileapi/WebKitBlobBuilder.cpp:
(WebCore::BlobBuilder::append):
* fileapi/WebKitBlobBuilder.h:
* html/canvas/ArrayBuffer.idl: Removed.
* html/canvas/ArrayBufferView.idl: Removed.
* html/canvas/DataView.cpp: Removed.
* html/canvas/DataView.h: Removed.
* html/canvas/DataView.idl: Removed.
* html/canvas/Float32Array.idl: Removed.
* html/canvas/Float64Array.idl: Removed.
* html/canvas/Int16Array.idl: Removed.
* html/canvas/Int32Array.idl: Removed.
* html/canvas/Int8Array.idl: Removed.
* html/canvas/Uint16Array.idl: Removed.
* html/canvas/Uint32Array.idl: Removed.
* html/canvas/Uint8Array.idl: Removed.
* html/canvas/Uint8ClampedArray.idl: Removed.
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::readPixels):
(WebCore::WebGLRenderingContext::validateTexFuncData):
* page/Crypto.cpp:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource):
(WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData):
* platform/graphics/filters/FECustomFilter.h:
* platform/graphics/filters/FEGaussianBlur.cpp:
* platform/graphics/filters/FilterEffect.cpp:
* testing/MockCDM.cpp:

Source/WebKit2: 

Reviewed by Oliver Hunt.
        
You don't need to include JSUint8Array anymore if you just want to
unwrap one; JSDOMBinding gives you all of the things you need.

* WebProcess/InjectedBundle/InjectedBundle.cpp:

Source/WTF: 

Reviewed by Oliver Hunt.
        
- Added the notion of a reference counted object that can be marked Deferred,
  which is like a special-purpose upref.
        
- Added a common byte flipper.

Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.

* GNUmakefile.list.am:
* WTF.xcodeproj/project.pbxproj:
* wtf/DeferrableRefCounted.h: Added.
(WTF::DeferrableRefCountedBase::ref):
(WTF::DeferrableRefCountedBase::hasOneRef):
(WTF::DeferrableRefCountedBase::refCount):
(WTF::DeferrableRefCountedBase::isDeferred):
(WTF::DeferrableRefCountedBase::DeferrableRefCountedBase):
(WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase):
(WTF::DeferrableRefCountedBase::derefBase):
(WTF::DeferrableRefCountedBase::setIsDeferredBase):
(WTF::DeferrableRefCounted::deref):
(WTF::DeferrableRefCounted::setIsDeferred):
(WTF::DeferrableRefCounted::DeferrableRefCounted):
(WTF::DeferrableRefCounted::~DeferrableRefCounted):
* wtf/FlipBytes.h: Added.
(WTF::needToFlipBytesIfLittleEndian):
(WTF::flipBytes):
(WTF::flipBytesIfLittleEndian):

LayoutTests: 

Reviewed by Oliver Hunt.

* fast/canvas/webgl/array-set-invalid-arguments-expected.txt:
* fast/canvas/webgl/array-set-out-of-bounds-expected.txt:
* fast/canvas/webgl/array-unit-tests-expected.txt:
* fast/canvas/webgl/array-unit-tests.html:
* fast/canvas/webgl/data-view-crash-expected.txt:
* fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js:
(checkView):
* fast/dom/call-a-constructor-as-a-function-expected.txt:
* fast/dom/call-a-constructor-as-a-function.html:
* fast/js/constructor-length.html:
* fast/js/global-constructors-attributes-dedicated-worker-expected.txt:
* fast/js/global-constructors-attributes-expected.txt:
* fast/js/global-constructors-attributes-shared-worker-expected.txt:
* fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added.
* fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added.
* fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added.
* fast/js/regress/Int32Array-alloc-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-huge-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added.
* fast/js/regress/Int32Array-alloc-huge.html: Added.
* fast/js/regress/Int32Array-alloc-large-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-large-long-lived.html: Added.
* fast/js/regress/Int32Array-alloc-large.html: Added.
* fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-long-lived.html: Added.
* fast/js/regress/Int32Array-alloc.html: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added.
* fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-large.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc.js: Added.
* platform/mac/fast/js/constructor-length-expected.txt:
* webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html:
* webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=119489

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Move TypedArray implementation into JSC in advance of re-implementation

* GNUmakefile.list.am:
* JSCTypedArrayStubs.h:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/ArrayBuffer.cpp: Renamed from Source/WTF/wtf/ArrayBuffer.cpp.
(JSC::ArrayBuffer::transfer):
(JSC::ArrayBuffer::addView):
(JSC::ArrayBuffer::removeView):
* runtime/ArrayBuffer.h: Renamed from Source/WTF/wtf/ArrayBuffer.h.
(JSC::ArrayBufferContents::ArrayBufferContents):
(JSC::ArrayBufferContents::data):
(JSC::ArrayBufferContents::sizeInBytes):
(JSC::ArrayBufferContents::transfer):
(JSC::ArrayBufferContents::copyTo):
(JSC::ArrayBuffer::isNeutered):
(JSC::ArrayBuffer::~ArrayBuffer):
(JSC::ArrayBuffer::clampValue):
(JSC::ArrayBuffer::create):
(JSC::ArrayBuffer::createUninitialized):
(JSC::ArrayBuffer::ArrayBuffer):
(JSC::ArrayBuffer::data):
(JSC::ArrayBuffer::byteLength):
(JSC::ArrayBuffer::slice):
(JSC::ArrayBuffer::sliceImpl):
(JSC::ArrayBuffer::clampIndex):
(JSC::ArrayBufferContents::tryAllocate):
(JSC::ArrayBufferContents::~ArrayBufferContents):
* runtime/ArrayBufferView.cpp: Renamed from Source/WTF/wtf/ArrayBufferView.cpp.
(JSC::ArrayBufferView::ArrayBufferView):
(JSC::ArrayBufferView::~ArrayBufferView):
(JSC::ArrayBufferView::neuter):
* runtime/ArrayBufferView.h: Renamed from Source/WTF/wtf/ArrayBufferView.h.
(JSC::ArrayBufferView::buffer):
(JSC::ArrayBufferView::baseAddress):
(JSC::ArrayBufferView::byteOffset):
(JSC::ArrayBufferView::setNeuterable):
(JSC::ArrayBufferView::isNeuterable):
(JSC::ArrayBufferView::verifySubRange):
(JSC::ArrayBufferView::clampOffsetAndNumElements):
(JSC::ArrayBufferView::setImpl):
(JSC::ArrayBufferView::setRangeImpl):
(JSC::ArrayBufferView::zeroRangeImpl):
(JSC::ArrayBufferView::calculateOffsetAndLength):
* runtime/Float32Array.h: Renamed from Source/WTF/wtf/Float32Array.h.
(JSC::Float32Array::set):
(JSC::Float32Array::getType):
(JSC::Float32Array::create):
(JSC::Float32Array::createUninitialized):
(JSC::Float32Array::Float32Array):
(JSC::Float32Array::subarray):
* runtime/Float64Array.h: Renamed from Source/WTF/wtf/Float64Array.h.
(JSC::Float64Array::set):
(JSC::Float64Array::getType):
(JSC::Float64Array::create):
(JSC::Float64Array::createUninitialized):
(JSC::Float64Array::Float64Array):
(JSC::Float64Array::subarray):
* runtime/Int16Array.h: Renamed from Source/WTF/wtf/Int16Array.h.
(JSC::Int16Array::getType):
(JSC::Int16Array::create):
(JSC::Int16Array::createUninitialized):
(JSC::Int16Array::Int16Array):
(JSC::Int16Array::subarray):
* runtime/Int32Array.h: Renamed from Source/WTF/wtf/Int32Array.h.
(JSC::Int32Array::getType):
(JSC::Int32Array::create):
(JSC::Int32Array::createUninitialized):
(JSC::Int32Array::Int32Array):
(JSC::Int32Array::subarray):
* runtime/Int8Array.h: Renamed from Source/WTF/wtf/Int8Array.h.
(JSC::Int8Array::getType):
(JSC::Int8Array::create):
(JSC::Int8Array::createUninitialized):
(JSC::Int8Array::Int8Array):
(JSC::Int8Array::subarray):
* runtime/IntegralTypedArrayBase.h: Renamed from Source/WTF/wtf/IntegralTypedArrayBase.h.
(JSC::IntegralTypedArrayBase::set):
(JSC::IntegralTypedArrayBase::IntegralTypedArrayBase):
* runtime/TypedArrayBase.h: Renamed from Source/WTF/wtf/TypedArrayBase.h.
(JSC::TypedArrayBase::data):
(JSC::TypedArrayBase::set):
(JSC::TypedArrayBase::setRange):
(JSC::TypedArrayBase::zeroRange):
(JSC::TypedArrayBase::length):
(JSC::TypedArrayBase::byteLength):
(JSC::TypedArrayBase::item):
(JSC::TypedArrayBase::checkInboundData):
(JSC::TypedArrayBase::TypedArrayBase):
(JSC::TypedArrayBase::create):
(JSC::TypedArrayBase::createUninitialized):
(JSC::TypedArrayBase::subarrayImpl):
(JSC::TypedArrayBase::neuter):
* runtime/Uint16Array.h: Renamed from Source/WTF/wtf/Uint16Array.h.
(JSC::Uint16Array::getType):
(JSC::Uint16Array::create):
(JSC::Uint16Array::createUninitialized):
(JSC::Uint16Array::Uint16Array):
(JSC::Uint16Array::subarray):
* runtime/Uint32Array.h: Renamed from Source/WTF/wtf/Uint32Array.h.
(JSC::Uint32Array::getType):
(JSC::Uint32Array::create):
(JSC::Uint32Array::createUninitialized):
(JSC::Uint32Array::Uint32Array):
(JSC::Uint32Array::subarray):
* runtime/Uint8Array.h: Renamed from Source/WTF/wtf/Uint8Array.h.
(JSC::Uint8Array::getType):
(JSC::Uint8Array::create):
(JSC::Uint8Array::createUninitialized):
(JSC::Uint8Array::Uint8Array):
(JSC::Uint8Array::subarray):
* runtime/Uint8ClampedArray.h: Renamed from Source/WTF/wtf/Uint8ClampedArray.h.
(JSC::Uint8ClampedArray::getType):
(JSC::Uint8ClampedArray::create):
(JSC::Uint8ClampedArray::createUninitialized):
(JSC::Uint8ClampedArray::zeroFill):
(JSC::Uint8ClampedArray::set):
(JSC::Uint8ClampedArray::Uint8ClampedArray):
(JSC::Uint8ClampedArray::subarray):
* runtime/VM.h:

Source/WebCore:

Update WebCore for new location of TypedArray implementation.

* ForwardingHeaders/runtime/ArrayBuffer.h: Added.
* ForwardingHeaders/runtime/ArrayBufferView.h: Added.
* ForwardingHeaders/runtime/Float32Array.h: Added.
* ForwardingHeaders/runtime/Float64Array.h: Added.
* ForwardingHeaders/runtime/Int16Array.h: Added.
* ForwardingHeaders/runtime/Int32Array.h: Added.
* ForwardingHeaders/runtime/Int8Array.h: Added.
* ForwardingHeaders/runtime/IntegralTypedArrayBase.h: Added.
* ForwardingHeaders/runtime/TypedArrayBase.h: Added.
* ForwardingHeaders/runtime/Uint16Array.h: Added.
* ForwardingHeaders/runtime/Uint32Array.h: Added.
* ForwardingHeaders/runtime/Uint8Array.h: Added.
* ForwardingHeaders/runtime/Uint8ClampedArray.h: Added.
* Modules/webaudio/AnalyserNode.h:
(WebCore::AnalyserNode::getFloatFrequencyData):
(WebCore::AnalyserNode::getByteFrequencyData):
(WebCore::AnalyserNode::getByteTimeDomainData):
* Modules/webaudio/AsyncAudioDecoder.cpp:
* Modules/webaudio/AsyncAudioDecoder.h:
(WebCore::AsyncAudioDecoder::DecodingTask::audioData):
* Modules/webaudio/AudioBuffer.h:
* Modules/webaudio/AudioContext.cpp:
* Modules/webaudio/AudioParam.h:
* Modules/webaudio/AudioParamTimeline.h:
* Modules/webaudio/PeriodicWave.h:
* Modules/webaudio/RealtimeAnalyser.cpp:
* Modules/webaudio/RealtimeAnalyser.h:
* Modules/webaudio/ScriptProcessorNode.cpp:
* Modules/webaudio/WaveShaperProcessor.h:
* Modules/websockets/ThreadableWebSocketChannel.h:
* Modules/websockets/WebSocket.cpp:
* Modules/websockets/WebSocket.h:
* Modules/websockets/WebSocketChannel.cpp:
* Modules/websockets/WebSocketChannel.h:
* Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
* Modules/websockets/WorkerThreadableWebSocketChannel.h:
* WebCore.exp.in:
* bindings/js/JSArrayBufferCustom.cpp:
* bindings/js/JSArrayBufferViewHelper.h:
* bindings/js/JSAudioContextCustom.cpp:
* bindings/js/JSCryptoCustom.cpp:
* bindings/js/JSDictionary.h:
* bindings/js/JSFileReaderCustom.cpp:
* bindings/js/JSWebGLRenderingContextCustom.cpp:
* bindings/js/JSXMLHttpRequestCustom.cpp:
* bindings/js/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::transferArrayBuffers):
* bindings/js/SerializedScriptValue.h:
* bindings/scripts/CodeGeneratorJS.pm:
(AddIncludesForType):
(GenerateHeader):
(NativeToJSValue):
* dom/MessageEvent.h:
* fileapi/FileReader.cpp:
* fileapi/FileReader.h:
* fileapi/FileReaderLoader.cpp:
* fileapi/FileReaderLoader.h:
* fileapi/FileReaderSync.cpp:
* fileapi/FileReaderSync.h:
* fileapi/WebKitBlobBuilder.cpp:
* fileapi/WebKitBlobBuilder.h:
* html/HTMLMediaElement.cpp:
* html/ImageData.h:
* html/canvas/ArrayBuffer.idl:
* html/canvas/ArrayBufferView.idl:
* html/canvas/CanvasRenderingContext2D.cpp:
* html/canvas/DataView.h:
* html/canvas/Float32Array.idl:
* html/canvas/Float64Array.idl:
* html/canvas/Int16Array.idl:
* html/canvas/Int32Array.idl:
* html/canvas/Int8Array.idl:
* html/canvas/Uint16Array.idl:
* html/canvas/Uint32Array.idl:
* html/canvas/Uint8Array.idl:
* html/canvas/Uint8ClampedArray.idl:
* html/canvas/WebGLBuffer.h:
(WebCore::WebGLBuffer::elementArrayBuffer):
* html/canvas/WebGLGetInfo.cpp:
* html/canvas/WebGLGetInfo.h:
* html/canvas/WebGLRenderingContext.cpp:
* html/canvas/WebGLRenderingContext.h:
* inspector/InspectorMemoryAgent.cpp:
* page/Crypto.cpp:
* page/Crypto.h:
* platform/graphics/GraphicsContext3D.cpp:
* platform/graphics/ImageBuffer.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
* platform/graphics/cg/ImageBufferDataCG.h:
* platform/graphics/filters/FEBlend.cpp:
* platform/graphics/filters/FEColorMatrix.cpp:
* platform/graphics/filters/FEComponentTransfer.cpp:
* platform/graphics/filters/FEComposite.cpp:
* platform/graphics/filters/FEConvolveMatrix.cpp:
* platform/graphics/filters/FECustomFilter.cpp:
* platform/graphics/filters/FEDisplacementMap.cpp:
* platform/graphics/filters/FEDropShadow.cpp:
* platform/graphics/filters/FEGaussianBlur.cpp:
* platform/graphics/filters/FELighting.h:
* platform/graphics/filters/FEMorphology.cpp:
* platform/graphics/filters/FETurbulence.cpp:
* platform/graphics/filters/FilterEffect.cpp:
* platform/graphics/filters/FilterEffect.h:
* platform/graphics/mac/GraphicsContext3DMac.mm:
* platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
* testing/Internals.h:
* xml/XMLHttpRequest.cpp:
* xml/XMLHttpRequest.h:
(WebCore::XMLHttpRequest::optionalResponseArrayBuffer):

Source/WTF:

Remove TypedArray implementation from WTF

* GNUmakefile.list.am:
* WTF.xcodeproj/project.pbxproj:
* wtf/Forward.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153728 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=119471

Reviewed by Mark Hahnenberg.
        
This allows a cell to call copyLater() multiple times for multiple different
backing stores, and then have copyBackingStore() called exactly once for each
of those. A token tells it which backing store to copy. All backing stores
must be named using the CopyToken, an enumeration which currently cannot
exceed eight entries.
        
When copyBackingStore() is called, it's up to the callee to (a) use the token
to decide what to copy and (b) call its base class's copyBackingStore() in
case the base class had something that needed copying. The only exception is
that JSCell never asks anything to be copied, and so if your base is JSCell
then you don't have to do anything.

* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/CopiedBlock.h:
* heap/CopiedBlockInlines.h:
(JSC::CopiedBlock::reportLiveBytes):
* heap/CopyToken.h: Added.
* heap/CopyVisitor.cpp:
(JSC::CopyVisitor::copyFromShared):
* heap/CopyVisitor.h:
* heap/CopyVisitorInlines.h:
(JSC::CopyVisitor::visitItem):
* heap/CopyWorkList.h:
(JSC::CopyWorklistItem::CopyWorklistItem):
(JSC::CopyWorklistItem::cell):
(JSC::CopyWorklistItem::token):
(JSC::CopyWorkListSegment::get):
(JSC::CopyWorkListSegment::append):
(JSC::CopyWorkListSegment::data):
(JSC::CopyWorkListIterator::get):
(JSC::CopyWorkListIterator::operator*):
(JSC::CopyWorkListIterator::operator->):
(JSC::CopyWorkList::append):
* heap/SlotVisitor.h:
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::copyLater):
* runtime/ClassInfo.h:
* runtime/JSCell.cpp:
(JSC::JSCell::copyBackingStore):
* runtime/JSCell.h:
* runtime/JSObject.cpp:
(JSC::JSObject::visitButterfly):
(JSC::JSObject::copyBackingStore):
* runtime/JSObject.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153720 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore:

* GNUmakefile.list.am: Add missing files to compilation.
* bytecode/CodeBlock.cpp: Add a ENABLE(FTL_JIT) #if block to
include FTL header files not included in the compilation.
* dfg/DFGDriver.cpp: Ditto.
* dfg/DFGPlan.cpp: Ditto.

Source/ThirdParty/ANGLE:

* GNUmakefile.am: Add missing header files to compilation.

Source/WebCore:

* GNUmakefile.list.am: Add missing header file to compilation.

Source/WebKit2:

* GNUmakefile.list.am: Add missing header file to compilation.

Source/WTF:

* GNUmakefile.list.am: Add missing files to compilation.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153460 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* GNUmakefile.list.am:
* Target.pri:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* GNUmakefile.list.am: Add CompilationResult source files to the build.

Source/WTF: Unreviewed, further GTK build fixing.

* GNUmakefile.am: Make libWTF.la depend on any changes made to the build targets list.
* GNUmakefile.list.am: Add SixCharacterHash source files to the build.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153312 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* GNUmakefile.am: Make the shared libjsc library depend on any changes to the build target list.
* GNUmakefile.list.am: Add additional build targets for files that were introduced by the FTL branch merge.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153311 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* GNUmakefile.list.am: Adding JSCTestRunnerUtils files to the build.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153306 268f45cc-cd09-0410-ab3c-d52691b4dbfc

* GNUmakefile.am:
* GNUmakefile.list.am:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=117595

Reviewed by Geoffrey Garen.

* API/APICallbackFunction.h: Added. New struct that allows JSCallbackFunction and
ObjCCallbackFunction to share their host call() implementation through the magic of
templates.
(JSC::APICallbackFunction::call):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::getCallData): Changed to get the template-ized version of
the host function.
* API/JSCallbackFunction.h:
* API/ObjCCallbackFunction.h: Now inherits directly from InternalFunction.
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunction::ObjCCallbackFunction):
(JSC::ObjCCallbackFunction::getCallData): Ditto.
* GNUmakefile.list.am: Build files!
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153233 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=117375

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch has two goals:

(1) Simplicity.

    * Net removes 15 opcodes.
    * Net removes 2,000 lines of code.
    * Removes setPair() from the DFG: All DFG nodes have 1 result register now.

(2) Performance.

    * 2%-3% speedup on SunSpider (20% in LLInt and Baseline JIT)
    * 2% speedup on v8-spider
    * 10% speedup on js-regress-hashmap*
    * Amusing 2X speedup on js-regress-poly-stricteq

The bytecode now separates the scope chain resolution opcode from the
scope access opcode.

    OLD:
        get_scoped_var  r0, 1, 0
        inc             r0
        put_scoped_var  1, 0, r0

    NEW:
        resolve_scope   r0, x(@id0)
        get_from_scope  r1, r0, x(@id0)
        inc             r1
        put_to_scope    r0, x(@id0), r1

Also, we link non-local variable resolution opcodes at CodeBlock link
time instead of time of first opcode execution.

This means that we can represent all possible non-local variable
resolutions using just three opcodes, and any optimizations in these
opcodes naturally apply across-the-board.

* API/JSCTestRunnerUtils.cpp:
(JSC::numberOfDFGCompiles):
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.order:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri: Build!

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode): Updated for removed things.

(JSC::CodeBlock::CodeBlock): Always provide the full scope chain when
creating a CodeBlock, so we can perform non-local variable resolution.

Added code to perform linking for these opcodes. This is where we figure
out which non-local variable resolutions are optimizable, and how.

(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::noticeIncomingCall):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::optimizeAfterLongWarmUp):
(JSC::CodeBlock::optimizeSoon): Updated for removed things.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::needsActivation):
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ProgramCodeBlock::ProgramCodeBlock):
(JSC::EvalCodeBlock::EvalCodeBlock):
(JSC::FunctionCodeBlock::FunctionCodeBlock):
* bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::getSlow): Updated for interface changes.

* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor): Treat global object access as
optimizable even though the global object has a custom property access
callback. This is what we've always done since, otherwise, we can't
optimize globals. (In future, we probably want to figure out a more
targeted policy than "any property access callback means no
optimization".)

* bytecode/GlobalResolveInfo.h: Removed.
* bytecode/Instruction.h:
* bytecode/Opcode.h:
(JSC::padOpcodeName):

* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor): Like GetByIdStatus.

* bytecode/ResolveGlobalStatus.cpp: Removed.
* bytecode/ResolveGlobalStatus.h: Removed.
* bytecode/ResolveOperation.h: Removed.

* bytecode/UnlinkedCodeBlock.cpp:
(JSC::generateFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::codeBlockFor):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
* bytecode/UnlinkedCodeBlock.h: Don't provide a scope chain to unlinked
code blocks. Giving a scope to an unscoped compilation unit invites
programming errors.

* bytecode/Watchpoint.h:
(JSC::WatchpointSet::addressOfIsInvalidated):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::resolveCallee):
(JSC::BytecodeGenerator::local):
(JSC::BytecodeGenerator::constLocal):
(JSC::BytecodeGenerator::resolveType):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::emitInstanceOf):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitPopScope):
(JSC::BytecodeGenerator::pushFinallyContext):
(JSC::BytecodeGenerator::emitComplexPopScopes):
(JSC::BytecodeGenerator::popTryAndEmitCatch):
(JSC::BytecodeGenerator::emitPushNameScope):
(JSC::BytecodeGenerator::isArgumentNumber):
* bytecompiler/BytecodeGenerator.h:
(JSC::Local::Local):
(JSC::Local::operator bool):
(JSC::Local::get):
(JSC::Local::isReadOnly):
(JSC::BytecodeGenerator::scopeDepth):
(JSC::BytecodeGenerator::shouldOptimizeLocals):
(JSC::BytecodeGenerator::canOptimizeNonLocals): Refactored the bytecode
generator to resolve all variables within local scope, as if there
were no non-local scope. This helps provide a separation of concerns:
unlinked bytecode is always scope-free, and the linking stage links
in the provided scope.

* bytecompiler/NodesCodegen.cpp:
(JSC::ResolveNode::isPure):
(JSC::ResolveNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::ForInNode::emitBytecode): A bunch of this codegen is no longer
necessary, since it's redundant with the linking stage.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
(JSC::DFG::ByteCodeParser::handlePutByOffset):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseBlock): Updated for interface changes.
Notably, we can reuse existing DFG nodes -- but the mapping between
bytecode and DFG nodes has changed, and some nodes and corner cases have
been removed.

* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::scopedVarLoadElimination):
(JSC::DFG::CSEPhase::varInjectionWatchpointElimination):
(JSC::DFG::CSEPhase::globalVarStoreElimination):
(JSC::DFG::CSEPhase::scopedVarStoreElimination):
(JSC::DFG::CSEPhase::getLocalLoadElimination):
(JSC::DFG::CSEPhase::setLocalStoreElimination):
(JSC::DFG::CSEPhase::performNodeCSE): Added CSE for var injection
watchpoints. Even though watchpoints are "free", they're quite common
inside code that's subject to var injection, so I figured we'd save a
little memory.

* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGCapabilities.h: Removed detection for old forms.

* dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.h:
* dfg/DFGJITCode.cpp:
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToStructureTransitionWatchpoint):
(JSC::DFG::Node::hasVarNumber):
(JSC::DFG::Node::hasIdentifierNumberForCheck):
(JSC::DFG::Node::hasRegisterPointer):
(JSC::DFG::Node::hasHeapPrediction):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGRepatch.h:
(JSC::DFG::dfgResetGetByID):
(JSC::DFG::dfgResetPutByID):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation): Removed some unneeded things,
and updated for renames.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile): The two primary changes here are:

(1) Use a watchpoint for var injection instead of looping over the scope
chain and checking. This is more efficient and much easier to model in
code generation.

(2) I've eliminated the notion of an optimized global assignment that
needs to check for whether it should fire a watchpiont. Instead, we
fire pre-emptively at the point of optimization. This removes a bunch
of edge cases, and it seems like a more honest representation of
the fact that our new optimization contradicts our old one.

* dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
* heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::jettison):
* interpreter/CallFrame.h:
(JSC::ExecState::trueCallFrame): Removed stuff that's unused now, and
fixed the build.

* interpreter/Interpreter.cpp:
(JSC::eval):
(JSC::getBytecodeOffsetForCallFrame):
(JSC::getCallerInfo):
(JSC::Interpreter::throwException): Updated exception scope tracking
to match the rest of our linking strategy: The unlinked bytecode compiles
exception scope as if non-local scope did not exist, and we add in
non-local scope at link time. This means that we can restore the right
scope depth based on a simple number, without checking the contents of
the scope chain.

(JSC::Interpreter::execute): Make sure to establish the full scope chain
before linking eval code. We now require the full scope chain at link
time, in order to link non-local variable resolution opcodes.

* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_add):
* jit/JITCode.cpp:
* jit/JITOpcodes.cpp:
(JSC::JIT::emitSlow_op_bitxor):
(JSC::JIT::emitSlow_op_bitor):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emitSlow_op_to_primitive):
(JSC::JIT::emit_op_strcat):
(JSC::JIT::emitSlow_op_create_this):
(JSC::JIT::emitSlow_op_to_this):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitVarInjectionCheck):
(JSC::JIT::emitResolveClosure):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitLoadWithStructureCheck):
(JSC::JIT::emitGetGlobalProperty):
(JSC::JIT::emitGetGlobalVar):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_init_global_const):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitVarInjectionCheck):
(JSC::JIT::emitResolveClosure):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitLoadWithStructureCheck):
(JSC::JIT::emitGetGlobalProperty):
(JSC::JIT::emitGetGlobalVar):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_init_global_const):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h: Re-wrote baseline JIT codegen for our new variable
resolution model.

* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter.cpp:
(JSC::CLoop::execute):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm: Ditto for LLInt.

* offlineasm/x86.rb: Fixed a pre-existing encoding bug for a syntactic
form that we never used before.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.

These functions need to invoke toThis() because they observe the 'this'
value. Also, toLocaleString() is specified to accept non-array 'this'
values.

(Most other host functions don't need this fix because they perform
strict 'this' checking, which never coerces unexpected types.)

* runtime/CodeCache.cpp:
(JSC::CodeCache::getCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
* runtime/CodeCache.h: Don't supply a scope to the unlinked code cache.
Unlinked code is supposed to be scope-free, so let's have the compiler
help verify that.

* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
* runtime/Executable.cpp:
(JSC::EvalExecutable::create):
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
* runtime/Executable.h:
(JSC::EvalExecutable::numVariables):
(JSC::EvalExecutable::numberOfFunctionDecls):
* runtime/ExecutionHarness.h:
(JSC::prepareForExecutionImpl):
(JSC::prepareFunctionForExecutionImpl):
(JSC::installOptimizedCode): Fiddled with executable initialization so
that we can always generate a full scope chain before we go to link a
code block. We need this because code block linking now depends on the
scope chain to link non-local variable resolution opcodes.

* runtime/JSActivation.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::createEvalCodeBlock):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::varInjectionWatchpoint):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/JSNameScope.h:
* runtime/JSScope.cpp:
(JSC::abstractAccess):
(JSC::JSScope::objectAtScope):
(JSC::JSScope::depth):
(JSC::JSScope::resolve):
(JSC::JSScope::abstractResolve): Updated to match changes explained above.

* runtime/JSScope.h:
(JSC::makeType):
(JSC::needsVarInjectionChecks):
(JSC::ResolveOp::ResolveOp):
(JSC::ResolveModeAndType::ResolveModeAndType):
(JSC::ResolveModeAndType::mode):
(JSC::ResolveModeAndType::type):
(JSC::ResolveModeAndType::operand): Removed the old variable resolution
state machine, since it's unused now. Added logic for performing abstract
variable resolution at link time. This is used by codeblock linking.

* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncDefineGetter):
(JSC::objectProtoFuncDefineSetter):
(JSC::objectProtoFuncLookupGetter):
(JSC::objectProtoFuncLookupSetter):
(JSC::objectProtoFuncPropertyIsEnumerable):
(JSC::objectProtoFuncToLocaleString):
(JSC::objectProtoFuncToString): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.

These functions need to invoke toThis() because they observe the 'this'
value.

* runtime/StringPrototype.cpp:
(JSC::checkObjectCoercible):
(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncConcat):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncLastIndexOf):
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):
(JSC::stringProtoFuncLocaleCompare):
(JSC::stringProtoFuncBig):
(JSC::stringProtoFuncSmall):
(JSC::stringProtoFuncBlink):
(JSC::stringProtoFuncBold):
(JSC::stringProtoFuncFixed):
(JSC::stringProtoFuncItalics):
(JSC::stringProtoFuncStrike):
(JSC::stringProtoFuncSub):
(JSC::stringProtoFuncSup):
(JSC::stringProtoFuncFontcolor):
(JSC::stringProtoFuncFontsize):
(JSC::stringProtoFuncAnchor):
(JSC::stringProtoFuncLink):
(JSC::trimString): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.

These functions need to invoke toThis() because they observe the 'this'
value.

* runtime/StructureRareData.cpp:
* runtime/VM.cpp:
(JSC::VM::~VM):

* runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::slot): Modified to reduce casting in client code.

LayoutTests:

This patch removed special-case 'this' resolution from bytecode, making
some pre-existing edge cases in 'this' value treatment much more common.

I updated the test results below, and added some tests, to match bug
fixes for these cases.

* fast/js/script-tests/array-functions-non-arrays.js:
* fast/js/array-functions-non-arrays-expected.txt: As specified, it's
not an error to pass a non-array to toLocaleString. Our new result
matches Firefox and Chrome.

* fast/js/array-prototype-properties-expected.txt: Updated for slightly
clearer error message.

* fast/js/basic-strict-mode-expected.txt: Updated for slightly more
standard error message.

* fast/js/object-prototype-toString-expected.txt: Added.
* fast/js/object-prototype-toString.html: Added. This test demonstrates
why we now fail a Sputnik test below, while Firefox and Chrome pass it.
(The test doesn't test what it thinks it tests, and this test verifies
that we get right what it does think it tests.)

* fast/js/string-prototype-function-this-expected.txt: Added.
* fast/js/string-prototype-function-this.html: Added. This test shows
that we CheckObjectCoercible in string prototype functions. (We used
to get this wrong, but Sputnik tests made it seem like we got it right
because they didn't test the dynamic scope case.)

* sputnik/Conformance/11_Expressions/11.1_Primary_Expressions/11.1.1_The_this_Keyword/S11.1.1_A2-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.3_Array_prototype_toLocaleString/S15.4.4.3_A2_T1-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.6_String.prototype.concat/S15.5.4.6_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A1_T3-expected.txt:

Updated to show failing results. Firefox and Chrome also fail these
tests, and the ES5 spec seems to mandate failure. Because these tests
resolve a String.prototype function at global scope, the 'this' value
for the call is an environment record. Logically, an environment record
converts to 'undefined' at the call site, and should then fail the
CheckObjectCoercible test.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153221 268f45cc-cd09-0410-ab3c-d52691b4dbfc

This was a non trivial merge as trunk has changed computation of line and column information

Introducing the StackIterator class.
https://bugs.webkit.org/show_bug.cgi?id=117390.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The StackIterator class is meant to unify the way we iterate the JS
stack. It also makes it so that we don't have to copy the frame data
into the intermediate StackFrame struct before processing it.
Unfortunately we still can't get rid of StackFrame because it is used
to record frame information for the Exception stack that is expected
to persist beyond when the frames have been popped off the JS stack.

The StackIterator will iterate over all "logical" frames (i.e. including
inlined frames). As it iterates the JS stack, if it encounters a DFG
frame that has inlined frames, the iterator will canonicalize the
inlined frames before returning. Once canonicalized, the frame can be
read like any other frame.

The StackIterator implements a Frame class that inherits from CallFrame.
The StackIterator::Frame serves as reader of the CallFrame that makes
it easier to access information about the frame. The StackIterator::Frame
only adds functions, and no additional data fields.

* API/JSContextRef.cpp:
(JSContextCreateBacktrace):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* interpreter/CallFrame.cpp:
(JSC::CallFrame::begin):
(JSC::CallFrame::beginAt):
* interpreter/CallFrame.h:
(JSC::ExecState::setInlineCallFrame):
(ExecState):
(JSC::ExecState::end):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpRegisters):
(JSC::Interpreter::unwindCallFrame):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::throwException):
(JSC::Interpreter::debug):
* interpreter/Interpreter.h:
(Interpreter):
* interpreter/StackIterator.cpp: Added.
(JSC::StackIterator::StackIterator):
(JSC::StackIterator::beginAt):
(JSC::StackIterator::gotoNextFrame):
- Based on the deleted Interpreter::findFunctionCallFrameFromVMCode().
(JSC::StackIterator::findFrameForFunction):
- Based on the deleted Interpreter::retrieveCallerFromVMCode().
(JSC::StackIterator::Frame::codeType):
- Based on the deleted getStackFrameCodeType().
(JSC::StackIterator::Frame::functionName):
- Based on StackFrame::friendlyFunctionName().
(JSC::StackIterator::Frame::sourceURL):
- Based on StackFrame::friendlySourceURL().
(JSC::StackIterator::Frame::toString):
- Based on StackFrame::toString().
(JSC::StackIterator::Frame::bytecodeOffset):
(JSC::StackIterator::Frame::line):
- Based on StackFrame::line().
(JSC::StackIterator::Frame::column):
- Based on StackFrame::column().
(JSC::StackIterator::Frame::arguments):
- Based on the deleted Interpreter::retrieveArgumentsFromVMCode().
(JSC::StackIterator::Frame::retrieveExpressionInfo):
- Based on StackFrame::expressionInfo().
(JSC::StackIterator::Frame::logicalFrame):
- Based on the now deleted CallFrame::trueCallFrame().
(JSC::StackIterator::Frame::logicalCallerFrame):
- Based on the now deleted CallFrame::trueCallerFrame().
(JSC::jitTypeName):
(JSC::printIndents):
(JSC::printif):
(JSC::StackIterator::Frame::print):
(debugPrintCallFrame):
- Prints the contents of the frame for debugging purposes.
  There are 2 versions that can be used as follows:

  1. When you have a valid StackIterator, you can print
     the current frame's content using the print instance
     method:
         iter->print(indentLevel);

  2. When you have a CallFrame* that you want to dump from a debugger
     console, you can print its content as follows:
         (gdb) call debugPrintCallFrame(callFrame)

  A sample of the output looks like this:

      frame 0x1510c70b0 {
         name 'shouldBe'
         sourceURL 'testapi.js'
         hostFlag 0
         isInlinedFrame 0
         callee 0x15154efb0
         returnPC 0x10ed0786d
         callerFrame 0x1510c7058
         logicalCallerFrame 0x1510c7058
         rawLocationBits 27 0x1b
         codeBlock 0x7fe79b037200
            bytecodeOffset 27 0x1b / 210
            line 46
            column 20
            jitType 3 <BaselineJIT> isOptimizingJIT 0
            hasCodeOrigins 0
      }

* interpreter/StackIterator.h: Added.
(StackIterator::Frame):
(JSC::StackIterator::Frame::create):
(JSC::StackIterator::Frame::isJSFrame):
(JSC::StackIterator::Frame::callFrame):
* interpreter/StackIteratorPrivate.h: Added.
(StackIterator):
(JSC::StackIterator::operator*):
(JSC::StackIterator::operator->):
(JSC::StackIterator::operator==):
(JSC::StackIterator::operator!=):
(JSC::StackIterator::operator++):
(JSC::StackIterator::end):
(JSC::StackIterator::empty):
* jsc.cpp:
(functionJSCStack):
* profiler/ProfileGenerator.cpp:
(JSC::ProfileGenerator::addParentForConsoleStart):
* profiler/ProfileNode.h:
(ProfileNode):
* runtime/JSFunction.cpp:
(JSC::retrieveArguments):
(JSC::JSFunction::argumentsGetter):
(JSC::skipOverBoundFunctions):
(JSC::retrieveCallerFunction):
(JSC::JSFunction::callerGetter):
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::defineOwnProperty):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetPrototypeOf):
* runtime/Operations.h:

Source/WebCore:

No new tests.

* ForwardingHeaders/interpreter/StackIterator.h: Added.
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::send):
* bindings/js/ScriptCallStackFactory.cpp:
(WebCore::createScriptCallStack):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=117262.

Reviewed by Geoffrey Garen.

When writing to the ArgumentCount tag in CallFrame, we will set the high
bit if the written value is a codeOriginIndex.

* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeOrigin.h:
(CodeOrigin):
(JSC::CodeOrigin::isHandle):
(JSC::CodeOrigin::encodeHandle):
(JSC::CodeOrigin::decodeHandle):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::beginCall):
* dfg/DFGRepatch.cpp:
(JSC::DFG::tryBuildGetByIDList):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::locationAsBytecodeOffset):
(JSC::CallFrame::setLocationAsBytecodeOffset):
(JSC::CallFrame::currentVPC):
(JSC::CallFrame::setCurrentVPC):
(JSC::CallFrame::trueCallFrame):
* interpreter/CallFrame.h:
(ExecState):
(JSC::ExecState::inlineCallFrame):
* interpreter/CallFrameInlines.h: Added.
(JSC::CallFrame::hasLocationAsBytecodeOffset):
(JSC::CallFrame::hasLocationAsCodeOriginIndex):
(JSC::CallFrame::locationAsRawBits):
(JSC::CallFrame::setLocationAsRawBits):
(JSC::CallFrame::locationAsBytecodeOffset):
(JSC::CallFrame::setLocationAsBytecodeOffset):
(JSC::CallFrame::locationAsCodeOriginIndex):
* interpreter/Interpreter.cpp:
(JSC::getBytecodeOffsetForCallFrame):
(JSC::getCallerInfo):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=115705.

Reviewed by Geoffrey Garen.

The probe is in the form of a MacroAssembler pseudo instruction.
It takes 3 arguments: a ProbeFunction, and 2 void* args.

When inserted into the JIT at some code generation site, the probe
pseudo "instruction" will emit a minimal amount of code to save the
stack pointer, 1 (or more) scratch register(s), and the probe
arguments into a ProbeContext record on the stack. The emitted code
will then call a probe trampoline to do the rest of the work, which
consists of:
1. saving the remaining registers into the ProbeContext.
2. calling the ProbeFunction, and passing it the ProbeContext pointer.
3. restoring the registers from the ProbeContext after the ProbeFunction
   returns, and then returning to the JIT generated code.

The ProbeContext is stack allocated and is only valid for the duration
that the ProbeFunction is executing.

If the user supplied ProbeFunction alters the register values in the
ProbeContext, the new values will be installed into the registers upon
returning from the probe. This can be useful for some debugging or
testing purposes.

The probe mechanism is built conditional on USE(MASM_PROBE) which is
defined in config.h. USE(MASM_PROBE) will off by default.

This changeset only implements the probe mechanism for X86 and X86_64.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* assembler/MacroAssembler.h:
(MacroAssembler):
(JSC::MacroAssembler::shouldBlind):
(JSC::MacroAssembler::store32):
* assembler/MacroAssemblerX86.h:
(MacroAssemblerX86):
(JSC::MacroAssemblerX86::trustedImm32FromPtr):
(JSC::MacroAssemblerX86::probe):
* assembler/MacroAssemblerX86Common.cpp: Added.
(JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters):
- CPU specific register dumper called by ProbeContext::dump().
(JSC::MacroAssemblerX86Common::ProbeContext::dump):
- Prints the ProbeContext to the DataLog.
* assembler/MacroAssemblerX86Common.h:
(MacroAssemblerX86Common):
(CPUState): Added.
(ProbeContext): Added.
* assembler/MacroAssemblerX86_64.h:
(MacroAssemblerX86_64):
(JSC::MacroAssemblerX86_64::trustedImm64FromPtr):
(JSC::MacroAssemblerX86_64::probe):
* assembler/X86Assembler.h:
* config.h: Added WTF_USE_MASM_PROBE flag.
* jit/JITStubs.cpp:
* jit/JITStubs.h:
* jit/JITStubsX86.h:
* jit/JITStubsX86Common.h: Added.
* jit/JITStubsX86_64.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=116135.

Reviewed by Michael Saboff.

This mod only moves the CPU specific parts out. There is no code change.
Tested on debug builds of X86, X86_64, ARM and ARMv7. The SH4 and MIPS
ports are untested. Windows port also not tested.

* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jit/JITStubs.cpp:
(JSC::performPlatformSpecificJITAssertions):
* jit/JITStubsARM.h: Added.
(JSC::ctiTrampoline):
(JSC::ctiTrampolineEnd):
(JSC::ctiVMThrowTrampoline):
(JSC::ctiOpThrowNotCaught):
(JSC::performARMJITAssertions):
* jit/JITStubsARMv7.h: Added.
(JSC::ctiTrampoline):
(JSC::ctiVMThrowTrampoline):
(JSC::ctiOpThrowNotCaught):
(JSC::performARMv7JITAssertions):
* jit/JITStubsMIPS.h: Added.
(JSC::performMIPSJITAssertions):
* jit/JITStubsSH4.h: Added.
* jit/JITStubsX86.h: Added.
* jit/JITStubsX86_64.h: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153160 268f45cc-cd09-0410-ab3c-d52691b4dbfc

broken builds.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153121 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=114306

Reviewed by Mark Hahnenberg.

Just abstract out some things that the FTL will want to use as well.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGOSRExitCompiler.h:
(OSRExitCompiler):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp: Added.
(DFG):
(JSC::DFG::handleExitCounts):
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
* dfg/DFGOSRExitCompilerCommon.h: Added.
(DFG):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153119 268f45cc-cd09-0410-ab3c-d52691b4dbfc

fourthTier: put DFG data into a DFG::JITCode, and put common DFG and FTL data into something accessible from both DFG::JITCode and FTL::JITCode
https://bugs.webkit.org/show_bug.cgi?id=113905

Reviewed by Geoffrey Garen.

This removes one pointer from CodeBlock.

It also gives us a framework for having JITType-specific data in CodeBlock, by
putting it into the appropriate JITCode class (either DFG::JITCode or
FTL::JITCode). And it allows us to have DFG and FTL share some common data,
via DFG::CommonData, which is stored in both DFG::JITCode and FTL::JITCode and
always accessible via JITCode::dfgCommon().

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/CodeBlock.cpp:
(JSC):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::performTracingFixpointIteration):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::stronglyVisitWeakReferences):
(JSC::CodeBlock::shrinkToFit):
(JSC::CodeBlock::tallyFrequentExitSites):
* bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
(JSC::DFGCodeBlocks::mark):
* dfg/DFGAssemblyHelpers.h:
* dfg/DFGCommonData.cpp: Added.
(DFG):
(JSC::DFG::CommonData::notifyCompilingStructureTransition):
(JSC::DFG::CommonData::shrinkToFit):
* dfg/DFGCommonData.h: Added.
(JSC):
(DFG):
(JSC::DFG::WeakReferenceTransition::WeakReferenceTransition):
(WeakReferenceTransition):
(CommonData):
(JSC::DFG::CommonData::CommonData):
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGDriver.h:
(DFG):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
* dfg/DFGGraph.h:
(Graph):
* dfg/DFGJITCode.cpp: Added.
(DFG):
(JSC::DFG::JITCode::JITCode):
(JSC::DFG::JITCode::~JITCode):
(JSC::DFG::JITCode::dfgCommon):
(JSC::DFG::JITCode::dfg):
(JSC::DFG::JITCode::shrinkToFit):
* dfg/DFGJITCode.h: Added.
(DFG):
(JITCode):
(JSC::DFG::JITCode::appendOSREntryData):
(JSC::DFG::JITCode::osrEntryDataForBytecodeIndex):
(JSC::DFG::JITCode::appendOSRExit):
(JSC::DFG::JITCode::lastOSRExit):
(JSC::DFG::JITCode::appendSpeculationRecovery):
(JSC::DFG::JITCode::appendWatchpoint):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
(JITCompiler):
(JSC::DFG::JITCompiler::addWeakReference):
(JSC::DFG::JITCompiler::noticeOSREntry):
(JSC::DFG::JITCompiler::jitCode):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSRExit.h:
(OSRExit):
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::backwardSpeculationCheck):
(JSC::DFG::SpeculativeJIT::speculationWatchpoint):
(JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGVariableEventStream.cpp:
* ftl/FTLCompile.cpp:
(JSC::FTL::compile):
* ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::JITCode):
(JSC::FTL::JITCode::~JITCode):
(FTL):
(JSC::FTL::JITCode::initializeCode):
(JSC::FTL::JITCode::addressForCall):
(JSC::FTL::JITCode::executableAddressAtOffset):
(JSC::FTL::JITCode::dataAddressAtOffset):
(JSC::FTL::JITCode::offsetOf):
(JSC::FTL::JITCode::size):
(JSC::FTL::JITCode::contains):
(JSC::FTL::JITCode::ftl):
(JSC::FTL::JITCode::dfgCommon):
* ftl/FTLJITCode.h:
(JITCode):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
(JSC::FTL::LowerDFGToLLVM::compilePutStructure):
(JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
(JSC::FTL::LowerDFGToLLVM::addWeakReference):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::weakPointer):
* ftl/FTLState.cpp:
(FTL):
(JSC::FTL::State::State):
(JSC::FTL::State::dumpState):
* ftl/FTLState.h:
(State):
* heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::~DFGCodeBlocks):
(JSC::DFGCodeBlocks::jettison):
(JSC::DFGCodeBlocks::clearMarks):
(JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
(JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
* jit/JITCode.cpp:
(JSC::JITCode::dfgCommon):
(JSC):
(JSC::JITCode::dfg):
(JSC::JITCode::ftl):
(JSC::DirectJITCode::DirectJITCode):
(JSC::DirectJITCode::initializeCodeRef):
(JSC::DirectJITCode::addressForCall):
(JSC::DirectJITCode::executableAddressAtOffset):
(JSC::DirectJITCode::dataAddressAtOffset):
(JSC::DirectJITCode::offsetOf):
(JSC::DirectJITCode::size):
(JSC::DirectJITCode::contains):
* jit/JITCode.h:
(DFG):
(FTL):
(JSC):
(JITCode):
(DirectJITCode):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=118868.

Reviewed by Anders Carlsson.

* os-win32/stdint.h: Removed.
* GNUmakefile.list.am: Removed reference to os-win32/stdint.h


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@152949 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore:

* GNUmakefile.list.am: Add missing header files.

Source/WebCore:

* GNUmakefile.list.am: Add missing header files.

Source/WTF:

* GNUmakefile.list.am: Add missing header files.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@152460 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=116596.

Patch by Julien Brianceau <jbrianceau@nds.com> on 2013-05-22
Reviewed by Geoffrey Garen.

Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp
to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done
for other architectures.

* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* assembler/MacroAssemblerSH4.cpp: Removed.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::linkCall):
(MacroAssemblerSH4):
(JSC::MacroAssemblerSH4::repatchCall):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@150519 268f45cc-cd09-0410-ab3c-d52691b4dbfc