1. 26 Aug, 2011 1 commit
    • fpizlo@apple.com's avatar
      The GC does not have a facility for profiling the kinds of objects · d6bcd37d
      fpizlo@apple.com authored
      that occupy the heap
      https://bugs.webkit.org/show_bug.cgi?id=66849
      
      Reviewed by Geoffrey Garen.
      
      Destructor calls and object scans are now optionally counted, per
      vtable. When the heap is destroyed and profiling is enabled, the
      counts are dumped, with care taken to print the names of classes
      (modulo C++ mangling) sorted in descending commonality.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/Heap.cpp:
      (JSC::Heap::destroy):
      * heap/Heap.h:
      * heap/MarkStack.cpp:
      (JSC::SlotVisitor::visitChildren):
      (JSC::SlotVisitor::drain):
      * heap/MarkStack.h:
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::callDestructor):
      * heap/MarkedBlock.h:
      * heap/VTableSpectrum.cpp: Added.
      (JSC::VTableSpectrum::VTableSpectrum):
      (JSC::VTableSpectrum::~VTableSpectrum):
      (JSC::VTableSpectrum::countVPtr):
      (JSC::VTableSpectrum::count):
      (JSC::VTableAndCount::VTableAndCount):
      (JSC::VTableAndCount::operator<):
      (JSC::VTableSpectrum::dump):
      * heap/VTableSpectrum.h: Added.
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93918 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d6bcd37d
  2. 24 Aug, 2011 1 commit
    • fpizlo@apple.com's avatar
      There is no facility for profiling how the write barrier is used · aec7e0c4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=66747
      
      Reviewed by Geoffrey Garen.
      
      Added facilities for the JIT to specify the kind of write barrier
      being executed.  Added code for profiling the number of each kind
      of barrier encountered.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGJITCodeGenerator.cpp:
      (JSC::DFG::JITCodeGenerator::writeBarrier):
      (JSC::DFG::JITCodeGenerator::cachedPutById):
      * dfg/DFGJITCodeGenerator.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::emitCount):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::emitCount):
      * dfg/DFGNonSpeculativeJIT.cpp:
      (JSC::DFG::NonSpeculativeJIT::compile):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCachePutByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/Heap.h:
      (JSC::Heap::writeBarrier):
      * heap/WriteBarrierSupport.cpp: Added.
      (JSC::WriteBarrierCounters::initialize):
      * heap/WriteBarrierSupport.h: Added.
      (JSC::WriteBarrierCounters::WriteBarrierCounters):
      (JSC::WriteBarrierCounters::jitCounterFor):
      (JSC::WriteBarrierCounters::countWriteBarrier):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::emit_op_put_scoped_var):
      (JSC::JIT::emit_op_put_global_var):
      (JSC::JIT::emitWriteBarrier):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::emit_op_put_scoped_var):
      (JSC::JIT::emit_op_put_global_var):
      (JSC::JIT::emitWriteBarrier):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::setWithoutWriteBarrier):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93698 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aec7e0c4
  3. 18 Aug, 2011 1 commit
    • commit-queue@webkit.org's avatar
      Move allocation in constructors into separate constructorBody() methods · 53aecd29
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=66265
      
      Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-08-18
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      Refactoring to put all allocations that need to be done after the object's
      initialization list has executed but before the object is ready for use
      into a separate constructorBody() method.  This method is still called by the constructor,
      so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * jsc.cpp:
      (GlobalObject::constructorBody):
      (GlobalObject::GlobalObject):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::ErrorInstance):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::constructorBody):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::constructorBody):
      * runtime/ErrorPrototype.h:
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::FunctionExecutable):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::constructorBody):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::constructorBody):
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::JSByteArray):
      * runtime/JSByteArray.h:
      (JSC::JSByteArray::constructorBody):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::constructorBody):
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::constructorBody):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::constructorBody):
      * runtime/JSString.h:
      (JSC::RopeBuilder::JSString):
      (JSC::RopeBuilder::constructorBody):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::NativeErrorConstructor):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::constructorBody):
      * runtime/NativeErrorPrototype.cpp:
      (JSC::NativeErrorPrototype::NativeErrorPrototype):
      (JSC::NativeErrorPrototype::constructorBody):
      * runtime/NativeErrorPrototype.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      * runtime/StringObjectThatMasqueradesAsUndefined.h:
      (JSC::StringObjectThatMasqueradesAsUndefined::create):
      (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::StringPrototype):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::create):
      
      Source/WebCore:
      
      No new tests.
      
      Refactoring to put all allocations that need to be done after the object's
      initialization list has executed but before the object is ready for use
      into a separate constructorBody() method.  This method is still called by the constructor,
      so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
      
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::create):
      * bridge/objc/ObjCRuntimeObject.mm:
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::ObjCRuntimeMethod):
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93378 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      53aecd29
  4. 02 Aug, 2011 1 commit
    • fpizlo@apple.com's avatar
      JSC GC is far too conservative about growing the heap size, particularly · f49ce5c9
      fpizlo@apple.com authored
      on desktop platforms
      https://bugs.webkit.org/show_bug.cgi?id=65438
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      The minimum heap size is now 16MB instead of 512KB, provided all of the
      following are true:
      a) ENABLE(LARGE_HEAP) is set, which currently only happens on
         x86 targets, but could reasonably happen on any platform that is
         known to have a decent amount of RAM.
      b) JSGlobalData is initialized with HeapSize = LargeHeap, which
         currently only happens when it's the JSDOMWindowBase in WebCore or
         in the jsc command-line tool.
      
      This is a 4.1% speed-up on SunSpider.
      
      * JavaScriptCore.exp:
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::collect):
      * heap/Heap.h:
      * jsc.cpp:
      (main):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::createContextGroup):
      (JSC::JSGlobalData::create):
      (JSC::JSGlobalData::createLeaked):
      (JSC::JSGlobalData::sharedInstance):
      * runtime/JSGlobalData.h:
      * wtf/Platform.h:
      
      Source/WebCore:
      
      No change in behavior, thus no new tests.
      
      Pass the LargeHeap hint to JSGlobalData when creating the JSC runtime
      instance corresponding to non-worker JS code.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::commonJSGlobalData):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@92224 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f49ce5c9
  5. 27 Jul, 2011 1 commit
  6. 26 Jul, 2011 1 commit
    • commit-queue@webkit.org's avatar
      Refactor automatically generated JS DOM bindings to replace operator new with static create methods · 64d3f857
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=64732
      
      Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2011-07-26
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
      Replacing the public constructors in the automatically generated JS DOM bindings with static
      create methods.  JSByteArray is used by several of these bindings in WebCore.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::create):
      * runtime/JSByteArray.h:
      
      Source/WebCore:
      
      No new tests.
      
      Replacing the public constructors in the automatically generated JS DOM bindings in CodeGeneratorJS.pm
      with static create methods.  This is part of a larger refactoring effort to use static create methods
      in the headers of the generated files (so as to be inline-able) in favor of public constructors throughout JSC.
      
      * bindings/js/JSAudioConstructor.h:
      (WebCore::JSAudioConstructor::create):
      * bindings/js/JSDOMBinding.h:
      (WebCore::createWrapper):
      * bindings/js/JSDOMGlobalObject.h:
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::history):
      (WebCore::JSDOMWindow::location):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::setWindow):
      * bindings/js/JSDocumentCustom.cpp:
      (WebCore::JSDocument::location):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::create):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSOptionConstructor.h:
      (WebCore::JSOptionConstructor::create):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::initScript):
      * bindings/scripts/CodeGeneratorJS.pm:
      (AddIncludesForTypeInImpl):
      (AddIncludesForTypeInHeader):
      (AddIncludesForType):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateCallbackImplementation):
      (GenerateConstructorDeclaration):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::create):
      (WebCore::JSTestInterface::createPrototype):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::create):
      (WebCore::JSTestInterfacePrototype::create):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::create):
      (WebCore::JSTestMediaQueryListListener::createPrototype):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::create):
      (WebCore::JSTestMediaQueryListListenerPrototype::create):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::create):
      (WebCore::JSTestObj::createPrototype):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::create):
      (WebCore::JSTestObjPrototype::create):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::create):
      (WebCore::JSTestSerializedScriptValueInterface::createPrototype):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::create):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::create):
      * bridge/jni/jsc/JavaArrayJSC.cpp:
      (JavaArray::convertJObjectToArray):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::newRuntimeObject):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertObjcValueToValue):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertQVariantToValue):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::create):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@91790 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      64d3f857
  7. 22 Jul, 2011 2 commits
  8. 18 Jul, 2011 2 commits
    • commit-queue@webkit.org's avatar
      Timer scheduling should be based off the monotonic clock · 3af8d9f0
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=64544
      
      Patch by James Robinson <jamesr@chromium.org> on 2011-07-18
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore:
      
      Switches ThreadCondition::timedWait and related utility functions from currentTime() to
      monotonicallyIncreasingTime().
      
      Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * wtf/ThreadingPthreads.cpp:
      (WTF::ThreadCondition::timedWait):
      * wtf/ThreadingWin.cpp:
      (WTF::absoluteTimeToWaitTimeoutInterval):
      * wtf/gtk/ThreadingGtk.cpp:
      (WTF::ThreadCondition::timedWait):
      * wtf/qt/ThreadingQt.cpp:
      (WTF::ThreadCondition::timedWait):
      
      Source/WebCore:
      
      Changes the Timer scheduling logic from using absolute values in terms of currentTime() to using relative
      intervals in terms of monotonicallyIncreasingTime().  This provides better standards compliance, compatibility,
      and predictability when the system clock is adjusted.
      
      No automated tests since there is no way to modify the system clock from DRT.
      
      * platform/SharedTimer.h:
      (WebCore::MainThreadSharedTimer::setFireInterval):
      * platform/ThreadTimers.cpp:
      (WebCore::ThreadTimers::updateSharedTimer):
      (WebCore::ThreadTimers::sharedTimerFiredInternal):
      * platform/Timer.cpp:
      (WebCore::TimerBase::start):
      (WebCore::TimerBase::nextFireInterval):
      * platform/android/SharedTimerAndroid.cpp:
      (WebCore::setSharedTimerFireInterval):
      * platform/brew/SharedTimerBrew.cpp:
      (WebCore::setSharedTimerFireInterval):
      * platform/chromium/PlatformBridge.h:
      * platform/chromium/SharedTimerChromium.cpp:
      (WebCore::setSharedTimerFireInterval):
      * platform/efl/SharedTimerEfl.cpp:
      (WebCore::addNewTimer):
      (WebCore::setSharedTimerFireInterval):
      * platform/gtk/SharedTimerGtk.cpp:
      (WebCore::setSharedTimerFireInterval):
      * platform/haiku/SharedTimerHaiku.cpp:
      (WebCore::SharedTimerHaiku::start):
      (WebCore::setSharedTimerFireInterval):
      * platform/mac/SharedTimerMac.mm:
      (WebCore::setSharedTimerFireInterval):
      * platform/qt/SharedTimerQt.cpp:
      (WebCore::SharedTimerQt::start):
      (WebCore::setSharedTimerFireInterval):
      * platform/win/SharedTimerWin.cpp:
      (WebCore::setSharedTimerFireInterval):
      * platform/wince/SharedTimerWinCE.cpp:
      (WebCore::setSharedTimerFireInterval):
      * platform/wx/SharedTimerWx.cpp:
      (WebCore::setSharedTimerFireInterval):
      * workers/WorkerRunLoop.cpp:
      (WebCore::WorkerSharedTimer::setFireInterval):
      
      Source/WebKit/chromium:
      
      Renames setSharedTimerFireTime to setSharedTimerFireInterval to be consistent with WebCore.
      
      * public/WebKitClient.h:
      (WebKit::WebKitClient::setSharedTimerFireInterval):
      * src/PlatformBridge.cpp:
      (WebCore::PlatformBridge::setSharedTimerFireInterval):
      
      Source/WebKit2:
      
      Converts the WebKit2 RunLoop and CoreIPC timeouts to use monotonicallyIncreasingTime().
      
      * Platform/CoreIPC/Connection.cpp:
      (CoreIPC::Connection::waitForMessage):
      (CoreIPC::Connection::waitForSyncReply):
      * Platform/RunLoop.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@91206 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3af8d9f0
    • oliver@apple.com's avatar
      2011-07-18 Mark Hahnenberg <mhahnenberg@apple.com> · fcacd3c8
      oliver@apple.com authored
              Refactor JSC to replace JSCell::operator new with static create method
              https://bugs.webkit.org/show_bug.cgi?id=64466
      
              Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
      
              First step in a longer refactoring process to remove the use of
              operator new overloading in order to allocate GC objects and to replace
              this method with static create methods for each individual type of heap-allocated
              JS object.  This particular patch only deals with replacing uses of
              operator new within JSC proper.  Future patches will remove it from the
              parts that interface with the DOM.  Due to the DOM's continued dependence
              on it, operator new has not actually been removed from JSCell.
      
              * API/JSCallbackConstructor.h:
              (JSC::JSCallbackConstructor::create):
              * API/JSCallbackFunction.h:
              (JSC::JSCallbackFunction::create):
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObject::operator new):
              (JSC::JSCallbackObject::create):
              * API/JSCallbackObjectFunctions.h:
              (JSC::::staticFunctionGetter):
              * API/JSClassRef.cpp:
              (OpaqueJSClass::prototype):
              * API/JSContextRef.cpp:
              * API/JSObjectRef.cpp:
              (JSObjectMake):
              (JSObjectMakeFunctionWithCallback):
              (JSObjectMakeConstructor):
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::createActivation):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::BytecodeGenerator):
              * bytecompiler/BytecodeGenerator.h:
              (JSC::BytecodeGenerator::makeFunction):
              * bytecompiler/NodesCodegen.cpp:
              (JSC::RegExpNode::emitBytecode):
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::privateExecute):
              (JSC::Interpreter::retrieveArguments):
              * jit/JITStubs.cpp:
              (JSC::DEFINE_STUB_FUNCTION):
              * jsc.cpp:
              (GlobalObject::create):
              (GlobalObject::GlobalObject):
              (functionRun):
              (jscmain):
              * runtime/Arguments.h:
              (JSC::Arguments::create):
              (JSC::Arguments::createNoParameters):
              * runtime/ArrayConstructor.cpp:
              (JSC::constructArrayWithSizeQuirk):
              * runtime/ArrayConstructor.h:
              (JSC::ArrayConstructor::create):
              * runtime/ArrayPrototype.cpp:
              (JSC::arrayProtoFuncSplice):
              * runtime/ArrayPrototype.h:
              (JSC::ArrayPrototype::create):
              * runtime/BooleanConstructor.cpp:
              (JSC::constructBoolean):
              (JSC::constructBooleanFromImmediateBoolean):
              * runtime/BooleanConstructor.h:
              (JSC::BooleanConstructor::create):
              * runtime/BooleanObject.h:
              (JSC::BooleanObject::create):
              * runtime/BooleanPrototype.h:
              (JSC::BooleanPrototype::create):
              * runtime/DateConstructor.cpp:
              (JSC::constructDate):
              * runtime/DateConstructor.h:
              (JSC::DateConstructor::create):
              * runtime/DateInstance.h:
              (JSC::DateInstance::create):
              * runtime/DatePrototype.h:
              (JSC::DatePrototype::create):
              * runtime/Error.cpp:
              (JSC::createError):
              (JSC::createEvalError):
              (JSC::createRangeError):
              (JSC::createReferenceError):
              (JSC::createSyntaxError):
              (JSC::createTypeError):
              (JSC::createURIError):
              (JSC::StrictModeTypeErrorFunction::create):
              (JSC::createTypeErrorFunction):
              * runtime/ErrorConstructor.h:
              (JSC::ErrorConstructor::create):
              * runtime/ErrorInstance.cpp:
              (JSC::ErrorInstance::ErrorInstance):
              (JSC::ErrorInstance::create):
              * runtime/ErrorInstance.h:
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              * runtime/ErrorPrototype.h:
              (JSC::ErrorPrototype::create):
              * runtime/ExceptionHelpers.cpp:
              (JSC::InterruptedExecutionError::InterruptedExecutionError):
              (JSC::InterruptedExecutionError::create):
              (JSC::createInterruptedExecutionException):
              (JSC::TerminatedExecutionError::TerminatedExecutionError):
              (JSC::TerminatedExecutionError::create):
              (JSC::createTerminatedExecutionException):
              * runtime/Executable.cpp:
              (JSC::FunctionExecutable::FunctionExecutable):
              (JSC::FunctionExecutable::fromGlobalCode):
              * runtime/Executable.h:
              (JSC::ExecutableBase::create):
              (JSC::NativeExecutable::create):
              (JSC::ScriptExecutable::ScriptExecutable):
              (JSC::EvalExecutable::create):
              (JSC::ProgramExecutable::create):
              (JSC::FunctionExecutable::create):
              (JSC::FunctionExecutable::make):
              * runtime/FunctionConstructor.cpp:
              (JSC::constructFunctionSkippingEvalEnabledCheck):
              * runtime/FunctionConstructor.h:
              (JSC::FunctionConstructor::create):
              * runtime/FunctionPrototype.cpp:
              (JSC::FunctionPrototype::addFunctionProperties):
              * runtime/FunctionPrototype.h:
              (JSC::FunctionPrototype::create):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::create):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::create):
              (JSC::jsAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::argumentsGetter):
              * runtime/JSActivation.h:
              (JSC::JSActivation::create):
              * runtime/JSArray.h:
              (JSC::JSArray::create):
              * runtime/JSCell.h:
              (JSC::JSCell::allocateCell):
              * runtime/JSFunction.h:
              (JSC::JSFunction::create):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::init):
              (JSC::JSGlobalObject::reset):
              * runtime/JSGlobalObject.h:
              (JSC::constructEmptyArray):
              (JSC::constructArray):
              * runtime/JSNotAnObject.h:
              (JSC::JSNotAnObject::create):
              * runtime/JSONObject.h:
              (JSC::JSONObject::create):
              * runtime/JSObject.cpp:
              (JSC::JSObject::defineGetter):
              (JSC::JSObject::defineSetter):
              (JSC::putDescriptor):
              * runtime/JSObject.h:
              (JSC::JSFinalObject::create):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::create):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::create):
              * runtime/JSString.cpp:
              (JSC::JSString::substringFromRope):
              (JSC::JSString::replaceCharacter):
              (JSC::StringObject::create):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              (JSC::RopeBuilder::create):
              (JSC::RopeBuilder::createHasOtherOwner):
              (JSC::jsSingleCharacterString):
              (JSC::jsSingleCharacterSubstring):
              (JSC::jsNontrivialString):
              (JSC::jsString):
              (JSC::jsSubstring):
              (JSC::jsOwnedString):
              * runtime/JSValue.cpp:
              (JSC::JSValue::toObjectSlowCase):
              (JSC::JSValue::synthesizeObject):
              (JSC::JSValue::synthesizePrototype):
              * runtime/Lookup.cpp:
              (JSC::setUpStaticFunctionSlot):
              * runtime/MathObject.h:
              (JSC::MathObject::create):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::NativeErrorConstructor):
              * runtime/NativeErrorConstructor.h:
              (JSC::NativeErrorConstructor::create):
              * runtime/NativeErrorPrototype.h:
              (JSC::NativeErrorPrototype::create):
              * runtime/NumberConstructor.cpp:
              (JSC::constructWithNumberConstructor):
              * runtime/NumberConstructor.h:
              (JSC::NumberConstructor::create):
              * runtime/NumberObject.cpp:
              (JSC::constructNumber):
              * runtime/NumberObject.h:
              (JSC::NumberObject::create):
              * runtime/NumberPrototype.h:
              (JSC::NumberPrototype::create):
              * runtime/ObjectConstructor.h:
              (JSC::ObjectConstructor::create):
              * runtime/ObjectPrototype.h:
              (JSC::ObjectPrototype::create):
              * runtime/Operations.h:
              (JSC::jsString):
              * runtime/RegExp.cpp:
              (JSC::RegExp::RegExp):
              (JSC::RegExp::createWithoutCaching):
              (JSC::RegExp::create):
              * runtime/RegExp.h:
              * runtime/RegExpCache.cpp:
              (JSC::RegExpCache::lookupOrCreate):
              * runtime/RegExpConstructor.cpp:
              (JSC::RegExpConstructor::arrayOfMatches):
              (JSC::constructRegExp):
              * runtime/RegExpConstructor.h:
              (JSC::RegExpConstructor::create):
              * runtime/RegExpMatchesArray.h:
              (JSC::RegExpMatchesArray::create):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::create):
              * runtime/RegExpPrototype.cpp:
              (JSC::regExpProtoFuncCompile):
              * runtime/RegExpPrototype.h:
              (JSC::RegExpPrototype::create):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::create):
              (JSC::ScopeChainNode::push):
              * runtime/SmallStrings.cpp:
              (JSC::SmallStrings::createEmptyString):
              (JSC::SmallStrings::createSingleCharacterString):
              * runtime/StringConstructor.cpp:
              (JSC::constructWithStringConstructor):
              * runtime/StringConstructor.h:
              (JSC::StringConstructor::create):
              * runtime/StringObject.h:
              (JSC::StringObject::create):
              * runtime/StringObjectThatMasqueradesAsUndefined.h:
              (JSC::StringObjectThatMasqueradesAsUndefined::create):
              * runtime/StringPrototype.cpp:
              (JSC::stringProtoFuncMatch):
              (JSC::stringProtoFuncSearch):
              * runtime/StringPrototype.h:
              (JSC::StringPrototype::create):
              * runtime/Structure.h:
              (JSC::Structure::create):
              (JSC::Structure::createStructure):
              * runtime/StructureChain.h:
              (JSC::StructureChain::create):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@91194 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fcacd3c8
  9. 14 Jul, 2011 1 commit
    • commit-queue@webkit.org's avatar
      GC allocation fast path has too many operations. · e8dceaf2
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=64493
      
      Patch by Filip Pizlo <fpizlo@apple.com> on 2011-07-14
      Reviewed by Darin Adler.
      
      Changed the timing of the lazy sweep so that it occurs when we land on
      a previously-unsweeped block, rather than whenever we land on an unsweeped
      cell.  After the per-block lazy sweep occurs, the block is turned into a
      singly linked list of free cells.  The allocation fast path is now just a
      load-branch-store to remove a cell from the head of the list.
      
      Additionally, this changes the way new blocks are allocated.  Previously,
      they would be populated with dummy cells.  With this patch, they are
      turned into a free list, which means that there will never be destructor
      calls for allocations in fresh blocks.
      
      These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
      SunSpider.  There are no observed statistically significant slow-downs
      on any individual benchmark.
      
      * JavaScriptCore.exp:
      * heap/Heap.cpp:
      (JSC::Heap::allocateSlowCase):
      (JSC::Heap::collect):
      (JSC::Heap::canonicalizeBlocks):
      (JSC::Heap::resetAllocator):
      * heap/Heap.h:
      (JSC::Heap::forEachProtectedCell):
      (JSC::Heap::forEachCell):
      (JSC::Heap::forEachBlock):
      (JSC::Heap::allocate):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      (JSC::MarkedBlock::lazySweep):
      (JSC::MarkedBlock::blessNewBlockForFastPath):
      (JSC::MarkedBlock::blessNewBlockForSlowPath):
      (JSC::MarkedBlock::canonicalizeBlock):
      * heap/MarkedBlock.h:
      * heap/NewSpace.cpp:
      (JSC::NewSpace::addBlock):
      (JSC::NewSpace::canonicalizeBlocks):
      * heap/NewSpace.h:
      (JSC::NewSpace::allocate):
      (JSC::NewSpace::SizeClass::SizeClass):
      (JSC::NewSpace::SizeClass::canonicalizeBlock):
      * heap/OldSpace.cpp:
      (JSC::OldSpace::addBlock):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@91039 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e8dceaf2
  10. 08 Jul, 2011 1 commit
  11. 27 Jun, 2011 2 commits
    • rniwa@webkit.org's avatar
      2011-06-27 Ryosuke Niwa <rniwa@webkit.org> · e1d2109c
      rniwa@webkit.org authored
              Build fix attempt after r89885.
      
              * JavaScriptCore.exp:
              * jsc.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89887 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e1d2109c
    • oliver@apple.com's avatar
      2011-06-27 Oliver Hunt <oliver@apple.com> · 1db480d3
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Support throwing away non-running code even while other code is running
              https://bugs.webkit.org/show_bug.cgi?id=63485
      
              Add a function to CodeBlock to support unlinking direct linked callsites,
              and then with that in place add logic to discard code from any function
              that is not currently on the stack.
      
              The unlinking completely reverts any optimized call sites, such that they
              may be relinked again in future.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::unlinkCalls):
              (JSC::CodeBlock::clearEvalCache):
              * bytecode/CodeBlock.h:
              (JSC::CallLinkInfo::CallLinkInfo):
              (JSC::CallLinkInfo::unlink):
              * bytecode/EvalCodeCache.h:
              (JSC::EvalCodeCache::clear):
              * heap/Heap.cpp:
              (JSC::Heap::getConservativeRegisterRoots):
              * heap/Heap.h:
              * jit/JIT.cpp:
              (JSC::JIT::privateCompile):
              * jit/JIT.h:
              * jit/JITCall.cpp:
              (JSC::JIT::compileOpCall):
              * jit/JITWriteBarrier.h:
              (JSC::JITWriteBarrierBase::clear):
              * jsc.cpp:
              (GlobalObject::GlobalObject):
              (functionReleaseExecutableMemory):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::unlinkCalls):
              (JSC::ProgramExecutable::unlinkCalls):
              (JSC::FunctionExecutable::discardCode):
              (JSC::FunctionExecutable::unlinkCalls):
              * runtime/Executable.h:
              * runtime/JSGlobalData.cpp:
              (JSC::SafeRecompiler::returnValue):
              (JSC::SafeRecompiler::operator()):
              (JSC::JSGlobalData::releaseExecutableMemory):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89885 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1db480d3
  12. 17 Jun, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-06-16 Geoffrey Garen <ggaren@apple.com> · 69f77964
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Added some write barrier action, compiled out by default
              https://bugs.webkit.org/show_bug.cgi?id=62844
      
              * JavaScriptCore.exp: Build!
      
              * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
              issue with Heap.cpp.
      
              * heap/Heap.cpp:
              (JSC::Heap::writeBarrierSlowCase):
              * heap/Heap.h:
              (JSC::Heap::writeBarrier):
              * heap/MarkedBlock.h:
              (JSC::MarkedBlock::isAtomAligned):
              (JSC::MarkedBlock::blockFor):
              (JSC::MarkedBlock::atomNumber):
              (JSC::MarkedBlock::ownerSetNumber):
              (JSC::MarkedBlock::addOldSpaceOwner):
              (JSC::MarkedBlock::OwnerSet::OwnerSet):
              (JSC::MarkedBlock::OwnerSet::add):
              (JSC::MarkedBlock::OwnerSet::clear):
              (JSC::MarkedBlock::OwnerSet::size):
              (JSC::MarkedBlock::OwnerSet::didOverflow):
              (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
              tracks owners for regions within blocks. Currently unused.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89156 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      69f77964
  13. 16 Jun, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-06-16 Geoffrey Garen <ggaren@apple.com> · 6e1f8c1b
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Introduced SlotVisitor into the project
              https://bugs.webkit.org/show_bug.cgi?id=62820
              
              This resolves a class vs typedef forward declaration issue, and gives all
              exported symbols the correct names.
      
              * CMakeLists.txt:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * JavaScriptCore.xcodeproj/project.pbxproj: Build!
      
              * bytecode/EvalCodeCache.h:
              * heap/HandleHeap.h:
              * heap/Heap.cpp:
              (JSC::Heap::Heap):
              (JSC::Heap::markRoots):
              * heap/Heap.h:
              * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
              clients operate on a MarkStack.
      
              * heap/MarkStack.cpp:
              (JSC::SlotVisitor::visitChildren):
              (JSC::SlotVisitor::drain):
              * heap/SlotVisitor.h: Added.
              (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
              inheritance to give SlotVisitor all the attributes of MarkStack without
              making this change giant. Over time, we will move more behavior into
              SlotVisitor and its subclasses.
      
              * heap/MarkStack.h:
              * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
              clients operate on a MarkStack.
      
              * runtime/ArgList.h:
              * runtime/JSCell.h:
              * runtime/JSObject.h:
              * runtime/ScopeChain.h:
              * runtime/SmallStrings.h:
              * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
              clients operate on a MarkStack.
      2011-06-16  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Introduced SlotVisitor into the project
              https://bugs.webkit.org/show_bug.cgi?id=62820
      
              This resolves a class vs typedef forward declaration issue, and gives all
              exported symbols the correct names.
      
              * dom/EventListener.h:
              * dom/Node.h:
              * dom/NodeFilterCondition.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89069 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6e1f8c1b
  14. 10 Jun, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=16777 · f1fa579d
      barraclough@apple.com authored
      Eliminate JSC::NaN and JSC::Inf
      
      Reviewed by Sam Weinig.
      
      There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
      The ones in std::numeric_limits are perfectly good.
      Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::toNumber):
      * API/JSValueRef.cpp:
      (JSValueMakeNumber):
      (JSValueToNumber):
      * JavaScriptCore.exp:
      * runtime/CachedTranscendentalFunction.h:
      (JSC::CachedTranscendentalFunction::initialize):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateInstanceCache.h:
      (JSC::DateInstanceData::DateInstanceData):
      (JSC::DateInstanceCache::reset):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSValue::getPrimitiveNumber):
      (JSC::JSCell::JSValue::toNumber):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::resetDateCache):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncParseInt):
      (JSC::globalFuncIsFinite):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::toNumber):
      * runtime/JSValue.cpp:
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::jsNaN):
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax):
      (JSC::mathProtoFuncMin):
      * runtime/NumberConstructor.cpp:
      (JSC::numberConstructorNegInfinity):
      (JSC::numberConstructorPosInfinity):
      * runtime/NumberPrototype.cpp:
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      * runtime/UString.cpp:
      * wtf/DecimalNumber.h:
      (WTF::DecimalNumber::DecimalNumber):
      * wtf/dtoa.cpp:
      (WTF::dtoa):
      
      Source/WebCore: 
      
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f1fa579d
  15. 09 Jun, 2011 2 commits
    • ggaren@apple.com's avatar
      2011-06-08 Geoffrey Garen <ggaren@apple.com> · 8a23d6ad
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Factored a bunch of Heap functionality into stand-alone functors
              https://bugs.webkit.org/show_bug.cgi?id=62337
              
              This is in preparation for making these functors operate on arbitrary
              sets of MarkedBlocks.
      
              * JavaScriptCore.exp: This file is a small tragedy.
      
              * debugger/Debugger.cpp:
              (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
      
              * heap/HandleHeap.h:
              (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
              strong handles, so we can play along in the functor game.
      
              * heap/Heap.cpp:
              (JSC::CountFunctor::CountFunctor::CountFunctor):
              (JSC::CountFunctor::CountFunctor::count):
              (JSC::CountFunctor::CountFunctor::returnValue):
              (JSC::CountFunctor::ClearMarks::operator()):
              (JSC::CountFunctor::ResetAllocator::operator()):
              (JSC::CountFunctor::Sweep::operator()):
              (JSC::CountFunctor::MarkCount::operator()):
              (JSC::CountFunctor::Size::operator()):
              (JSC::CountFunctor::Capacity::operator()):
              (JSC::CountFunctor::Count::operator()):
              (JSC::CountFunctor::CountIfGlobalObject::operator()):
              (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
              (JSC::CountFunctor::TakeIfEmpty::operator()):
              (JSC::CountFunctor::TakeIfEmpty::returnValue):
              (JSC::CountFunctor::RecordType::RecordType):
              (JSC::CountFunctor::RecordType::typeName):
              (JSC::CountFunctor::RecordType::operator()):
              (JSC::CountFunctor::RecordType::returnValue): These functors factor out
              behavior that used to be in the functions below.
      
              (JSC::Heap::clearMarks):
              (JSC::Heap::sweep):
              (JSC::Heap::objectCount):
              (JSC::Heap::size):
              (JSC::Heap::capacity):
              (JSC::Heap::protectedGlobalObjectCount):
              (JSC::Heap::protectedObjectCount):
              (JSC::Heap::protectedObjectTypeCounts):
              (JSC::Heap::objectTypeCounts):
              (JSC::Heap::resetAllocator):
              (JSC::Heap::freeBlocks):
              (JSC::Heap::shrink): Factored out behavior into the functors above.
      
              * heap/Heap.h:
              (JSC::Heap::forEachProtectedCell):
              (JSC::Heap::forEachCell):
              (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
              functor-based templates instead of plain iterators because they're simpler
              to implement in this case and they require a lot less code at the call site.
      
              * heap/MarkedBlock.h:
              (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
              trivial functors.
      
              (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
              we have a few different kind of "for each" now.
      
              * runtime/JSGlobalData.cpp:
              (WTF::Recompile::operator()):
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
      
              * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88473 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8a23d6ad
    • loislo@chromium.org's avatar
      2011-06-08 Mikołaj Małecki <m.malecki@samsung.com> · 497dc2fa
      loislo@chromium.org authored
              Reviewed by Pavel Feldman.
      
              Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
              https://bugs.webkit.org/show_bug.cgi?id=52791
      
              No new tests. The problem can be reproduced by trying to create InspectorValue
              from 1.0e-100 and call ->toJSONString() on this.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              export 2 functions DecimalNumber::bufferLengthForStringExponential and
              DecimalNumber::toStringExponential.
      
      2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
      
              Reviewed by Pavel Feldman.
      
              Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
              https://bugs.webkit.org/show_bug.cgi?id=52791
      
              No new tests. The problem can be reproduced by trying to create InspectorValue
              from 1.0e-100 and call ->toJSONString() on this.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              export 2 functions DecimalNumber::bufferLengthForStringExponential and
              DecimalNumber::toStringExponential.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88444 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      497dc2fa
  16. 08 Jun, 2011 3 commits
  17. 01 Jun, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-31 Oliver Hunt <oliver@apple.com> · 6f34f97c
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Freezing a function and its prototype causes browser to crash.
              https://bugs.webkit.org/show_bug.cgi?id=61758
      
              Add test to ensure correct behaviour
      
              * fast/js/preventExtensions-expected.txt:
              * fast/js/script-tests/preventExtensions.js:
              (f):
      2011-05-31  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Freezing a function and its prototype causes browser to crash.
              https://bugs.webkit.org/show_bug.cgi?id=61758
      
              Make JSObject::preventExtensions virtual so that we can override it
              and instantiate all lazy
      
              * JavaScriptCore.exp:
              * runtime/JSFunction.cpp:
              (JSC::createPrototypeProperty):
              (JSC::JSFunction::preventExtensions):
              (JSC::JSFunction::getOwnPropertySlot):
              * runtime/JSFunction.h:
              * runtime/JSObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::seal):
              (JSC::JSObject::seal):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6f34f97c
  18. 29 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-29 Geoffrey Garen <ggaren@apple.com> · 58c6e459
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              Some heap refactoring
              https://bugs.webkit.org/show_bug.cgi?id=61704
              
              SunSpider says no change.
      
              * JavaScriptCore.exp: Export!
      
              * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
      
              (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
      
              (JSC::Heap::allocate): Changed inline allocation code to only select the
              size class, since this can be optimized out at compile time -- everything
              else is now inlined into this out-of-line function.
              
              No need to duplicate ASSERTs made in our caller.
      
              * heap/Heap.h:
              (JSC::Heap::heap):
              (JSC::Heap::isMarked):
              (JSC::Heap::testAndSetMarked):
              (JSC::Heap::testAndClearMarked):
              (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
              a layer of indirection through MarkedSpace.
      
              (JSC::Heap::allocate): See above.
      
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::create):
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
      
              * heap/MarkedSpace.cpp:
              (JSC::MarkedSpace::MarkedSpace):
              (JSC::MarkedSpace::allocateBlock):
              * heap/MarkedSpace.h:
              (JSC::MarkedSpace::allocate): Updated to match changes above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      58c6e459
  19. 26 May, 2011 1 commit
  20. 25 May, 2011 3 commits
    • oliver@apple.com's avatar
      2011-05-25 Oliver Hunt <oliver@apple.com> · 5652af77
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make RegExp GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=61490
      
              Make RegExp GC allocated.  Basically mechanical change to replace
              most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
              where actual ownership happens.
      
              Made the RegExpCache use Strong<> references currently to avoid any
              changes in behaviour.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::visitAggregate):
              * bytecode/CodeBlock.h:
              (JSC::CodeBlock::addRegExp):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::addRegExp):
              (JSC::BytecodeGenerator::emitNewRegExp):
              * bytecompiler/BytecodeGenerator.h:
              * runtime/JSCell.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::clearBuiltinStructures):
              (JSC::JSGlobalData::addRegExpToTrace):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/RegExp.cpp:
              (JSC::RegExp::RegExp):
              (JSC::RegExp::create):
              (JSC::RegExp::invalidateCode):
              * runtime/RegExp.h:
              (JSC::RegExp::createStructure):
              * runtime/RegExpCache.cpp:
              (JSC::RegExpCache::lookupOrCreate):
              (JSC::RegExpCache::create):
              * runtime/RegExpCache.h:
              * runtime/RegExpConstructor.cpp:
              (JSC::constructRegExp):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::RegExpObject):
              (JSC::RegExpObject::visitChildren):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::setRegExp):
              (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              (JSC::regExpProtoFuncCompile):
              * runtime/RegExpPrototype.h:
              * runtime/StringPrototype.cpp:
              (JSC::stringProtoFuncMatch):
              (JSC::stringProtoFuncSearch):
      2011-05-25  James Robinson  <jamesr@chromium.org>
      
              Reviewed by Geoffrey Garen
      
              CachedResource overhead size calculation ignores the actual size of the URL
              https://bugs.webkit.org/show_bug.cgi?id=61481
      
              CachedResource::overheadSize is used to determine the size of an entry in the memory cache to know when to evict
              it.  When the resource is a large data: URL, for example representing image or audio data, the URL size itself
              can be significant.
      
              This patch uses an estimate of actual number of bytes used by the URL that is valid for ASCII urls and close for
              other types of strings instead of a fixed number.
      
              * loader/cache/CachedResource.cpp:
              (WebCore::CachedResource::overheadSize):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87346 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5652af77
    • oliver@apple.com's avatar
      6e00d03d
    • oliver@apple.com's avatar
      2011-05-25 Oliver Hunt <oliver@apple.com> · 4872d097
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make RegExp GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=61490
      
              Make RegExp GC allocated.  Basically mechanical change to replace
              most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
              where actual ownership happens.
      
              Made the RegExpCache use Strong<> references currently to avoid any
              changes in behaviour.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::visitAggregate):
              * bytecode/CodeBlock.h:
              (JSC::CodeBlock::addRegExp):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::addRegExp):
              (JSC::BytecodeGenerator::emitNewRegExp):
              * bytecompiler/BytecodeGenerator.h:
              * runtime/JSCell.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::clearBuiltinStructures):
              (JSC::JSGlobalData::addRegExpToTrace):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/RegExp.cpp:
              (JSC::RegExp::RegExp):
              (JSC::RegExp::create):
              (JSC::RegExp::invalidateCode):
              * runtime/RegExp.h:
              (JSC::RegExp::createStructure):
              * runtime/RegExpCache.cpp:
              (JSC::RegExpCache::lookupOrCreate):
              (JSC::RegExpCache::create):
              * runtime/RegExpCache.h:
              * runtime/RegExpConstructor.cpp:
              (JSC::constructRegExp):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::RegExpObject):
              (JSC::RegExpObject::visitChildren):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::setRegExp):
              (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              (JSC::regExpProtoFuncCompile):
              * runtime/RegExpPrototype.h:
              * runtime/StringPrototype.cpp:
              (JSC::stringProtoFuncMatch):
              (JSC::stringProtoFuncSearch):
      2011-05-25  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make RegExp GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=61490
      
              RegExp is GC'd so we don't need the RefPtr shenanigans anymore.
      
              * bindings/js/SerializedScriptValue.cpp:
              (WebCore::CloneDeserializer::readTerminal):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87343 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4872d097
  21. 24 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-24 Geoffrey Garen <ggaren@apple.com> · 726ad6bd
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Let's just have one way to get the system page size, bokay?
              https://bugs.webkit.org/show_bug.cgi?id=61384
      
              * CMakeListsEfl.txt:
              * CMakeListsWinCE.txt:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
              is gone completely now, since it only existed to provide a duplicate way
              to access the system page size.
      
              * heap/MarkStack.cpp:
              (JSC::MarkStack::reset):
              * heap/MarkStack.h:
              (JSC::::MarkStackArray):
              (JSC::::shrinkAllocation): Use WTF::pageSize.
      
              * heap/MarkStackPosix.cpp:
              * heap/MarkStackSymbian.cpp:
              * heap/MarkStackWin.cpp: Removed now-empty files.
      
              * jit/ExecutableAllocator.cpp:
              (JSC::ExecutableAllocator::reprotectRegion):
              * jit/ExecutableAllocator.h:
              (JSC::ExecutableAllocator::ExecutableAllocator):
              (JSC::ExecutablePool::ExecutablePool):
              (JSC::ExecutablePool::poolAllocate):
              * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
      
              * wscript: Removed now-empty files.
      
              * wtf/PageBlock.cpp:
              (WTF::systemPageSize): Integrated questionable Symbian page size rule
              from ExecutableAllocator, because that seems like what the original
              author should have done.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87198 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      726ad6bd
  22. 19 May, 2011 2 commits
    • oliver@apple.com's avatar
      2011-05-19 Oliver Hunt <oliver@apple.com> · a3b44328
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Add guard pages to each end of the memory region used by the fixedvm allocator
              https://bugs.webkit.org/show_bug.cgi?id=61150
      
              Add mechanism to notify the OSAllocator that pages at either end of an
              allocation should be considered guard pages.  Update PageReservation,
              PageAllocation, etc to handle this.
      
              * JavaScriptCore.exp:
              * jit/ExecutableAllocatorFixedVMPool.cpp:
              (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
              * wtf/OSAllocator.h:
              * wtf/OSAllocatorPosix.cpp:
              (WTF::OSAllocator::reserveUncommitted):
              (WTF::OSAllocator::reserveAndCommit):
              * wtf/PageAllocation.h:
              (WTF::PageAllocation::PageAllocation):
              * wtf/PageAllocationAligned.h:
              (WTF::PageAllocationAligned::PageAllocationAligned):
              * wtf/PageBlock.h:
              (WTF::PageBlock::PageBlock):
              * wtf/PageReservation.h:
              (WTF::PageReservation::reserve):
              (WTF::PageReservation::reserveWithGuardPages):
                  Add a new function to make a reservation that will add guard
                  pages to the ends of an allocation.
              (WTF::PageReservation::PageReservation):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a3b44328
    • yurys@chromium.org's avatar
      2011-05-18 Yury Semikhatsky <yurys@chromium.org> · aa17fdc4
      yurys@chromium.org authored
              Reviewed by Pavel Feldman.
      
              InjectedScriptSource.js - "Don't be eval()."
              https://bugs.webkit.org/show_bug.cgi?id=60800
      
              * inspector/console/console-eval-blocked-expected.txt: Added.
              * inspector/console/console-eval-blocked.html: Added.
      2011-05-18  Yury Semikhatsky  <yurys@chromium.org>
      
              Reviewed by Pavel Feldman.
      
              InjectedScriptSource.js - "Don't be eval()."
              https://bugs.webkit.org/show_bug.cgi?id=60800
      
              Thanks to Adam Barth for providing JSC implementation!
      
              InjectedScriptHost.evaluate is used to perform script evaluations for
              inspector needs. This method is not affected by CSP and should fix inspector
              on pages with CSP restrictions.
      
              Test: inspector/console/console-eval-blocked.html
      
              * bindings/js/JSInjectedScriptHostCustom.cpp:
              (WebCore::JSInjectedScriptHost::evaluate):
              * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
              (WebCore::V8InjectedScriptHost::evaluateCallback):
              (WebCore::V8InjectedScriptHost::inspectedNodeCallback):
              * inspector/InjectedScriptHost.idl:
              * inspector/InjectedScriptSource.js:
              (.):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aa17fdc4
  23. 17 May, 2011 2 commits
    • ggaren@apple.com's avatar
      Source/JavaScriptCore: Rolling back in r86653 with build fixed. · 19fe5092
      ggaren@apple.com authored
      Reviewed by Gavin Barraclough and Oliver Hunt.
      
      Global object initialization is expensive
      https://bugs.webkit.org/show_bug.cgi?id=60933
              
      Changed a bunch of globals to allocate their properties lazily, and changed
      the global object to allocate a bunch of its globals lazily.
              
      This reduces the footprint of a global object from 287 objects with 58
      functions for 24K to 173 objects with 20 functions for 15K.
      
      Large patch, but it's all mechanical.
      
      * DerivedSources.make:
      * JavaScriptCore.exp: Build!
      
      * create_hash_table: Added a special case for fromCharCode, since it uses
      a custom "thunk generator".
      
      * heap/Heap.cpp:
      (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
      overcount objects that were owned through more than one mechanism because
      it was getting in the way of counting the results for this patch.
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectPrototypeTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable): Added new tables.
      
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::ArrayConstructor):
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::DateConstructor):
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure): Standardized these objects
      to use static tables for function properties.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h: Added new tables.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
      static table for its global functions. This required uninlining some
      things to avoid a circular header dependency. However, those things
      probably shouldn't have been inlined in the first place.
              
      Even more global object properties can be made lazy, but that requires
      more in-depth changes.
      
      * runtime/MathObject.cpp:
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::RegExpPrototype):
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::StringConstructor):
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure): Standardized these objects
      to use static tables for function properties.
      
      LayoutTests: Global object initialization is expensive
      https://bugs.webkit.org/show_bug.cgi?id=60933
              
      Reviewed by Gavin Barraclough.
      
      Added a few more expected failures, now that more code uses static hash
      tables.
              
      The fact that built-ins are not deletable, but should be, is covered by
      https://bugs.webkit.org/show_bug.cgi?id=61014
      
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.2/S15.6.2.1_A4-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.3/15.6.3.1_Boolean.prototype/S15.6.3.1_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.6_Boolean/15.6.4/S15.6.4_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.2/S15.7.2.1_A4-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.3/15.7.3.1_Number.prototype/S15.7.3.1_A2_T1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.7_Number/15.7.4/S15.7.4_A1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.2_Date.parse/S15.9.4.2_A1_T2-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.3_Date.UTC/S15.9.4.3_A1_T2-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86727 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19fe5092
    • commit-queue@webkit.org's avatar
      2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com> · 5a39502a
      commit-queue@webkit.org authored
              Unreviewed, rolling out r86653.
              http://trac.webkit.org/changeset/86653
              https://bugs.webkit.org/show_bug.cgi?id=60944
      
              "Caused regressions on Windows, OSX and EFL" (Requested by
              yutak on #webkit).
      
              * DerivedSources.make:
              * DerivedSources.pro:
              * GNUmakefile.am:
              * GNUmakefile.list.am:
              * JavaScriptCore.exp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * create_hash_table:
              * heap/Heap.cpp:
              (JSC::TypeCounter::operator()):
              * interpreter/CallFrame.h:
              (JSC::ExecState::arrayTable):
              (JSC::ExecState::numberTable):
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              * runtime/ArrayConstructor.h:
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::getOwnPropertySlot):
              (JSC::ArrayPrototype::getOwnPropertyDescriptor):
              * runtime/ArrayPrototype.h:
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              * runtime/BooleanPrototype.h:
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              * runtime/DateConstructor.h:
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              * runtime/ErrorPrototype.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::~JSGlobalData):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::addStaticGlobals):
              (JSC::JSGlobalObject::getOwnPropertySlot):
              (JSC::JSGlobalObject::getOwnPropertyDescriptor):
              * runtime/JSGlobalObjectFunctions.cpp:
              (JSC::globalFuncJSCPrint):
              * runtime/JSGlobalObjectFunctions.h:
              * runtime/MathObject.cpp:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::getOwnPropertySlot):
              (JSC::NumberConstructor::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              * runtime/NumberPrototype.h:
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              (JSC::ObjectPrototype::put):
              (JSC::ObjectPrototype::getOwnPropertySlot):
              * runtime/ObjectPrototype.h:
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              * runtime/RegExpPrototype.h:
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              * runtime/StringConstructor.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86657 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5a39502a
  24. 16 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-16 Geoffrey Garen <ggaren@apple.com> · 836c5d91
      ggaren@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Global object initialization is expensive
              https://bugs.webkit.org/show_bug.cgi?id=60933
              
              Changed a bunch of globals to allocate their properties lazily, and changed
              the global object to allocate a bunch of its globals lazily.
              
              This reduces the footprint of a global object from 287 objects with 58
              functions for 24K to 173 objects with 20 functions for 15K.
      
              Large patch, but it's all mechanical.
      
              * DerivedSources.make:
              * JavaScriptCore.exp: Build!
      
              * create_hash_table: Added a special case for fromCharCode, since it uses
              a custom "thunk generator".
      
              * heap/Heap.cpp:
              (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
              overcount objects that were owned through more than one mechanism because
              it was getting in the way of counting the results for this patch.
      
              * interpreter/CallFrame.h:
              (JSC::ExecState::arrayConstructorTable):
              (JSC::ExecState::arrayPrototypeTable):
              (JSC::ExecState::booleanPrototypeTable):
              (JSC::ExecState::dateConstructorTable):
              (JSC::ExecState::errorPrototypeTable):
              (JSC::ExecState::globalObjectTable):
              (JSC::ExecState::numberConstructorTable):
              (JSC::ExecState::numberPrototypeTable):
              (JSC::ExecState::objectPrototypeTable):
              (JSC::ExecState::regExpPrototypeTable):
              (JSC::ExecState::stringConstructorTable): Added new tables.
      
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              (JSC::ArrayConstructor::getOwnPropertySlot):
              (JSC::ArrayConstructor::getOwnPropertyDescriptor):
              * runtime/ArrayConstructor.h:
              (JSC::ArrayConstructor::createStructure):
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::getOwnPropertySlot):
              (JSC::ArrayPrototype::getOwnPropertyDescriptor):
              * runtime/ArrayPrototype.h:
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              (JSC::BooleanPrototype::getOwnPropertySlot):
              (JSC::BooleanPrototype::getOwnPropertyDescriptor):
              * runtime/BooleanPrototype.h:
              (JSC::BooleanPrototype::createStructure):
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              (JSC::DateConstructor::getOwnPropertySlot):
              (JSC::DateConstructor::getOwnPropertyDescriptor):
              * runtime/DateConstructor.h:
              (JSC::DateConstructor::createStructure):
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              (JSC::ErrorPrototype::getOwnPropertySlot):
              (JSC::ErrorPrototype::getOwnPropertyDescriptor):
              * runtime/ErrorPrototype.h:
              (JSC::ErrorPrototype::createStructure): Standardized these objects
              to use static tables for function properties.
      
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::~JSGlobalData):
              * runtime/JSGlobalData.h: Added new tables.
      
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              (JSC::JSGlobalObject::addStaticGlobals):
              (JSC::JSGlobalObject::getOwnPropertySlot):
              (JSC::JSGlobalObject::getOwnPropertyDescriptor):
              * runtime/JSGlobalObject.h:
              * runtime/JSGlobalObjectFunctions.cpp:
              * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
              static table for its global functions. This required uninlining some
              things to avoid a circular header dependency. However, those things
              probably shouldn't have been inlined in the first place.
              
              Even more global object properties can be made lazy, but that requires
              more in-depth changes.
      
              * runtime/MathObject.cpp:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::getOwnPropertySlot):
              (JSC::NumberConstructor::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              (JSC::NumberPrototype::getOwnPropertySlot):
              (JSC::NumberPrototype::getOwnPropertyDescriptor):
              * runtime/NumberPrototype.h:
              (JSC::NumberPrototype::createStructure):
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              (JSC::ObjectPrototype::put):
              (JSC::ObjectPrototype::getOwnPropertySlot):
              (JSC::ObjectPrototype::getOwnPropertyDescriptor):
              * runtime/ObjectPrototype.h:
              (JSC::ObjectPrototype::createStructure):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              (JSC::RegExpPrototype::getOwnPropertySlot):
              (JSC::RegExpPrototype::getOwnPropertyDescriptor):
              * runtime/RegExpPrototype.h:
              (JSC::RegExpPrototype::createStructure):
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              (JSC::StringConstructor::getOwnPropertySlot):
              (JSC::StringConstructor::getOwnPropertyDescriptor):
              * runtime/StringConstructor.h:
              (JSC::StringConstructor::createStructure): Standardized these objects
              to use static tables for function properties.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      836c5d91
  25. 14 May, 2011 2 commits
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · 4103716d
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86499 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4103716d
    • ossy@webkit.org's avatar
      Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt. · 8c10d800
      ossy@webkit.org authored
      Make GC validation more aggressive
      https://bugs.webkit.org/show_bug.cgi?id=60802
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedSpace.cpp:
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/Executable.h:
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::createStructure):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::createStructure):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      * runtime/JSArray.cpp:
      (JSC::JSArray::visitChildren):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSCell::JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::visitChildren):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::visitChildren):
      * runtime/JSString.h:
      (JSC::RopeBuilder::createStructure):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::visitChildren):
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::visitChildren):
      * runtime/ScopeChain.h:
      (JSC::ScopeChainNode::ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::createStructure):
      (JSC::JSCell::classInfo):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::get):
      (JSC::WriteBarrierBase::operator*):
      (JSC::WriteBarrierBase::operator->):
      (JSC::WriteBarrier::WriteBarrier):
      * wtf/Assertions.h:
      
      Source/WebCore:
      
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioContextCustom.cpp:
      (WebCore::JSAudioContext::visitChildren):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::visitChildren):
      (WebCore::JSDOMGlobalObject::setInjectedScript):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::visitChildren):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::JSEventListener):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      (WebCore::JSJavaScriptAudioNode::visitChildren):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/scripts/CodeGeneratorJS.pm:
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::invalidate):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::getCallData):
      (WebKit::JSNPObject::getConstructData):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8c10d800
  26. 13 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · d369c8cd
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d369c8cd
  27. 12 May, 2011 1 commit
    • zimmermann@webkit.org's avatar
      2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com> · 6da15387
      zimmermann@webkit.org authored
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator.
              Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
              object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
              N strings using operator+, this leads to N-1 reallocations.
      
              Replace this with a flexible operator+ implementation, that avoids these reallocations.
              When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
              a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
              creation of the final string, until operator String() is invoked.
      
              template<typename T>
              StringAppend<String, T> operator+(const String& string1, T string2)
              {
                  return StringAppend<String, T>(string1, string2);
              }
      
              template<typename U, typename V, typename W>
              StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
              {
                  return StringAppend<U, StringAppend<V, W> >(string1, string2);
              }
      
              When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
              first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
              Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
              a StringAppend<String, StringAppend<String, String> > object.
              Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
              final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
              against too big string allocations, etc.
      
              Note that the second template, defines a recursive way to concat an arbitary number of strings
              into a single String with just one allocation.
      
              * GNUmakefile.list.am: Add StringOperators.h to build.
              * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
              * JavaScriptCore.gypi: Add StringOperators.h to build.
              * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
              * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
              * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
              * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
              * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
              (WTF::StringAppend::StringAppend):
              (WTF::StringAppend::operator String):
              (WTF::StringAppend::operator AtomicString):
              (WTF::StringAppend::writeTo):
              (WTF::StringAppend::length):
              (WTF::operator+):
              * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). 
              (WTF::emptyString): Add new shared empty string free function.
              * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessary when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * dom/XMLDocumentParserLibxml2.cpp:
              (WebCore::handleElementAttributes):
              * editing/MarkupAccumulator.cpp:
              (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
              * html/HTMLAnchorElement.cpp:
              (WebCore::HTMLAnchorElement::hash):
              (WebCore::HTMLAnchorElement::search):
              * html/ImageInputType.cpp:
              (WebCore::ImageInputType::appendFormData):
              * html/parser/HTMLTreeBuilder.cpp:
              * loader/CrossOriginAccessControl.cpp:
              (WebCore::passesAccessControlCheck):
              * page/Location.cpp:
              (WebCore::Location::search):
              (WebCore::Location::hash):
              * page/NavigatorBase.cpp:
              (WebCore::NavigatorBase::platform):
              * platform/chromium/ClipboardChromium.cpp:
              (WebCore::writeImageToDataObject):
              * platform/gtk/PasteboardHelper.cpp:
              (WebCore::PasteboardHelper::fillSelectionData):
              * platform/network/cf/ResourceHandleCFNet.cpp:
              (WebCore::encodeBasicAuthorization):
              * platform/network/cf/SocketStreamHandleCFNet.cpp:
              (WebCore::SocketStreamHandle::copyCFStreamDescription):
              * platform/network/mac/ResourceHandleMac.mm:
              (WebCore::encodeBasicAuthorization):
              * workers/WorkerLocation.cpp:
              (WebCore::WorkerLocation::search):
              (WebCore::WorkerLocation::hash):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * src/WebAccessibilityObject.cpp:
              (WebKit::WebAccessibilityObject::keyboardShortcut): Cast to String first, before trying to convert to platform dependant type.
              * src/WebHTTPLoadInfo.cpp:
              (WebKit::addHeader): Don't pass WebString to makeString, explicit cast to String first.
              * tests/IDBLevelDBCodingTest.cpp: Cast to String first, to avoid conflicting with gtests global templatified operator+.
              (IDBLevelDBCoding::TEST):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * WebView/WebFrame.mm: Explicitely cast to Strings first, so operator NSString*() can be invoked.
              (-[WebFrame _stringWithDocumentTypeStringAndMarkupString:]):
      
      2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
      
              Reviewed by Darin Adler.
      
              String operator+ reallocates unnecessarily when concatting > 2 strings
              https://bugs.webkit.org/show_bug.cgi?id=58420
      
              Provide a faster String append operator. See Source/JavaScriptCore/ChangeLog for details.
      
              * AccessibleBase.cpp:
              (AccessibleBase::get_accKeyboardShortcut): Explicitely cast to Strings first, so operator BString() can be invoked.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86330 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6da15387
  28. 11 May, 2011 1 commit
  29. 09 May, 2011 1 commit
    • abarth@webkit.org's avatar
      2011-05-09 Adam Barth <abarth@webkit.org> · 19733325
      abarth@webkit.org authored
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              Test that the function constructor is properly blocked.
      
              * http/tests/security/contentSecurityPolicy/function-constructor-allowed-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-allowed.html: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-blocked-expected.txt: Added.
              * http/tests/security/contentSecurityPolicy/function-constructor-blocked.html: Added.
              * platform/chromium/test_expectations.txt:
      2011-05-09  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              When eval is disabled, we need to block the use of the function
              constructor.  However, the WebCore JSC bindings call the function
              constructor directly to create inline event listeners.  To support that
              use, this patch adds an entrypoint that bypasses the check for whether
              eval is enabled.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * runtime/FunctionConstructor.cpp:
              (JSC::constructFunction):
              (JSC::constructFunctionSkippingEvalEnabledCheck):
              * runtime/FunctionConstructor.h:
      2011-05-09  Adam Barth  <abarth@webkit.org>
      
              Reviewed by Eric Seidel.
      
              CSP should block Function constructor
              https://bugs.webkit.org/show_bug.cgi?id=60240
      
              Tests: http/tests/security/contentSecurityPolicy/function-constructor-allowed.html
                     http/tests/security/contentSecurityPolicy/function-constructor-blocked.html
      
              * bindings/js/JSLazyEventListener.cpp:
              (WebCore::JSLazyEventListener::initializeJSFunction):
                  - Update call site to the new entrypoint.
              * bindings/v8/V8LazyEventListener.cpp:
              (WebCore::V8LazyEventListener::prepareListenerObject):
                  - Add some comments about the rediculousness of this implementation.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86100 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      19733325