1. 02 Dec, 2013 4 commits
  2. 30 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      Finally remove those DFG_ENABLE things · ecd97b0c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=125025
      
      Rubber stamped by Sam Weinig.
              
      This removes a bunch of unused and untested insanity.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::tallyFrequentExitSites):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getArrayModeConsideringSlowPath):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      (JSC::DFG::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::convertToJump):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::endIndexForPureCSE):
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::eliminate):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCommon.h:
      (JSC::DFG::verboseCompilationEnabled):
      (JSC::DFG::logCompilationChanges):
      (JSC::DFG::shouldDumpGraphAtEachPhase):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      (JSC::DFG::InPlaceAbstractState::endBasicBlock):
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      (JSC::DFG::InPlaceAbstractState::mergeToSuccessors):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::adjustAndJumpToTarget):
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::run):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::propagateForward):
      (JSC::DFG::PredictionPropagationPhase::propagateBackward):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::use):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::generate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
      (JSC::DFG::SpeculativeJIT::dump):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVariableEventStream.h:
      (JSC::DFG::VariableEventStream::appendAndLog):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159886 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ecd97b0c
  3. 29 Nov, 2013 3 commits
  4. 28 Nov, 2013 5 commits
    • nrotem@apple.com's avatar
      Revert the X86 assembler peephole changes · a47b30a2
      nrotem@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124988
      
      Reviewed by Csaba Osztrogonác.
      
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::add32):
      (JSC::MacroAssemblerX86::add64):
      (JSC::MacroAssemblerX86::or32):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::add32):
      (JSC::MacroAssemblerX86Common::or32):
      (JSC::MacroAssemblerX86Common::branchAdd32):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::add32):
      (JSC::MacroAssemblerX86_64::or32):
      (JSC::MacroAssemblerX86_64::add64):
      (JSC::MacroAssemblerX86_64::or64):
      (JSC::MacroAssemblerX86_64::xor64):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159855 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a47b30a2
    • antti@apple.com's avatar
      Remove feature: CSS variables · c6dce2e5
      antti@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114119
      
      .: 
      
      Reviewed by Andreas Kling.
      
      * Source/cmakeconfig.h.cmake:
      
      Source/JavaScriptCore: 
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebCore: 
      
      Reviewed by Andreas Kling.
              
      The feature is unmaintained and it is getting in the way of refactoring. Code quality is not up to
      WebKit standards either.
      
      * Configurations/FeatureDefines.xcconfig:
      * GNUmakefile.list.am:
      * WebCore.xcodeproj/project.pbxproj:
      * css/CSSBasicShapes.cpp:
      * css/CSSBasicShapes.h:
      * css/CSSCalculationValue.cpp:
      (WebCore::unitCategory):
      (WebCore::hasDoubleValue):
      (WebCore::CSSCalcPrimitiveValue::toCalcValue):
      (WebCore::CSSCalcPrimitiveValue::computeLengthPx):
      (WebCore::determineCategory):
      (WebCore::CSSCalcBinaryOperation::primitiveType):
      * css/CSSCalculationValue.h:
      * css/CSSComputedStyleDeclaration.cpp:
      (WebCore::ComputedStyleExtractor::propertyValue):
      * css/CSSGrammar.y.in:
      * css/CSSParser.cpp:
      (WebCore::CSSParserContext::CSSParserContext):
      (WebCore::operator==):
      (WebCore::filterProperties):
      (WebCore::CSSParser::createStylePropertySet):
      (WebCore::CSSParser::addProperty):
      (WebCore::CSSParser::validCalculationUnit):
      (WebCore::CSSParser::validUnit):
      (WebCore::CSSParser::createPrimitiveNumericValue):
      (WebCore::CSSParser::parseValidPrimitive):
      (WebCore::CSSParser::parseValue):
      (WebCore::CSSParser::parseReflect):
      (WebCore::CSSParser::detectDashToken):
      (WebCore::CSSParser::realLex):
      * css/CSSParser.h:
      * css/CSSParserMode.h:
      * css/CSSParserValues.cpp:
      (WebCore::CSSParserValue::createCSSValue):
      * css/CSSParserValues.h:
      * css/CSSPrimitiveValue.cpp:
      (WebCore::isValidCSSUnitTypeForDoubleConversion):
      (WebCore::CSSPrimitiveValue::primitiveType):
      (WebCore::CSSPrimitiveValue::cleanup):
      (WebCore::CSSPrimitiveValue::getStringValue):
      (WebCore::CSSPrimitiveValue::customCSSText):
      (WebCore::CSSPrimitiveValue::equals):
      * css/CSSPrimitiveValue.h:
      * css/CSSPrimitiveValueMappings.h:
      (WebCore::CSSPrimitiveValue::convertToLength):
      * css/CSSProperty.cpp:
      * css/CSSProperty.h:
      (WebCore::CSSProperty::CSSProperty):
      * css/CSSReflectValue.cpp:
      * css/CSSReflectValue.h:
      * css/CSSValue.cpp:
      (WebCore::CSSValue::equals):
      (WebCore::CSSValue::cssText):
      (WebCore::CSSValue::destroy):
      * css/CSSValue.h:
      (WebCore::CSSValue::setCssText):
      * css/CSSValueList.cpp:
      * css/CSSValueList.h:
      * css/CSSVariableValue.h: Removed.
      * css/Pair.h:
      * css/Rect.h:
      * css/StylePropertySet.cpp:
      (WebCore::StylePropertySet::asText):
      (WebCore::StylePropertySet::PropertyReference::cssName):
      * css/StyleResolver.cpp:
      (WebCore::StyleResolver::styleForPage):
      (WebCore::StyleResolver::applyProperties):
      (WebCore::StyleResolver::applyMatchedProperties):
      (WebCore::StyleResolver::applyProperty):
      * css/StyleResolver.h:
      * css/WebKitCSSTransformValue.cpp:
      * css/WebKitCSSTransformValue.h:
      (WebCore::WebKitCSSTransformValue::equals):
      * css/makeprop.pl:
      * page/Settings.cpp:
      (WebCore::Settings::Settings):
      * page/Settings.h:
      * rendering/style/RenderStyle.h:
      * rendering/style/StyleRareInheritedData.cpp:
      (WebCore::StyleRareInheritedData::StyleRareInheritedData):
      (WebCore::StyleRareInheritedData::operator==):
      * rendering/style/StyleRareInheritedData.h:
      * rendering/style/StyleVariableData.h: Removed.
      * testing/InternalSettings.cpp:
      (WebCore::InternalSettings::Backup::Backup):
      (WebCore::InternalSettings::Backup::restoreTo):
      * testing/InternalSettings.h:
      * testing/InternalSettings.idl:
      
      Source/WebKit/mac: 
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WebKit2: 
      
      Reviewed by Andreas Kling.
      
      * Configurations/FeatureDefines.xcconfig:
      
      Source/WTF: 
      
      Reviewed by Andreas Kling.
      
      * wtf/FeatureDefines.h:
      
      Tools: 
      
      Reviewed by Andreas Kling.
      
      * Scripts/webkitperl/FeatureList.pm:
      
      LayoutTests: 
      
      Reviewed by Andreas Kling.
      
      * fast/css/variables: Removed.
      * fast/css/variables/border-width-expected.html: Removed.
      * fast/css/variables/border-width.html: Removed.
      * fast/css/variables/build-supports-variables-expected.txt: Removed.
      * fast/css/variables/build-supports-variables.html: Removed.
      * fast/css/variables/calc-expected.html: Removed.
      * fast/css/variables/calc-inside-calc-expected.html: Removed.
      * fast/css/variables/calc-inside-calc.html: Removed.
      * fast/css/variables/calc-invalid-value-expected.html: Removed.
      * fast/css/variables/calc-invalid-value.html: Removed.
      * fast/css/variables/calc-invalid-variable-expected.html: Removed.
      * fast/css/variables/calc-invalid-variable.html: Removed.
      * fast/css/variables/calc-negated-variable-expected.html: Removed.
      * fast/css/variables/calc-negated-variable.html: Removed.
      * fast/css/variables/calc-vw-crash-expected.txt: Removed.
      * fast/css/variables/calc-vw-crash.html: Removed.
      * fast/css/variables/calc.html: Removed.
      * fast/css/variables/case-sensitive-expected.html: Removed.
      * fast/css/variables/case-sensitive.html: Removed.
      * fast/css/variables/colors-test-expected.html: Removed.
      * fast/css/variables/colors-test.html: Removed.
      * fast/css/variables/complex-cycle-expected.html: Removed.
      * fast/css/variables/complex-cycle.html: Removed.
      * fast/css/variables/computed-style-expected.html: Removed.
      * fast/css/variables/computed-style.html: Removed.
      * fast/css/variables/deferred-image-load-from-variable-expected.txt: Removed.
      * fast/css/variables/deferred-image-load-from-variable.html: Removed.
      * fast/css/variables/inherited-values-expected.html: Removed.
      * fast/css/variables/inherited-values.html: Removed.
      * fast/css/variables/inline-styles-expected.html: Removed.
      * fast/css/variables/inline-styles.html: Removed.
      * fast/css/variables/invalid-font-reference-expected.txt: Removed.
      * fast/css/variables/invalid-font-reference.html: Removed.
      * fast/css/variables/invalid-shorthand-expected.html: Removed.
      * fast/css/variables/invalid-shorthand.html: Removed.
      * fast/css/variables/invalid-value-list-crash-expected.txt: Removed.
      * fast/css/variables/invalid-value-list-crash.html: Removed.
      * fast/css/variables/invalid-variable-value-expected.html: Removed.
      * fast/css/variables/invalid-variable-value.html: Removed.
      * fast/css/variables/multi-level-cycle-expected.html: Removed.
      * fast/css/variables/multi-level-cycle.html: Removed.
      * fast/css/variables/redefinition-expected.html: Removed.
      * fast/css/variables/redefinition.html: Removed.
      * fast/css/variables/root-background-size-expected.html: Removed.
      * fast/css/variables/root-background-size.html: Removed.
      * fast/css/variables/shorthand-expected.html: Removed.
      * fast/css/variables/shorthand.html: Removed.
      * fast/css/variables/simple-cycle-expected.html: Removed.
      * fast/css/variables/simple-cycle.html: Removed.
      * fast/css/variables/transform-test-expected.html: Removed.
      * fast/css/variables/transform-test.html: Removed.
      * fast/css/variables/undefined-expected.html: Removed.
      * fast/css/variables/undefined.html: Removed.
      * fast/css/variables/use-before-defined-expected.html: Removed.
      * fast/css/variables/use-before-defined.html: Removed.
      * fast/css/variables/var-filter-expected.txt: Removed.
      * fast/css/variables/var-filter.html: Removed.
      * fast/css/variables/var-inside-box-reflect-expected.html: Removed.
      * fast/css/variables/var-inside-box-reflect.html: Removed.
      * fast/css/variables/var-inside-pair-expected.html: Removed.
      * fast/css/variables/var-inside-pair.html: Removed.
      * fast/css/variables/var-inside-quad-expected.html: Removed.
      * fast/css/variables/var-inside-quad.html: Removed.
      * fast/css/variables/var-inside-shape-expected.html: Removed.
      * fast/css/variables/var-inside-shape.html: Removed.
      * fast/css/variables/var-inside-shorthand-expected.html: Removed.
      * fast/css/variables/var-inside-shorthand.html: Removed.
      * fast/css/variables/variable-chain-expected.html: Removed.
      * fast/css/variables/variable-chain.html: Removed.
      * fast/css/variables/variable-unparseable-value-crash-expected.txt: Removed.
      * fast/css/variables/variable-unparseable-value-crash.html: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159842 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6dce2e5
    • ossy@webkit.org's avatar
      Typo fix after r159834 to fix 32 bit builds. · 5ead1b70
      ossy@webkit.org authored
      Patch by Peter Gal <galpeter@inf.u-szeged.hu> on 2013-11-28
      Reviewed by Csaba Osztrogonác.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159836 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5ead1b70
    • nrotem@apple.com's avatar
      Add a bunch of early exits and local optimizations to the x86 assembler. · c38f566f
      nrotem@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124904
      
      Reviewed by Filip Pizlo.
      
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::add32):
      (JSC::MacroAssemblerX86::add64):
      (JSC::MacroAssemblerX86::or32):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::add32):
      (JSC::MacroAssemblerX86Common::or32):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::add32):
      (JSC::MacroAssemblerX86_64::or32):
      (JSC::MacroAssemblerX86_64::add64):
      (JSC::MacroAssemblerX86_64::or64):
      (JSC::MacroAssemblerX86_64::xor64):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159835 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c38f566f
    • fpizlo@apple.com's avatar
      Infer one-time scopes · 1a72409c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124812
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This detects JSActivations that are created only once. The JSActivation pointer is then
      baked into the machine code.
              
      This takes advantage of the one-time scope inference to reduce the number of
      indirections needed to get to a closure variable in case where the scope is only
      allocated once. This isn't really a speed-up since in the common case the total number
      of instruction bytes needed to load the scope from the stack is about equal to the
      number of instruction bytes needed to materialize the absolute address of a scoped
      variable. But, this is a necessary prerequisite to
      https://bugs.webkit.org/show_bug.cgi?id=124630, so it's probably a good idea anyway.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.h:
      (JSC::WatchpointSet::notifyWrite):
      (JSC::InlineWatchpointSet::notifyWrite):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolveScope):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::tryGetRegisters):
      * dfg/DFGGraph.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::varNumber):
      (JSC::DFG::Node::hasSymbolTable):
      (JSC::DFG::Node::symbolTable):
      * dfg/DFGNodeType.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      * runtime/JSScope.cpp:
      (JSC::abstractAccess):
      (JSC::JSScope::abstractResolve):
      * runtime/JSScope.h:
      (JSC::ResolveOp::ResolveOp):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::registers):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::SymbolTable):
      * runtime/SymbolTable.h:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * js/regress/infer-one-time-closure-expected.txt: Added.
      * js/regress/infer-one-time-closure-ten-vars-expected.txt: Added.
      * js/regress/infer-one-time-closure-ten-vars.html: Added.
      * js/regress/infer-one-time-closure-two-vars-expected.txt: Added.
      * js/regress/infer-one-time-closure-two-vars.html: Added.
      * js/regress/infer-one-time-closure.html: Added.
      * js/regress/infer-one-time-deep-closure-expected.txt: Added.
      * js/regress/infer-one-time-deep-closure.html: Added.
      * js/regress/script-tests/infer-one-time-closure-ten-vars.js: Added.
      * js/regress/script-tests/infer-one-time-closure-two-vars.js: Added.
      * js/regress/script-tests/infer-one-time-closure.js: Added.
      * js/regress/script-tests/infer-one-time-deep-closure.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159834 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1a72409c
  5. 27 Nov, 2013 4 commits
    • fpizlo@apple.com's avatar
      Finally fix some obvious Bartlett bugs · 7969ed73
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124951
      
      Reviewed by Mark Hahnenberg.
              
      Sanitize the stack (i.e. zero parts of it known to be dead) at three key points:
              
      - GC.
              
      - At beginning of OSR entry.
              
      - Just as we finish preparing OSR entry. This clears those slots on the stack that
        could have been live in baseline but that are known to be dead in DFG.
              
      This is as much as a 2x speed-up on splay if you run it in certain modes, and run it
      for a long enough interval. It appears to fix all instances of the dreaded exponential
      heap growth that splay gets into when some stale pointer stays around.
              
      This doesn't have much of an effect on real-world programs. This bug has only ever
      manifested in splay and for that reason we thus far opted against fixing it. But splay
      is, for what it's worth, the premiere GC stress test in JavaScript - so making sure we
      can run it without pathologies - even when you tweak its configuration - is probably
      fairly important.
      
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      (JSC::JSStack::sanitizeStack):
      * interpreter/JSStack.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7969ed73
    • fpizlo@apple.com's avatar
      Do bytecode validation as part of testing · 2eb67eca
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124913
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Also fix some small bugs in the bytecode liveness analysis that I found by doing
      this validation thingy.
      
      * bytecode/BytecodeLivenessAnalysis.cpp:
      (JSC::isValidRegisterForLiveness):
      (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::validate):
      (JSC::CodeBlock::beginValidationDidFail):
      (JSC::CodeBlock::endValidationDidFail):
      * bytecode/CodeBlock.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Options.h:
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
      
      * GNUmakefile.list.am:
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/CMakeLists.txt:
      * wtf/FastBitVector.cpp: Added.
      (WTF::FastBitVector::dump):
      * wtf/FastBitVector.h:
      (WTF::FastBitVector::resize):
      (WTF::FastBitVector::bitCount):
      (WTF::FastBitVector::arrayLength):
      
      Tools: 
      
      Reviewed by Oliver Hunt.
      
      * Scripts/run-jsc-stress-tests:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159825 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2eb67eca
    • akling@apple.com's avatar
      Structure::m_staticFunctionReified should be a single bit. · 19f333b6
      akling@apple.com authored
      <https://webkit.org/b/124912>
      
      Shave 8 bytes off of JSC::Structure by jamming m_staticFunctionReified
      into the bitfield just above.
      
      Reviewed by Antti Koivisto.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159814 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19f333b6
    • akling@apple.com's avatar
      JSActivation constructor should use NotNull placement new. · db1716a4
      akling@apple.com authored
      <https://webkit.org/b/124909>
      
      Knock a null check outta the storage initialization loop.
      
      Reviewed by Antti Koivisto.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159813 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      db1716a4
  6. 26 Nov, 2013 4 commits
    • fpizlo@apple.com's avatar
      Restructure global variable constant inference so that it could work for any... · 8646834a
      fpizlo@apple.com authored
      Restructure global variable constant inference so that it could work for any kind of symbol table variable
      https://bugs.webkit.org/show_bug.cgi?id=124760
      
      Reviewed by Oliver Hunt.
              
      This changes the way global variable constant inference works so that it can be reused
      for closure variable constant inference. Some of the premises that originally motivated
      this patch are somewhat wrong, but it led to some simplifications anyway and I suspect
      that we'll be able to fix those premises in the future. The main point of this patch is
      to make it easy to reuse global variable constant inference for closure variable
      constant inference, and this will be possible provided we can also either (a) infer
      one-shot closures (easy) or (b) infer closure variables that are always assigned prior
      to first use.
              
      One of the things that this patch is meant to enable is constant inference for closure
      variables that may be part of a multi-shot closure. Closure variables may be
      instantiated multiple times, like:
              
          function foo() {
              var WIDTH = 45;
              function bar() {
                  ... use WIDTH ...
              }
              ...
          }
              
      Even if foo() is called many times and WIDTH is assigned to multiple times, that
      doesn't change the fact that it's a constant. The goal of closure variable constant
      inference is to catch any case where a closure variable has been assigned at least once
      and its value has never changed. This patch doesn't implement that, but it does change
      global variable constant inference to have most of the powers needed to do that. Note
      that most likely we will use this functionality only to implement constant inference
      for one-shot closures, but the resulting machinery is still simpler than what we had
      before.
              
      This involves three changes:
              
          - The watchpoint object now contains the inferred value. This involves creating a
            new kind of watchpoint set, the VariableWatchpointSet. We will reuse this object
            for closure variables.
              
          - Writing to a variable that is watchpointed still involves these three states that
            we proceed through monotonically (Uninitialized->Initialized->Invalidated) but
            now, the Initialized->Invalidated state transition only happens if we change the
            variable's value, rather than store to the variable. Repeatedly storing the same
            value won't change the variable's state.
              
          - On 64-bit systems (the only systems on which we do concurrent JIT), you no longer
            need fancy fencing to get a consistent view of the watchpoint in the JIT. The
            state of the VariableWatchpointSet for the purposes of constant folding is
            entirely encapsulated in the VariableWatchpointSet::m_inferredValue. If that is
            JSValue() then you cannot fold (either because the set is uninitialized or
            because it's invalidated - doesn't matter which); on the other hand if the value
            is anything other than JSValue() then you can fold, and that's the value you fold
            to. Simple!
              
      This also changes the way that DFG IR deals with variable watchpoints. It's now
      oblivious to global variables. You install a watchpoint using VariableWatchpoint and
      you notify write using NotifyWrite. Easy!
              
      Note that this will requires some more tweaks because of the fact that op_enter will
      store Undefined into every captured variable. Hence it won't even work for one-shot
      closures. One-shot closures are easily fixed by introducing another state (so we'll
      have Uninitialized->Undefined->Initialized->Invalidated). Multi-shot closures will
      require static analysis. One-shot closures are clearly a higher priority.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Instruction.h:
      * bytecode/VariableWatchpointSet.h: Added.
      (JSC::VariableWatchpointSet::VariableWatchpointSet):
      (JSC::VariableWatchpointSet::~VariableWatchpointSet):
      (JSC::VariableWatchpointSet::inferredValue):
      (JSC::VariableWatchpointSet::notifyWrite):
      (JSC::VariableWatchpointSet::invalidate):
      (JSC::VariableWatchpointSet::finalizeUnconditionally):
      (JSC::VariableWatchpointSet::addressOfInferredValue):
      * bytecode/Watchpoint.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::hasVariableWatchpointSet):
      (JSC::DFG::Node::variableWatchpointSet):
      * dfg/DFGNodeType.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileNotifyWrite):
      * jit/JIT.h:
      * jit/JITOperations.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitNotifyWrite):
      (JSC::JIT::emitPutGlobalVar):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emitNotifyWrite):
      (JSC::JIT::emitPutGlobalVar):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::addGlobalVar):
      (JSC::JSGlobalObject::addFunction):
      * runtime/JSGlobalObject.h:
      * runtime/JSScope.h:
      (JSC::ResolveOp::ResolveOp):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTableEntry::inferredValue):
      (JSC::SymbolTableEntry::prepareToWatch):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTable::visitChildren):
      (JSC::SymbolTable::WatchpointCleanup::WatchpointCleanup):
      (JSC::SymbolTable::WatchpointCleanup::~WatchpointCleanup):
      (JSC::SymbolTable::WatchpointCleanup::finalizeUnconditionally):
      * runtime/SymbolTable.h:
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159798 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8646834a
    • fpizlo@apple.com's avatar
      Create a new SymbolTable every time code is loaded so that the watchpoints don't get reused · 022f368a
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124824
      
      Reviewed by Oliver Hunt.
              
      This helps with one shot closure inference as well as closure variable constant
      inference, since without this, if code was reloaded from the cache then we would
      think that the first run was actually an Nth run. This would cause us to think that
      the watchpoint(s) should all be invalidated.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::symbolTable):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::symbolTable):
      * runtime/Executable.h:
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::clone):
      * runtime/SymbolTable.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159795 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      022f368a
    • oliver@apple.com's avatar
      Crash in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char>... · 6d34acaa
      oliver@apple.com authored
      Crash in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseUnaryExpression<JSC::ASTBuilder>(JSC::ASTBuilder&)
      https://bugs.webkit.org/show_bug.cgi?id=124886
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore:
      
      Make sure the error macros propagate an existing error before
      trying to create a new error message.  We need to do this as
      the parser state may not be safe for any specific error message
      if we are already unwinding due to an error.
      
      * parser/Parser.cpp:
      
      LayoutTests:
      
      Add tests
      
      * js/parser-syntax-check-expected.txt:
      * js/script-tests/parser-syntax-check.js:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159790 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6d34acaa
    • nrotem@apple.com's avatar
      Optimize away OR with zero - a common ASM.js pattern. · f76bdaa9
      nrotem@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124869
      
      Reviewed by Filip Pizlo.
      
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159783 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f76bdaa9
  7. 25 Nov, 2013 1 commit
  8. 24 Nov, 2013 1 commit
  9. 22 Nov, 2013 8 commits
    • mhahnenberg@apple.com's avatar
      JSC Obj-C API should have real documentation · fc0b6729
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124805
      
      Reviewed by Geoffrey Garen.
      
      Massaging the header comments into proper headerdocs.
      
      * API/JSContext.h:
      * API/JSExport.h:
      * API/JSManagedValue.h:
      * API/JSValue.h:
      * API/JSVirtualMachine.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159723 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fc0b6729
    • fpizlo@apple.com's avatar
      CodeBlock::m_numCalleeRegisters shouldn't also mean frame size, frame size... · 81bb8bb3
      fpizlo@apple.com authored
      CodeBlock::m_numCalleeRegisters shouldn't also mean frame size, frame size needed for exit, or any other unrelated things
      https://bugs.webkit.org/show_bug.cgi?id=124793
      
      Reviewed by Mark Hahnenberg.
              
      Now m_numCalleeRegisters always refers to the number of locals that the attached
      bytecode uses. It never means anything else.
              
      For frame size, we now have it lazily computed from m_numCalleeRegisters for the
      baseline engines and we have it stored in DFG::CommonData for the optimizing JITs.
              
      For frame-size-needed-at-exit, we store that in DFG::CommonData, too.
              
      The code no longer implies that there is any arithmetic relationship between
      m_numCalleeRegisters and frameSize. Previously it implied that the latter is greater
      than the former.
              
      The code no longer implies that there is any arithmetic relationship between the
      frame Size and the frame-size-needed-at-exit. Previously it implied that the latter
      is greater that the former.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::frameRegisterCount):
      * bytecode/CodeBlock.h:
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      (JSC::DFG::CommonData::requiredRegisterCountForExecutionAndExit):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::frameRegisterCount):
      (JSC::DFG::Graph::requiredRegisterCountForExit):
      (JSC::DFG::Graph::requiredRegisterCountForExecutionAndExit):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      * ftl/FTLOSREntry.cpp:
      (JSC::FTL::prepareOSREntry):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::frameExtentInternal):
      * interpreter/JSStackInlines.h:
      (JSC::JSStack::pushFrame):
      * jit/JIT.h:
      (JSC::JIT::frameRegisterCountFor):
      * jit/JITOperations.cpp:
      * llint/LLIntEntrypoint.cpp:
      (JSC::LLInt::frameRegisterCountFor):
      * llint/LLIntEntrypoint.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159721 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      81bb8bb3
    • fpizlo@apple.com's avatar
      Combine SymbolTable and SharedSymbolTable · bbddb5bf
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124761
      
      Reviewed by Geoffrey Garen.
              
      SymbolTable was never used directly; we now always used SharedSymbolTable. So, this
      gets rid of SymbolTable and renames SharedSymbolTable to SymbolTable.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::symbolTable):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::symbolTable):
      (JSC::UnlinkedCodeBlock::symbolTable):
      (JSC::UnlinkedCodeBlock::finishCreation):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::symbolTable):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStackLayoutPhase.cpp:
      (JSC::DFG::StackLayoutPhase::run):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::symbolTableFor):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreation):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::symbolTable):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::registersOffset):
      (JSC::JSActivation::allocationSize):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::symbolTable):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::destroy):
      (JSC::SymbolTable::SymbolTable):
      * runtime/SymbolTable.h:
      (JSC::SymbolTable::create):
      (JSC::SymbolTable::createStructure):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159713 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bbddb5bf
    • mark.lam@apple.com's avatar
      Remove residual references to "dynamicGlobalObject". · a0b59dbd
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124787.
      
      Reviewed by Filip Pizlo.
      
      * JavaScriptCore.order:
      * interpreter/CallFrame.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159709 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a0b59dbd
    • mark.lam@apple.com's avatar
      Ensure that arity fixups honor stack alignment requirements. · 29d7a244
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124756.
      
      Reviewed by Geoffrey Garen.
      
      The LLINT and all the JITs rely on CommonSlowPaths::arityCheckFor() to
      compute the arg count adjustment for the arity fixup. We take advantage
      of this choke point and introduce the stack alignment padding there in
      the guise of additional args.
      
      The only cost of this approach is that the padding will also be
      initialized to undefined values as if they were args. Since arity fixups
      are considered a slow path that is rarely taken, this cost is not a
      concern.
      
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/VM.h:
      (JSC::VM::isSafeToRecurse):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159706 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      29d7a244
    • fpizlo@apple.com's avatar
      BytecodeGenerator should align the stack according to native conventions · e94ae4ad
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124735
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Lam.
              
      Rolling this back in because it actually fixed fast/dom/gc-attribute-node.html, but
      our infrastructure misleads peole into thinking that fixing a test constitutes
      breaking it.
      
      * bytecompiler/BytecodeGenerator.h:
      (JSC::CallArguments::registerOffset):
      (JSC::CallArguments::argumentCountIncludingThis):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::CallArguments::CallArguments):
      
      LayoutTests: 
      
      Reviewed by Mark Lam.
      
      * platform/mac/fast/dom/gc-attribute-node-expected.txt: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159705 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e94ae4ad
    • fpizlo@apple.com's avatar
      Get rid of CodeBlock::dumpStatistics() · 8dd93448
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124762
      
      Reviewed by Mark Hahnenberg.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      * bytecode/CodeBlock.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159697 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8dd93448
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r159652. · 6d05b532
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/159652
      https://bugs.webkit.org/show_bug.cgi?id=124778
      
      broke fast/dom/gc-attribute-node.html (Requested by ap on
      #webkit).
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::CallArguments::registerOffset):
      (JSC::CallArguments::argumentCountIncludingThis):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::CallArguments::CallArguments):
      (JSC::CallArguments::newArgument):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159693 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6d05b532
  10. 21 Nov, 2013 9 commits