1. 11 Nov, 2007 1 commit
    • darin@apple.com's avatar
      JavaScriptCore: · ee752e7d
      darin@apple.com authored
              Reviewed by Sam.
              - http://bugs.webkit.org/show_bug.cgi?id=15924
                next round of changes to JSRegExp (formerly PCRE)
              This is a combination of converting to C++, tweaking the API, and adding
              some additional optimizations.
              Future steps will involve getting rid of the use of UTF-8 completely
              (we'll use UTF-16 exclusively instead), eliminating more source files,
              and some more speed-ups.
              SunSpider says the current round is an 0.9% speed-up overall, and a
              5.3% speed-up for regexp.
              * JavaScriptCore.exp: Updated for new entry points.
              * JavaScriptCore.pri:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
              * JavaScriptCore.vcproj/dftables/dftables.vcproj:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * JavaScriptCoreSources.bkl:
              * jscore.bkl:
              Updated for new source file names and ForwardingHeaders.
              * kjs/regexp.cpp:
              (KJS::RegExp::RegExp): Changed to use the error message without calling
              strdup on it and to pass the new types and options.
              (KJS::RegExp::~RegExp): Removed the now-unneeded free of the error message.
              (KJS::RegExp::match): Pass the new types and options.
              * kjs/regexp.h: Update type of m_constructionError.
              * pcre/AUTHORS: Update to reflect the status of the project -- we don't include
              the Google parts, and this isn't the PCRE library, per se.
              * pcre/COPYING: Ditto.
              * pcre/dftables.cpp: Copied from JavaScriptCore/pcre/dftables.c.
              (main): Removed unneeded ctype_digit.
              * pcre/pcre.h: Convert to C++, tweak API a bit. Use UChar instead of JSRegExpChar.
              * pcre/pcre_compile.cpp: Copied from JavaScriptCore/pcre/pcre_compile.c.
              Moved a lot of private stuff used only within this file here from pcre_internal.h.
              Renumbered the error codes.
              (error_text): Use a single string with embedded nulls for the error text (I got
              this idea from newer versions of PCRE).
              (check_escape): Changed return type to be enum instead of int. Replaced ctype_digit
              uses with isASCIIDigit.
              (is_counted_repeat): Ditto.
              (read_repeat_counts): Ditto.
              (first_significant_code): Ditto.
              (find_fixedlength): Ditto.
              (could_be_empty_branch): Ditto.
              (compile_branch): Ditto. Also removed some code that handles changing options.
              JavaScript doesn't have any of the features that allow options to change.
              (compile_regex): Updated for change to options parameter.
              (is_anchored): Ditto.
              (find_firstassertedchar): Ditto.
              (jsRegExpCompile): Changed to take separate flags instead of an options int.
              Also changed to call new/delete instead of pcre_malloc/free.
              (jsRegExpFree): Ditto.
              * pcre/pcre_exec.cpp: Copied from JavaScriptCore/pcre/pcre_exec.c.
              Added a case that uses computed goto for the opcode loop, but did not turn it on.
              Changed the RMATCH macro to handle returns more efficiently by putting the where
              pointer in the new frame instead of the old one, allowing us to branch to the
              return with a single statement. Switched to new/delete from pcre_malloc/free.
              Changed many RRETURN callers to not set the return value since it's already
              set correctly. Replaced the rrc variable with an is_match variable. Values other
              than "match" and "no match" are now handled differently. This allows us to remove
              the code to check for those cases in various rules.
              (match): All the case statements use a macro BEGIN_OPCODE instead. And all the
              continue statements, or break statements that break out of the outer case use
              a macro NEXT_OPCODE instead. Replaced a few if statements with assertions.
              (jsRegExpExecute): Use new/delete instead of pcre_malloc/free. Removed unused
              start_match field from the match block.
              * pcre/pcre_internal.h: Moved the last few configuration macros from pcre-config.h
              in here. Removed various unused types. Converted from JSRegExpChar to UChar.
              Eliminated pcre_malloc/free. Replaced the opcode enum with a macro that can be
              used in multiple places. Unfortunately we lose the comments for each opcode; we
              should find a place to put those back. Removed ctype_digit.
              * pcre/pcre_maketables.cpp: Copied from JavaScriptCore/pcre/pcre_maketables.c.
              (pcre_maketables): Got rid of the conditional code that allows this to be compiled
              in -- it's only used for dftables now (and soon may be obsolete entirely).
              Changed code for cbit_digit to not use isdigit, and took the "_" case out of the
              loop. Removed ctype_digit.
              * pcre/pcre_ord2utf8.cpp: Copied from JavaScriptCore/pcre/pcre_ord2utf8.c.
              * pcre/pcre_tables.cpp: Copied from JavaScriptCore/pcre/pcre_tables.c.
              Moved _pcre_OP_lengths out of here into pcre_exec.cpp.
              * pcre/pcre_ucp_searchfuncs.cpp: Copied from JavaScriptCore/pcre/pcre_ucp_searchfuncs.c.
              Updated for other file name changes.
              * pcre/pcre_xclass.cpp: Copied from JavaScriptCore/pcre/pcre_xclass.c.
              * pcre/ucpinternal.h: Updated header.
              * pcre/ucptable.cpp: Copied from JavaScriptCore/pcre/ucptable.c.
              * wtf/ASCIICType.h: (WTF::isASCIIDigit): Removed a branch by changing from && to
              & for this operation. Also added an overload that takes an int because that's
              useful for PCRE. Later we could optimize for int and overload other functions in
              this file; stuck to this simple one for now.
              * wtf/unicode/icu/UnicodeIcu.h: Removed unused isUpper.
              * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
              * pcre/LICENCE: Removed.
              * pcre/pcre-config.h: Removed.
              * wtf/FastMallocPCRE.cpp: Removed.
              * pcre/dftables.c: Renamed to cpp.
              * pcre/pcre_compile.c: Ditto.
              * pcre/pcre_exec.c: Ditto.
              * pcre/pcre_maketables.c: Ditto.
              * pcre/pcre_ord2utf8.c: Ditto.
              * pcre/pcre_tables.c: Ditto.
              * pcre/pcre_ucp_searchfuncs.c: Ditto.
              * pcre/pcre_xclass.c: Ditto.
              * pcre/ucptable.c: Ditto.
              Reviewed by Sam.
              - updated for JSRegExp function changes
              * platform/RegularExpression.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27686 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  2. 05 Nov, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · 879ab75a
      ggaren authored
              Reviewed by Darin Adler.
              Switched List implementation from a custom heap allocator to an inline
              Vector, for a disappointing .5% SunSpider speedup.
              Also renamed List::slice to List::getSlice because "get" is the 
              conventional prefix for functions returning a value through an out 
              * kjs/array_object.cpp:
              (KJS::ArrayProtoFunc::callAsFunction): Removed some redundant function
              calls and memory accesses.
              * kjs/bool_object.cpp:
              (BooleanObjectImp::construct): Removed questionable use of iterator.
              * kjs/list.cpp:
              * kjs/list.h: New List class, implemented in terms of Vector. Two 
              interesting differences:
                  1. The inline capacity is 8, not 5. Many of the Lists constructed 
                  during a SunSpider run are larger than 5; almost none are larger
                  than 8.
                  2. The growth factor is 4, not 2. Since we can guarantee that Lists
                  aren't long-lived, we can grow them more aggressively, to avoid
                  excessive copying.
              * kjs/regexp_object.cpp:
              (RegExpObjectImp::construct): Removed redundant function calls.
              * kjs/string_object.cpp:
              (KJS::StringObjectImp::construct): Removed questionable use of iterator.
              * wtf/Vector.h:
              (WTF::::uncheckedAppend): Added a fast, unchecked version of append.
              Reviewed by Darin Adler.
              Small adaptations to new KJS::List class.
              * bindings/js/kjs_window.cpp:
              Reviewed by Darin Adler.
              Small adaptations to new KJS::List class.
              * ForwardingHeaders/kjs/value.h: Added.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27448 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  3. 03 Nov, 2007 1 commit
    • darin@apple.com's avatar
      JavaScriptCore: · a7c3b87f
      darin@apple.com authored
              Reviewed by Maciej.
              - http://bugs.webkit.org/show_bug.cgi?id=15821
                remove unused PCRE features for speed
              A first step toward removing the PCRE features we don't use.
              This gives a 0.8% speedup on SunSpider, and a 6.5% speedup on
              the SunSpider regular expression test.
              Replaced the public interface with one that doesn't use the
              name PCRE. Removed code we don't need for JavaScript and various
              configurations we don't use. This is in preparation for still
              more changes in the future. We'll probably switch to C++ and
              make some even more significant changes to the regexp engine
              to get some additional speed.
              There's probably additional unused stuff that I haven't
              deleted yet.
              This does mean that our PCRE is now a fork, but I think that's
              not really a big deal.
              * JavaScriptCore.exp: Remove the 5 old entry points and add
              the 3 new entry points for WebCore's direct use of the regular
              expression engine.
              * kjs/config.h: Remove the USE(PCRE16) define. I decided to flip
              its sense and now there's a USE(POSIX_REGEX) instead, which should
              probably not be set by anyone. Maybe later we'll just get rid of it
              * kjs/regexp.h:
              * kjs/regexp.cpp:
              (KJS::RegExp::RegExp): Switch to new jsRegExp function names and
              defines. Cut down on the number of functions used.
              (KJS::RegExp::~RegExp): Ditto.
              (KJS::RegExp::match): Ditto.
              * pcre/dftables.c: (main): Get rid of ctype_letter and ctype_meta,
              which are unused.
              * pcre/pcre-config.h: Get rid of EBCIDIC, PCRE_DATA_SCOPE, const,
              and JAVASCRIPT. These are all no longer configurable in our copy
              of the library.
              * pcre/pcre.h: Remove the macro-based kjs prefix hack, the PCRE
              version macros, PCRE_UTF16, the code to set up PCRE_DATA_SCOPE,
              the include of <stdlib.h>, and most of the constants and
              functions defined in this header. Changed the naming scheme to
              use a JSRegExp prefix rather than a pcre prefix. In the future,
              we'll probably change this to be a C++ header.
              * pcre/pcre_compile.c: Removed all unused code branches,
              including many whole functions and various byte codes.
              Kept changes outside of removal to a minimum.
              (jsRegExpCompile): Renamed from pcre_compile2 and changed the
              parameters around a bit.
              (jsRegExpFree): Added.
              * pcre/pcre_exec.c: Removed many unused opcodes and variables.
              Also started tearing down the NO_RECURSE mechanism since it's
              now the default. In some cases there were things in the explicit
              frame that could be turned into plain old local variables and
              other small like optimizations.
              (match): Changed parameters quite a bit since it's now not used
              (jsRegExpExecute): Renamed from pcre_exec.
              * pcre/pcre_internal.h: Get rid of PCRE_DEFINITION, PCRE_SPTR,
              PUBLIC_STUDY_OPTIONS, MAGIC_NUMBER, 16 of the opcodes,
              _pcre_utt, _pcre_utt_size, _pcre_try_flipped, _pcre_ucp_findprop,
              and _pcre_valid_utf8. Also moved pcre_malloc and pcre_free here.
              * pcre/pcre_maketables.c: Changed to only compile in dftables.
              Also got rid of many of the tables that we don't use.
              * pcre/pcre_tables.c: Removed the unused Unicode property tables.
              * pcre/pcre_ucp_searchfuncs.c: Removed everything except for
              * pcre/pcre_xclass.c: (_pcre_xclass): Removed uneeded support
              for classes based on Unicode properties.
              * wtf/FastMallocPCRE.cpp: Removed unused bits. It would be good
              to eliminate this completely, but we need the regular expression
              code to be C++ first.
              * pcre/pcre_fullinfo.c:
              * pcre/pcre_get.c:
              * pcre/ucp.h:
              Files that are no longer needed. I didn't remove them with this
              check-in, because I didn't want to modify all the project files.
              Reviewed by Maciej.
              - WebCore part of http://bugs.webkit.org/show_bug.cgi?id=15821
                remove unused PCRE features for speed
              * page/Frame.cpp: (WebCore::Frame::matchLabelsAgainstElement):
              * page/mac/FrameMac.mm: (WebCore::Frame::matchLabelsAgainstElement):
              Remove use of "[[:digit:]]" syntax. This hasn't worked for some time.
              Use "\d" instead.
              * platform/RegularExpression.h: Remove the unused cap function. We can
              add it back later if we find we need it.
              * platform/RegularExpression.cpp:
              (WebCore::RegularExpression::Private::compile): Update for JavaScriptCore
              regular expression entry point changes.
              (WebCore::RegularExpression::Private::~Private): Ditto.
              (WebCore::RegularExpression::match): Remove the code to set PCRE_NOTBOL.
              This means that regular expressions with metacharactesr like ^ in them
              won't work any more with non-whole-string searches, but we don't use
              any regular expressions like that.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27419 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  4. 01 Nov, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · f6701b3f
      ggaren authored
              Reviewed by Maciej Stachowiak.
              In preparation for making List a simple stack-allocated Vector:
              Removed all instances of List copying and/or assignment, and made List 
              inherit from Noncopyable.
              Functions that used to return a List by copy now take List& out 
              Layout tests and JS tests pass.
              * kjs/list.cpp:
              (KJS::List::slice): Replaced copyTail with a more generic slice 
              alternative. (JavaScriptCore only calls slice(1), but WebCore calls 
              Reviewed by Maciej Stachowiak.
              In preparation for making List a simple stack-allocated Vector:
              Removed all instances of List copying, assignment, and/or storage.
              Layout tests and JS tests pass.
              * bindings/js/kjs_window.cpp:
              (KJS::WindowFunc::callAsFunction): Stores a Vector of protected 
              JSValue*'s instead of a List now. Converts to List on the fly when 
              calling the timer function. This is slightly less efficient, but the 
              common case is 0-2 arguments, so it's no biggie.
              (HTML iBench shows no regression. PLT does not use JS timers.)
              (KJS::ScheduledAction::execute): Uses the more efficient and non-copying
              List::slice now.
              (KJS::ScheduledAction::ScheduledAction): ditto
              * bindings/objc/WebScriptObject.mm:
              (getListFromNSArray): Takes a List out parameter now, to avoid copying.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27373 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  5. 29 Oct, 2007 1 commit
  6. 25 Oct, 2007 2 commits
    • mjs's avatar
      Reviewed by Oliver. · df5526f8
      mjs authored
              - fold together toPrimitive() and toNumber() conversions for 0.5% gain on SunSpider
              * kjs/nodes.cpp:
              (KJS::SubNode::evaluate): Subtract directly, since toPrimitive() is not
              adding any value over toNumber() here.
              (KJS::valueForReadModifyAssignment): Ditto.
              (KJS::lessThan): Use new getPrimitiveNumber() method to avoid some virtual calls
              and branches.
              (KJS::lessThanEq): Ditto.
              * JavaScriptCore.exp: Export new functions as needed.
              * kjs/value.h:
              (KJS::JSValue::toPrimitive): Fixed formatting.
              (KJS::JSValue::getPrimitiveNumber): New method - this simultaneously converts
              to number and tells you whether a toPrimitive() conversion with a Number hint
              would have given a string.
              * kjs/internal.cpp:
              (KJS::StringImp::getPrimitiveNumber): Implemented. 
              (KJS::NumberImp::getPrimitiveNumber): ditto
              (KJS::GetterSetterImp::getPrimitiveNumber): ditto
              (KJS::StringImp::toPrimitive): Fixed formatting.
              (KJS::NumberImp::toPrimitive): ditto
              (KJS::GetterSetterImp::toPrimitive): ditto
              * kjs/internal.h:
              * kjs/object.cpp:
              (KJS::JSObject::getPrimitiveNumber): Implemented.
              * kjs/object.h:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27086 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    • eseidel's avatar
      2007-10-24 Eric Seidel <eric@webkit.org> · 5417cd59
      eseidel authored
              Reviewed by Maciej.
              Add a JSGlobalObject class and remove the InterpreterMap
              This required making JSCallbackObject a template class to allow for
              JSGlobalObjects with JSCallbackObject functionality.
              SunSpider claims this was a 0.5% speedup.
              * API/JSCallbackObject.cpp:
              * API/JSCallbackObject.h:
              * API/JSCallbackObjectFunctions.h: Copied from API/JSCallbackObject.cpp.
              * API/JSClassRef.cpp:
              * API/JSContextRef.cpp:
              * API/JSObjectRef.cpp:
              * API/JSValueRef.cpp:
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * bindings/c/c_utility.cpp:
              * bindings/jni/jni_jsobject.cpp:
              * bindings/objc/objc_utility.mm:
              * kjs/Context.cpp:
              * kjs/ExecState.cpp:
              * kjs/JSGlobalObject.h: Added.
              * kjs/array_instance.cpp:
              * kjs/context.h:
              * kjs/function.cpp:
              * kjs/interpreter.cpp:
              * kjs/interpreter.h:
              * kjs/lookup.h:
              * kjs/object.h:
              * kjs/testkjs.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27022 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  7. 24 Oct, 2007 1 commit
    • ggaren's avatar
      Reviewed by Sam Weinig. · 25e3ac16
      ggaren authored
              Inlined the fast path for creating an Identifier from an Identifier. 
              This is a .4% speedup on SunSpider overall, but as big as a 2.5% 
              speedup on certain individual tests. 65% of the Identifiers creating 
              by SunSpider are already Identifiers.
              (The main reason I'm making this change is that it resolves a large
              regression in a patch I haven't checked in yet.)
              * JavaScriptCore.exp:
              * kjs/identifier.cpp:
              * kjs/identifier.h:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@26994 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  8. 23 Oct, 2007 1 commit
    • darin's avatar
      Reviewed by Maciej. · 97f49ffe
      darin authored
              - fix http://bugs.webkit.org/show_bug.cgi?id=15636
                some JavaScriptCore regression tests are failing due to numeric conversion
              This should restore correctness and make speed better too, restoring some
              of the optimization we lost in my last check-in.
              * kjs/JSImmediate.h:
              (KJS::JSImmediate::getTruncatedInt32): Added. Uses the range checking idiom
              I used in my patch yesterday.
              (KJS::JSImmediate::getTruncatedUInt32): Ditto.
              * kjs/internal.h: Removed getInt32 and added getTruncatedInt/UInt32.
              * kjs/internal.cpp:
              (KJS::NumberImp::getUInt32): Changed to always use double, since I can't find
              a way to write this more efficiently for float.
              (KJS::NumberImp::getTruncatedInt32): Added.
              (KJS::NumberImp::getTruncatedUInt32): Added.
              * kjs/value.h: Removed getInt32 and added getTruncatedInt/UInt32.
              (KJS::JSValue::getTruncatedInt32): Added.
              (KJS::JSValue::getTruncatedUInt32): Added.
              (KJS::JSValue::toInt32): Changed getInt32 call to getTruncatedInt32.
              (KJS::JSValue::toUInt32): Changed getUInt32 call to getTruncatedUInt32.
              * kjs/value.cpp:
              (KJS::JSCell::getTruncatedInt32): Added.
              (KJS::JSCell::getTruncatedUInt32): Added.
              (KJS::JSValue::toInteger): Changed getUInt32 call to getTruncatedInt32.
              (KJS::JSValue::toInt32SlowCase): Removed extra getInt32 call I accidentally
              had left in here.
              (KJS::JSValue::toUInt32SlowCase): Ditto.
              (KJS::JSValue::toUInt16): Changed getUInt32 call to getTruncatedUInt32.
              * JavaScriptCore.exp: Updated.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@26912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  9. 22 Oct, 2007 1 commit
    • darin's avatar
      Reviewed by Eric Seidel. · cd4076e3
      darin authored
              - http://bugs.webkit.org/show_bug.cgi?id=15617
                improve speed of integer conversions
              Makes SunSpider 6% faster.
              * kjs/JSImmediate.h: Added toInt32 and toUInt32, with separate versions for
              32-bit and 64-bit.
              * kjs/value.h:
              (KJS::JSValue::getUInt32): Call JSImmediate::toUInt32.
              * kjs/internal.h: Added getInt32.
              * kjs/internal.cpp:
              (KJS::NumberImp::getInt32): Added.
              (KJS::NumberImp::getUInt32): Replaced with more-optimal implementation
              stolen from JSValue.
              * kjs/value.h:
              (KJS::jsNumber): Marked ALWAYS_INLINE, because this wasn't getting
              (KJS::JSValue::getInt32): Added.
              (KJS::JSValue::getUInt32): Changed to call the new JSImmediate::toUInt32
              to avoid converting from float to double.
              (KJS::JSValue::toInt32): Made inline, separated out the slow case.
              (KJS::JSValue::toUInt32): Ditto.
              * kjs/value.cpp:
              (KJS::JSCell::getInt32): Added.
              (KJS::JSValue::toInt32SlowCase): Renamed from toInt32. Changed to use the
              new getInt32. Added a faster case for in-range numbers.
              (KJS::JSValue::toUInt32SlowCase): Ditto.
              (KJS::JSValue::toUInt16): Added a faster case for in-range numbers.
              * JavaScriptCore.exp: Updated for changes.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@26892 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  10. 05 Oct, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · 3917acb0
      ggaren authored
              Reviewed by Sam Weinig.
              Added JSObject::removeDirect, to support the fix for 
              <rdar://problem/5522487> REGRESSION: With JavaScript disabled, any 
              page load causes a crash in PropertyMap::put
              * kjs/object.cpp:
              * kjs/object.h:
              Reviewed by Sam Weinig.
              New fix for <rdar://problem/5522487> REGRESSION: With JavaScript 
              disabled, any page load causes a crash in PropertyMap::put
              Explicitly remove the "document" property from the window. The old 
              solution would leave a stale "document" property around after JavaScript
              was re-enabled.
              The architecture for disabling JavaScript could use some consolidation. 
              It seems wrong that a script proxy even exists when JavaScript is 
              disabled. It also seems wrong that so many individual call sites are 
              responsible for checking whether JavaScript is enabled. I've filed a 
              bug about this: http://bugs.webkit.org/show_bug.cgi?id=15385.
              * bindings/js/kjs_proxy.cpp:
              * bindings/js/kjs_proxy.h:
              * page/Frame.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@26074 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  11. 15 Sep, 2007 1 commit
  12. 03 Aug, 2007 1 commit
    • bdash's avatar
      2007-08-02 Mark Rowe <mrowe@apple.com> · a190b3a2
      bdash authored
              Reviewed by Geoff Garen.
              <rdar://problem/4212199> 'leaks' reports false leaks in WebKit (because the WTF allocator uses mmap?)
              Implement malloc zone introspection routines to allow leaks, heap, and friends to request information
              about specific memory regions that were allocated by FastMalloc or the JavaScriptCore collector.
              This requires tool-side support before the regions will be displayed.  The addition of that support is
              tracked by <rdar://problems/5353057&5353060>.
              * JavaScriptCore.exp: Export the two variables that are used by leaks to introspect the allocators.
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * kjs/AllInOneFile.cpp:
              * kjs/CollectorZone.cpp: Added.
              (KJS::CollectorZone::CollectorZone): Create and register our zone with the system.
              (KJS::CollectorZone::zoneEnumerator): Iterate over the CollectorBlocks that are in use and report them to the caller as being used.
              * kjs/CollectorZone.h: Added.
              (KJS::CollectorZone::zoneObjectSize): Return zero to indicate the specified pointer does not belong to this zone.
              * kjs/collector.cpp:
              (KJS::Collector::registerThread): Register the CollectorZone with the system when the first thread is registered with the collector.
              * wtf/FastMalloc.cpp:
              (WTF::TCMalloc_ThreadCache_FreeList::enumerateFreeObjects): Enumerate the objects on the free list.
              (WTF::TCMalloc_ThreadCache::enumerateFreeObjects): Ditto.
              (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Ditto.
              (WTF::TCMalloc_ThreadCache::InitModule): Register the FastMallocZone with the system when initializing TCMalloc.
              (WTF::FreeObjectFinder::visit): Add an object to the free list.
              (WTF::FreeObjectFinder::findFreeObjects): Find the free objects within a thread cache or free list.
              (WTF::PageMapFreeObjectFinder::PageMapFreeObjectFinder): Find the free objects within a TC_PageMap.
              (WTF::PageMapFreeObjectFinder::visit): Called once per allocated span.  Record whether the span or any subobjects are free.
              (WTF::PageMapMemoryUsageRecorder::visit): Called once per allocated span.  Report the range of memory as being allocated, and the span or
              it's subobjects as being used if they do not appear on the free list.
              (WTF::FastMallocZone::zoneEnumerator): Map the key remote TCMalloc data structures into our address space.  We then locate all free memory ranges
              before reporting the other ranges as being in use.
              (WTF::FastMallocZone::zoneObjectSize): Determine whether the given pointer originates from within our allocation zone.  If so,
              we return its allocation size.
              (WTF::FastMallocZone::FastMallocZone): Create and register our zone with the system.
              * wtf/MallocZoneSupport.h: Added.
              (WTF::RemoteMemoryReader::RemoteMemoryReader): A helper class to ease the process of mapping memory in a different process into
              our local address space
              * wtf/TCPageMap.h:
              (TCMalloc_PageMap2::visit): Walk over the heap and visit each allocated span.
              (TCMalloc_PageMap3::visit): Ditto.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24843 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  13. 25 Jul, 2007 1 commit
    • mjs's avatar
      JavaScriptCore: · 06ed466c
      mjs authored
              Reviewed by Darin.
              - JavaScriptCore part of fix for <rdar://problem/5300291> Optimize GC to reclaim big, temporary objects (like XMLHttpRequest.responseXML) quickly
              Also, as a side effect of optimizations included in this patch:
              - 7% speedup on JavaScript iBench
              - 4% speedup on "Celtic Kane" JS benchmark
              The basic idea is explained in a big comment in collector.cpp. When unusually 
              large objecs are allocated, we push the next GC closer on the assumption that
              most objects are short-lived.
              I also did the following two optimizations in the course of tuning
              this not to be a performance regression:
              1) Change UString::Rep to hold a self-pointer as the baseString in
              the unshared case, instead of a null pointer; this removes a
              number of null checks in hot code because many places already
              wanted to use the rep itself or the baseString as appropriate.
              2) Avoid creating duplicate StringImpls when creating a
              StringInstance (the object wrapper for a JS string) or calling
              their methods. Since a temporary wrapper object is made every time
              a string method is called, this resulted in two useless extra
              StringImpls being allocated for no reason whenever a String method
              was invoked on a string value. Now we bypass those.
              * kjs/collector.cpp:
              (KJS::Collector::recordExtraCost): Basics of the extra cost mechanism.
              (KJS::Collector::allocate): ditto
              (KJS::Collector::collect): ditto
              * kjs/collector.h:
              (KJS::Collector::reportExtraMemoryCost): ditto
              * kjs/array_object.cpp:
              (ArrayInstance::ArrayInstance): record extra cost
              * kjs/internal.cpp:
              (KJS::StringImp::toObject): don't create a whole new StringImpl just
              to be the internal value of a StringInstance! StringImpls are immutable
              so there's no point tot his.
              * kjs/internal.h:
              (KJS::StringImp::StringImp): report extra cost
              * kjs/string_object.cpp:
              (KJS::StringInstance::StringInstance): new version that takes a StringImp
              (KJS::StringProtoFunc::callAsFunction): don't create a whole new StringImpl
              just to convert self to string! we already have one in the internal value
              * kjs/string_object.h: report extra cost        
              * kjs/ustring.cpp: All changes to handle baseString being self instead of null in the 
              unshared case.
              * kjs/ustring.h:
              (KJS::UString::Rep::baseIsSelf): new method, now that baseString is
              self instead of null in the unshared case we can't just null check.
              (KJS::UString::Rep::data): adjusted as mentioned above
              (KJS::UString::cost): new method to compute the cost for a UString, for
              use by StringImpl.
              * kjs/value.cpp:
              (KJS::jsString): style fixups.
              (KJS::jsOwnedString): new method, use this for strings allocated from UStrings
              held by the parse tree. Tracking their cost as part of string cost is pointless,
              because garbage collecting them will not actually free the relevant string buffer.
              * kjs/value.h: prototyped jsOwnedString.
              * kjs/nodes.cpp:
              (StringNode::evaluate): use jsOwnedString as appropriate
              (RegExpNode::evaluate): ditto
              (PropertyNameNode::evaluate): ditto
              (ForInNode::execute): ditto
              * JavaScriptCore.exp: Exported some new symbols.
              Reviewed by Darin.
              - fixed <rdar://problem/5300291> Optimize GC to reclaim big, temporary objects (like XMLHttpRequest.responseXML) quickly
              With this plus related JavaScriptCore changes, a number of XMLHttpRequest situations that
              result in huge data sets are addressed, including a single huge responseXML on an XMR done
              repeatedly, or accessing responseText repeatedly during loading of a single large XHR.
              In addition to the GC changes in JavaScriptCore, I changed responseText to be stored as a
              KJS::UString instead of a WebCore::String so that the JavaScript responseText value can
              share the buffer (indeed multiple intermediate responseTexts can share its buffer).
              First of all, here's some manual test cases that will each blow out the process VM without this fix,
              but will settle into decent steady state with.
              * manual-tests/memory: Added.
              * manual-tests/memory/MessageUidsAlreadyDownloaded2: Added.
              * manual-tests/memory/string-growth.html: Added.
              * manual-tests/memory/xhr-multiple-requests-responseText.html: Added.
              * manual-tests/memory/xhr-multiple-requests-responseXML.html: Added.
              * manual-tests/memory/xhr-multiple-requests.html: Added.
              * manual-tests/memory/xhr-repeated-string-access.xml: Added.
              And here's the actual code changes:
              * WebCore.xcodeproj/project.pbxproj:
              * bindings/js/JSDocumentCustom.cpp:
              (WebCore::toJS): Record extra cost if the document is frameless (counting the nodes
              doesn't make a measurable performance difference here in any case I could find)
              * bindings/js/JSXMLHttpRequest.cpp:
              (KJS::JSXMLHttpRequest::getValueProperty): Adjust for the fact that ressponseText
              is now stored as a UString.
              * bindings/js/kjs_binding.cpp:
              (KJS::jsOwnedStringOrNull): New helper.
              * bindings/js/kjs_binding.h:
              * xml/XMLHttpRequest.cpp:
              (WebCore::XMLHttpRequest::getResponseText): It's a UString!
              (WebCore::XMLHttpRequest::getResponseXML): handle the fact that m_responseText
              is a UString.
              (WebCore::XMLHttpRequest::XMLHttpRequest): ditto.
              (WebCore::XMLHttpRequest::abort): call dropProtection
              (WebCore::XMLHttpRequest::didFinishLoading): call dropProtection
              (WebCore::XMLHttpRequest::dropProtection): after removing our GC protection,
              report extra cost of this XHR's responseText buffer.
              * xml/XMLHttpRequest.h:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24633 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  14. 09 Jul, 2007 1 commit
    • mjs's avatar
      JavaScriptCore: · 4db276af
      mjs authored
              Reviewed by Oliver.
              - JavaScriptCore part of fix for: <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
              * JavaScriptCore.exp: Added needed export.
              Reviewed by Oliver.
              <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
              Automated test case is not possible. Did not bother with manual test this time.
              * bindings/js/kjs_dom.cpp:
              (WebCore::getRuntimeObject): Check that runtime root isn't null, as well as instance;
              this should cover the case where the plugin is already shut down and onunload time.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24106 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  15. 29 Jun, 2007 1 commit
    • weinig's avatar
      JavaScriptCore: · c475562b
      weinig authored
              Reviewed by Darin.
              Second pass at fixing implicit 64-32 bit conversion errors.
              - Add a toFloat() method to JSValue for float conversion.
              * JavaScriptCore.exp:
              * kjs/value.cpp:
              * kjs/value.h:
              Reviewed by Darin.
              Second pass at fixing implicit 64-32 bit conversion errors.
              - Use new JSValue::toFloat() method instead of toNumber() where
              * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
              * bindings/js/JSHTMLSelectElementCustom.cpp:
              * bindings/js/JSSVGMatrixCustom.cpp:
              * bindings/js/kjs_events.cpp:
              * bindings/scripts/CodeGeneratorJS.pm:
              * ksvg2/svg/SVGScriptElement.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@23892 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  16. 13 Jun, 2007 1 commit
    • andersca's avatar
      JavaScriptCore: · 89c5d677
      andersca authored
              Reviewed by Geoff.
              Make sure that bindings instances get correct root objects.
              * JavaScriptCore.exp:
              * bindings/NP_jsobject.cpp:
              * bindings/c/c_instance.cpp:
              * bindings/c/c_runtime.cpp:
              * bindings/c/c_utility.cpp:
              * bindings/c/c_utility.h:
              * bindings/objc/objc_instance.mm:
              * bindings/objc/objc_runtime.mm:
              * bindings/objc/objc_utility.h:
              * bindings/objc/objc_utility.mm:
              * bindings/runtime.h:
              Reviewed by Geoff.
              Pass the root object to methods that end up creating new ObjcInstance objects.
              * bindings/objc/WebScriptObject.mm:
              (-[WebScriptObject callWebScriptMethod:withArguments:]):
              (-[WebScriptObject evaluateWebScript:]):
              (-[WebScriptObject setValue:forKey:]):
              (-[WebScriptObject valueForKey:]):
              (-[WebScriptObject removeWebScriptKey:]):
              (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@23512 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  17. 30 Mar, 2007 1 commit
    • andersca's avatar
      JavaScriptCore: · 77d5e0d0
      andersca authored
              Reviewed by Geoff.
              Implement _NPN_Enumerate support.
              * JavaScriptCore.exp:
              * bindings/NP_jsobject.cpp:
              * bindings/c/c_instance.cpp:
              * bindings/c/c_instance.h:
              * bindings/npapi.h:
              * bindings/npruntime.h:
              * bindings/npruntime_impl.h:
              * bindings/runtime.h:
              * bindings/runtime_object.cpp:
              * bindings/runtime_object.h:
              Reviewed by Geoff.
              Add enumeration test.
              * plugins/netscape-enumerate-expected.txt: Added.
              * plugins/netscape-enumerate.html: Added.
              Reviewed by Geoff.
              * Plugins/WebNetscapePluginPackage.m:
              (-[WebNetscapePluginPackage load]):
              Initialize pushpopupsenabledstate, poppopupsenabledstate and enumerate.
              * Plugins/npapi.m:
              Add stubs for these functions.
              * Plugins/npfunctions.h:
              Add new methods to NPNetscapeFuncs.
              Reviewed by Geoff.
              * DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj:
              Add TestObject.c and TestObject.h
              * DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c:
              Implement the testObject property.
              Implement testEnumerate which takes an object and an array and enumerates
              the properties of the object and adds them to the array.
              Allocate the test object.
              Free the test object.
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.c: Added.
              * DumpRenderTree/TestNetscapePlugIn.subproj/TestObject.h: Added.
              Add a test object with two enumerable properties.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20613 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  18. 21 Mar, 2007 1 commit
  19. 18 Mar, 2007 3 commits
    • mjs's avatar
      JavaScriptCore: · 23fc88db
      mjs authored
              Reviewed by Mark.
              - avoid static construction (and global variable access) in a smarter, more portable way,
              to later enable MUTLI_THREAD mode to work on other platforms and compilers.
              * kjs/CommonIdentifiers.cpp: Added. New class to hold all the shared identifiers.
              * kjs/CommonIdentifiers.h: Added.
              * kjs/ExecState.h:
              (KJS::ExecState::propertyNames): Hand the CommonIdentifiers instance here for easy access.
              * API/JSObjectRef.cpp:
              * CMakeLists.txt:
              * JavaScriptCore.exp:
              * JavaScriptCore.pri:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * JavaScriptCoreSources.bkl:
              * bindings/runtime_array.cpp:
              * bindings/runtime_method.cpp:
              * kjs/array_object.cpp:
              * kjs/bool_object.cpp:
              * kjs/completion.h:
              * kjs/date_object.cpp:
              * kjs/error_object.cpp:
              * kjs/function.cpp:
              * kjs/function_object.cpp:
              * kjs/grammar.y:
              * kjs/identifier.cpp:
              * kjs/identifier.h:
              * kjs/interpreter.cpp:
              * kjs/interpreter.h:
              * kjs/lookup.h:
              * kjs/math_object.cpp:
              * kjs/nodes.cpp:
              * kjs/number_object.cpp:
              * kjs/object.cpp:
              * kjs/object.h:
              * kjs/object_object.cpp:
              * kjs/regexp_object.cpp:
              * kjs/string_object.cpp:
              * kjs/testkjs.cpp:
              Reviewed by Mark.
              - avoid static construction (and global variable access) in a smarter, more portable way,
              to later enable MUTLI_THREAD mode to work on other platforms and compilers.
              * bindings/js/JSCustomXPathNSResolver.cpp:
              * bindings/js/JSHTMLInputElementBase.cpp:
              * bindings/js/JSHTMLOptionElementConstructor.cpp:
              * bindings/js/JSXMLHttpRequest.cpp:
              * bindings/js/JSXSLTProcessor.cpp:
              * bindings/js/kjs_dom.cpp:
              * bindings/js/kjs_events.cpp:
              * bindings/js/kjs_html.cpp:
              * bindings/js/kjs_window.cpp:
              * bindings/objc/WebScriptObject.mm:
              * bindings/scripts/CodeGeneratorJS.pm:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20310 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    • ggaren's avatar
      JavaScriptCore: · 18eccf40
      ggaren authored
              Reviewed by Oliver Hunt.
              Exposed some extra toUInt32 functionality, as part of the fix for
              REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
              (Style Change Through JavaScript Blanks Content)
              * JavaScriptCore.exp:
              * kjs/identifier.h:
              Reviewed by Oliver Hunt.
              Layout test for http://bugs.webkit.org/show_bug.cgi?id=13106
              REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
              (Style Change Through JavaScript Blanks Content)
              * fast/dom/collection-null-like-arguments-expected.txt: Added.
              * fast/dom/collection-null-like-arguments.html: Added.
              Reviewed by Oliver Hunt.
              Fixed http://bugs.webkit.org/show_bug.cgi?id=13106
              REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
              (Style Change Through JavaScript Blanks Content)
              When indexing into collections, treat the empty string as an invalid argument,
              instead of the number 0.
              * bindings/js/kjs_html.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20295 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    • ggaren's avatar
      Removed duplicate export name. · 51f5edb7
      ggaren authored
              * JavaScriptCore.exp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20293 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  20. 12 Mar, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · 470b1c7b
      ggaren authored
              Reviewed by Oliver Hunt.
              Fixed <rdar://problem/4681051> Installer crashes in KJS::Collector::
              markOtherThreadConservatively(KJS::Collector::Thread*) trying to install 
              iLife 06 using Rosetta on an Intel Machine
              The problem was that our thread-specific data destructor would modify the
              list of active JavaScript threads without holding the JSLock, corrupting
              the list. Corruption was especially likely if one JavaScript thread exited 
              while another was starting up.
              * JavaScriptCore.exp:
              * kjs/JSLock.cpp: Don't conflate locking the JSLock with registering a
              thread, since the thread-specific data destructor needs to lock
              without registering a thread. Instead, treat thread registration as a
              part of the convenience of the JSLock object, and whittle down JSLock::lock()
              to just the bits that actually do the locking.
              * kjs/JSLock.h: Updated comments to mention the new behavior above, and
              other recent changes.
              * kjs/collector.cpp:
              (KJS::destroyRegisteredThread): Lock here.
              (KJS::Collector::registerThread): To match, assert that we're locked here.
              Reviewed by Oliver Hunt.
              Updated in light of fix for <rdar://problem/4681051> Installer crashes 
              in KJS::Collector::markOtherThreadConservatively(KJS::Collector::Thread*) 
              trying to install iLife 06 using Rosetta on an Intel Machine
              * JavaScriptGlue.cpp:
              (JSLockInterpreter): Ensure backwards compatibility by calling 
              registerThread() when explicitly taking the JSLock. (This doesn't happen 
              automatically anymore.) I doubt this actally matters, but in JavaScriptGlue
              territory, that kind of thinking will get you killed.
              Reviewed by Oliver Hunt.
              Beefed up --threaded mode in light of <rdar://problem/4681051> Installer 
              crashes in KJS::Collector::markOtherThreadConservatively(KJS::Collector::Thread*) 
              trying to install iLife 06 using Rosetta on an Intel Machine
              --threaded mode now runs a bunch of different JavaScript threads, randomly
              killing and respawning them. This was sufficient for reproducing the
              bug on my MacBook Pro.
              * DumpRenderTree/DumpRenderTree.m:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20115 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  21. 06 Mar, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · ff59958f
      ggaren authored
              Reviewed by Maciej Stachowiak.
              Fixed all known crashers exposed by run-webkit-tests --threaded. This covers:
              <rdar://problem/4565394> | http://bugs.webkit.org/show_bug.cgi?id=12585 
                  PAC file: after closing a window that contains macworld.com, new window 
                  crashes (KJS::PropertyMap::mark()) (12585)
              <rdar://problem/4571215> | http://bugs.webkit.org/show_bug.cgi?id=9211
                  PAC file: Crash occurs when clicking on the navigation tabs at http://www.businessweek.com/ (9211)
                  PAC file: Crash occurs when attempting to view image in slideshow mode 
                  at http://d.smugmug.com/gallery/581716 ( KJS::IfNode::execute (KJS::
                  ExecState*) + 312) if you use a PAC file
              (1) Added some missing JSLocks, along with related ASSERTs.
              (2) Fully implemented support for objects that can only be garbage collected
              on the main thread. So far, only WebCore uses this. We can add it to API
              later if we learn that it's needed. 
              The implementation uses a "main thread only" flag inside each object. When 
              collecting on a secondary thread, the Collector does an extra pass through 
              the heap to mark all flagged objects before sweeping. This solution makes
              the common case -- flag lots of objects, but never collect on a secondary 
              thread -- very fast, even though the uncommon case of garbage collecting
              on a secondary thread isn't as fast as it could be. I left some notes 
              about how to speed it up, if we ever care.
              For posterity, here are some things I learned about GC while investigating:
              * Each collect must either mark or delete every heap object. "Zombie" 
              objects, which are neither marked nor deleted, raise these issues:
                  * On the next pass, the conservative marking algorithm might mark a 
                  zombie, causing it to mark freed objects.
                  * The client might try to use a zombie, which would seem live because 
                  its finalizer had not yet run.
              * A collect on the main thread is free to delete any object. Presumably, 
              objects allocated on secondary threads have thread-safe finalizers.
              * A collect on a secondary thread must not delete thread-unsafe objects.
              * The mark function must be thread-safe.
              Line by line comments:
              * API/JSObjectRef.h: Added comment specifying that the finalize callback 
              may run on any thread.
              * JavaScriptCore.exp: Nothing to see here.
              * bindings/npruntime.cpp:
              (_NPN_GetStringIdentifier): Added JSLock.
              * bindings/objc/objc_instance.h:
              * bindings/objc/objc_instance.mm:
              (ObjcInstance::~ObjcInstance): Use an autorelease pool. The other callers 
              to CFRelease needed one, too, but they were dead code, so I removed them 
              instead. (This fixes a leak seen while running run-webkit-tests --threaded,
              although I don't think it's specifically a threading issue.) 
              * kjs/collector.cpp:
              (KJS::Collector::collectOnMainThreadOnly): New function. Tells the collector
              to collect a value only if it's collecting on the main thread.
              (KJS::Collector::markMainThreadOnlyObjects): New function. Scans the heap
              for "main thread only" objects and marks them.
              * kjs/date_object.cpp: 
              (KJS::DateObjectImp::DateObjectImp): To make the new ASSERTs happy, allocate 
              our globals on the heap, avoiding a seemingly unsafe destructor call at 
              program exit time.
              * kjs/function_object.cpp:
              (FunctionPrototype::FunctionPrototype): ditto
              * kjs/interpreter.cpp:
              (KJS::Interpreter::mark): Removed boolean parameter, which was an incomplete
              and arguably hackish way to implement markMainThreadOnlyObjects() inside WebCore.
              * kjs/interpreter.h:
              * kjs/identifier.cpp:
              (KJS::identifierTable): Added some ASSERTs to check for thread safety 
              * kjs/list.cpp: Added some ASSERTs to check for thread safety problems.
              (KJS::List::empty): Make the new ASSERTs happy.
              * kjs/object.h:
              (KJS::JSObject::JSObject): "m_destructorIsThreadSafe" => "m_collectOnMainThreadOnly".
              I removed the constructor parameter because m_collectOnMainThreadOnly,
              like m_marked, is a Collector bit, so only the Collector should set or get it.
              * kjs/object_object.cpp:
              (ObjectPrototype::ObjectPrototype): Make the ASSERTs happy.
              * kjs/regexp_object.cpp:
              (RegExpPrototype::RegExpPrototype): ditto
              * kjs/ustring.cpp: Added some ASSERTs to check for thread safety problems.
              (KJS::UString::null): Make the new ASSERTs happy.
              * kjs/ustring.h:
              (KJS::UString::Rep::ref): Added some ASSERTs to check for thread safety problems.
              * kjs/value.h:
              Reviewed by Maciej Stachowiak.
              Fixed all known crashers exposed by run-webkit-tests --threaded while using
              a PAC file (for maximum carnage). See JavaScriptCore ChangeLog for 
              more details.
              * JSBase.cpp:
              (JSBase::Release): Lock when deleting, because we may be deleting an object
              (like a JSRun) that holds thread-unsafe data.
              * JSUtils.cpp:
              (CFStringToUString): Don't lock, because our caller locks. Also, locking
              inside a function that returns thread-unsafe data by copy will only mask
              threading problems.
              * JavaScriptGlue.cpp:
              (JSRunEvaluate): Added missing JSLock.
              (JSRunCheckSyntax): Converted to JSLock.
              * JavaScriptGlue.xcodeproj/project.pbxproj:
              Reviewed by Maciej Stachowiak.
              Fixed all known crashers exposed by run-webkit-tests --threaded [*]. See 
              JavaScriptCore ChangeLog for more details.
              * bindings/js/kjs_binding.cpp:
              (KJS::domNodesPerDocument): Added thread safety ASSERT.
              (KJS::ScriptInterpreter::mark): Removed obsolete logic for marking unsafe
              objects when collecting on a secondary thread. The Collector takes care
              of this now.
              * bindings/js/kjs_binding.h:
              (KJS::DOMObject::DOMObject): Used new API for specifying that WebCore
              objects should be garbage collected on the main thread only.
              * bindings/js/kjs_window.cpp:
              (KJS::ScheduledAction::execute): Moved JSLock to cover implementedsCall() call,
              which, for some subclasses, ends up allocating garbage collected objects.
              (This fix was speculative. I didn't actually see a crash from this.)
              (KJS::Window::timerFired): Added JSLock around ScheduleAction destruction,
              since it destroys a KJS::List.
              * bindings/objc/WebScriptObject.mm:
              (-[WebScriptObject setException:]): Added JSLock. (This fix was speculative. 
              I didn't actually see a crash from this.)
              * bridge/mac/WebCoreScriptDebugger.mm:
              (-[WebCoreScriptCallFrame evaluateWebScript:]): Added JSLock. (This fix 
              was speculative. I didn't actually see a crash from this.)
              * dom/Document.cpp:
              (WebCore::Document::~Document): Added JSLock around modification to 
              domNodesPerDocument(), which can be accessed concurrently during garbage 
              * dom/Node.cpp:
              (WebCore::Node::setDocument): ditto.
              [*] fast/js/toString-stack-overflow.html is an exception. --threaded mode
              crashes this test because it causes the garbage collector to run frequently,
              and this test crashes if you happen to garbage collect while it's running.
              This is a known issue with stack overflow during the mark phase. It's
              not related to threading.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@20004 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  22. 27 Feb, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · ecd5f5c5
      ggaren authored
              Reviewed by Maciej Stachowiak.
              Fixed http://bugs.webkit.org/show_bug.cgi?id=12659 | <rdar://problem/4954306>
              JS objects not collected after closing window @ ebay.com/maps.google.com
              Don't GC in the Interpreter destructor. For that to work, the Interpreter
              would have to NULL out all of its ProtectedPtrs before calling collect(). But 
              we've decided that we don't want things to work that way, anyway. We want the
              client to be in charge of manual GC so that it can optimize cases when
              it will be destroying many interpreters at once
              (e.g., http://bugs.webkit.org/show_bug.cgi?id=12900).
              Also removed Interpreter::collect() because it was redundant with 
              * JavaScriptCore.exp:
              * kjs/interpreter.cpp:
              * kjs/testkjs.cpp:
              Reviewed by Maciej Stachowiak.
              Test for http://bugs.webkit.org/show_bug.cgi?id=12659 | <rdar://problem/4954306> 
              JS objects not collected after closing window @ ebay.com/maps.google.com
              * fast/leaks/003-expected.txt: Added.
              * fast/leaks/003.html: Added.
              * fast/dom/gc-10.html: Bumped the wiggle room threshold on this test by 2 
              because it's failing on my machine with the patch applied but, according 
              to the test notes, we're still well within the margin of error.
              Reviewed by Maciej Stachowiak.
              Fixed http://bugs.webkit.org/show_bug.cgi?id=12659 | <rdar://problem/4954306>
              JS objects not collected after closing window @ ebay.com/maps.google.com
              Garbage collect in the KJSProxy destructor, after clearing our reference
              to the interpreter, because that's when the interpreter has torn down fully.
              (Technically speaking, we can't *prove* that we have the only reference to 
              our interpreter, but that's how it works in practice, and manual garbage 
              collection is just an opportunistic optimization, so it's OK for it to 
              work in practice even if it can't be proven in theory.)
              Layout tests pass. No leaks reported.
              * bindings/js/kjs_proxy.cpp:
              * bindings/js/kjs_proxy.h:
              * page/Page.cpp:
              (WebCore::Page::~Page): Merged pageDestroyed() calls. Moved debug-only
              code to the bottom.
              * page/Frame.cpp:
              (WebCore::Frame::~Frame): Don't call getObject() because globalObject()
              returns a JSObject* already, and the call can leave a pointer to the Window
              object on the stack. Don't check for NULL because it is an invariant of
              JavaScriptCore that no JSObject* can be NULL. Do use a volatile pointer
              for w because the 'w = 0' assignment just screams to the compiler, "Don't
              generate any code for me!"
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@19894 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  23. 09 Feb, 2007 1 commit
    • andersca's avatar
      JavaScriptCore: · 3ece5d83
      andersca authored
              Reviewed by Geoff.
              Safari complains about "Slow Script" if GMail is left open and machine is busy
              Turn off slow script dialog or crank up time that makes it come up
              Slow script warning is displayed after closing of PROMPT or PRINT dialog
              Re-do the way script timeouts are handled. No longer use a unix timer that sends signals. Instead, add a 
              tick count and increment it in loop bodies. If the tick count reaches a threshold, do a timeout check. If the total time executing
              is higher than the timeout value, (possibly) interrupt the script. The timeout checker also adjusts the threshold dynamically
              to prevent doing the timeout check too often.
              * JavaScriptCore.exp:
              Remove pause and resume calls.
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
              Add winmm.lib.
              * kjs/interpreter.cpp:
              * kjs/interpreter.h:
              * kjs/nodes.cpp:
              Reviewed by Geoff.
              No need to pause timeout checks anymore.
              * bindings/js/kjs_window.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@19534 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  24. 26 Jan, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · d6a0e7ff
      ggaren authored
              Reviewed by Maciej Stachowiak.
              Fixed <rdar://problem/4608404> WebScriptObject's _rootObject lack 
              of ownership policy causes crashes (e.g., in Dashcode)
              The old model for RootObject ownership was either to (1) leak them or (2) assign
              them to a single owner -- the WebCore::Frame -- which would destroy them 
              when it believed that all of its plug-ins had unloaded.
              This model was broken because of (1) and also because plug-ins are not the only 
              RootObject clients. All Bindings clients are RootObjects clients, including 
              applications, which outlive any particular WebCore::Frame.
              The new model for RootObject ownership is to reference-count them, with a
              throw-back to the old model: The WebCore::Frame tracks the RootObjects
              it creates, and invalidates them when it believes that all of its plug-ins 
              have unloaded.
              We maintain this throw-back to avoid plug-in leaks, particularly from Java.
              Java is completely broken when it comes to releasing JavaScript objects. 
              Comments in our code allege that Java does not always call finalize when 
              collecting objects. Moreoever, my own testing reveals that, when Java does 
              notify JavaScript of a finalize, the data it provides is totally bogus.
              This setup is far from ideal, but I don't think we can do better without
              completely rewriting the bindings code, and possibly part of the Java
              plug-in / VM.
              Layout tests pass. No additional leaks reported. WebCore/manual-tests/*liveconnect*
              and a few LiveConnect demos on the web also run without a hitch.
              const RootObject* => RootObject*, since we need to ref/deref
              * bindings/NP_jsobject.cpp:
              (jsDeallocate): deref our RootObjects. Also unprotect or JSObject, instead
              of just relying on the RootObject to do it for us when it's invalidated.
              (_isSafeScript): Check RootObject validity.
              (_NPN_CreateScriptObject): ditto
              (_NPN_Invoke): ditto
              (_NPN_Evaluate): ditto
              (_NPN_GetProperty): ditto
              (_NPN_SetProperty): ditto
              (_NPN_RemoveProperty): ditto
              (_NPN_HasProperty): ditto
              (_NPN_HasMethod): ditto
              (_NPN_SetException): ditto
              * bindings/runtime_root.cpp: 
              Revived bit-rotted LIAR LIAR LIAR comment.
              LOOK: Added support for invalidating RootObjects without deleting them, 
              which is the main goal of this patch. 
              Moved protect counting into the RootObject class, to emphasize that 
              the RootObject protects the JSObject, and unprotects it upon being invalidated.
                  addNativeReference => RootObject::gcProtect
                  removeNativeReference => RootObject::gcUnprotect
                  ProtectCountSet::contains => RootObject::gcIsProtected
              I know we'll all be sad to see the word "native" go.
              * bindings/runtime_root.h: Added ref-counting support to RootObject, with
              all the standard accoutrements.
              * bindings/c/c_utility.cpp:
              (KJS::Bindings::convertValueToNPVariant): If we can't find a valid RootObject,
              return void instead of just leaking.
              * bindings/jni/jni_instance.cpp:
              (JavaInstance::JavaInstance): Don't take a RootObject in our constructor;
              be like other Instances and require the caller to call setRootObject. This
              reduces the number of ownership code paths.
              (JavaInstance::invokeMethod): Check RootObject for validity.
              * bindings/jni/jni_instance.h: Removed private no-arg constructor. Having
              an arg constructor accomplishes the same thing.
              * bindings/jni/jni_jsobject.cpp:
              (JavaJSObject::invoke): No need to call findProtectCountSet, because finalize()
              checks for RootObject validity.
              (JavaJSObject::JavaJSObject): check RootObject for validity
              (JavaJSObject::call): ditto
              (JavaJSObject::eval): ditto
              (JavaJSObject::getMember): ditto
              (JavaJSObject::setMember): ditto
              (JavaJSObject::removeMember): ditto
              (JavaJSObject::getSlot): ditto
              (JavaJSObject::setSlot): ditto
              (JavaJSObject::toString): ditto
              (JavaJSObject::finalize): ditto
              (JavaJSObject::createNative): No need to tell the RootObject to protect 
              the global object, since the RootObject already owns the interpreter.
              * bindings/jni/jni_runtime.cpp:
              (JavaArray::JavaArray): Removed copy construcutor becaue it was unused.
              Dead code is dangerous code.
              * bindings/objc/objc_runtime.mm: Added WebUndefined protocol. Previous use
              of WebScriptObject was bogus, because WebUndefined is not a subclass of
              (convertValueToObjcObject): If we can't find a valid RootObject,
              return nil instead of just leaking.
              * bindings/objc/objc_utility.mm:
              (KJS::Bindings::convertValueToObjcValue): If we can't find a valid RootObject,
              return nil instead of just leaking.
              Reviewed by Maciej Stachowiak.
              Added test for <rdar://problem/4608404> WebScriptObject's _rootObject lack 
              of ownership policy causes crashes (e.g., in Dashcode)
              No test for Java or NPP versions of this bug because there's no reliable way to
              make Java and NPP objects outlive their RootObjects (although Java objects
              sometimes do).
              * plugins/root-object-premature-delete-crash-expected.txt: Added.
              * plugins/root-object-premature-delete-crash.html: Added.
              Reviewed by Maciej Stachowiak.
              Fixed <rdar://problem/4608404> WebScriptObject's _executionContext lack 
              of ownership policy causes crashes (e.g., in Dashcode)
              Added RootObject ref-counting goodness.
              * page/mac/FrameMac.h:
              * page/mac/FrameMac.mm:
              (WebCore::FrameMac::cleanupPluginObjects): Invalidate our RootObjects 
              instead of detroying them. Track _bindingRootObject separately from the
              rest of our RootObjects, since it has its own variable.
              * page/mac/WebCoreFrameBridge.mm:
              (createRootObject): Use the Frame's new, more encapsulated function to
              create a RootObject.
              * bindings/objc/WebScriptObject.mm: Nixed rootObject setters, since they
              were unused and they complicated reference-counting.
              Reviewed by Maciej Stachowiak.
              Added support for test for <rdar://problem/4608404> WebScriptObject's 
              _rootObject lack of ownership policy causes crashes (e.g., in Dashcode)
              * DumpRenderTree/DumpRenderTree.m:
              (+[LayoutTestController isSelectorExcludedFromWebScript:]):
              (+[LayoutTestController webScriptNameForSelector:]):
              (-[LayoutTestController storeWebScriptObject:]):
              (-[LayoutTestController accessStoredWebScriptObject]):
              (-[LayoutTestController dealloc]):
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@19183 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  25. 14 Jan, 2007 1 commit
    • bdash's avatar
      2007-01-14 Mark Rowe <mrowe@apple.com> · 90b9d80e
      bdash authored
              Reviewed by Mitz.
              Minor fixes to JavaScript pretty-printing.
              * JavaScriptCore.exp:
              * kjs/Parser.cpp:
              (KJS::Parser::prettyPrint): Return line number and error message if parsing fails.
              * kjs/Parser.h:
              * kjs/nodes2string.cpp:
              (ElementNode::streamTo): Include comma delimiters in array literals.
              (PropertyNameNode::streamTo): Quote property names in object literals to handle the case when the property name is not a valid identifier.
              * kjs/testkjs.cpp:
              (doIt): Print any errors encountered while pretty-printing.
      2007-01-14  Mark Rowe  <mrowe@apple.com>
              Reviewed by Mitz.
              Layout tests for fixes to JavaScript pretty-printing.
              * fast/js/pretty-print-expected.txt:
              * fast/js/resources/pretty-print.js: Test handling of object literal with non-identifier property name, and of array literals.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@18837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  26. 11 Jan, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · ec60d104
      ggaren authored
              Reviewed by Anders Carlsson.
              Even more cleanup in preparation for fixing <rdar://problem/4608404> 
              WebScriptObject's _executionContext lack of ownership policy causes 
              crashes (e.g., in Dashcode)
              Layout tests pass.
                  findRootObjectForNativeHandleFunction => createRootObject
                  FindRootObjectForNativeHandleFunctionPtr => CreateRootObjectFunction
              Also removed unnecessary use of "Bindings::" prefix.
              * JavaScriptCore.exp:
              * bindings/jni/jni_jsobject.cpp:
              * bindings/runtime_root.cpp:
              * bindings/runtime_root.h:
              Reviewed by Anders Carlsson.
              Even more cleanup in preparation for fixing <rdar://problem/4608404> 
              WebScriptObject's _executionContext lack of ownership policy causes 
              crashes (e.g., in Dashcode)
              Layout tests pass.
                  findRootObjectForNativeHandleFunction => createRootObject
                  FindRootObjectForNativeHandleFunctionPtr => createRootObjectFunction
                  rootForView => createRootObject
                  getInstanceForView => getPluginInstanceForWidget
              * page/mac/FrameMac.mm:
              (WebCore::FrameMac::getAppletInstanceForWidget): Put the NSView * in a void*
              variable named "nativeHandle" to be more explicit about the fact that JavaScript's
              "nativeHandle" is just an NSView *.
              (WebCore::getPluginInstanceForWidget): This function now does the NSView *
              fetching that its callers used to do.
              (WebCore::FrameMac::getEmbedInstanceForWidget): Updated for rename.
              (WebCore::FrameMac::getObjectInstanceForWidget): ditto
              * page/mac/WebCoreFrameBridge.mm: Killed the WebCoreBridgeInternal category,
              which was really more of a shmategory.
              (createRootObject): Removed rootObjectForView, folding it into its only
              caller, the similarly named rootForView. Renamed the pair to "createRootObject"
              because that's what they do.
              (-[WebCoreFrameBridge init]): Updated for renames
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@18782 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  27. 09 Jan, 2007 1 commit
    • ap's avatar
      2007-01-09 Mitz Pettel <mitz@webkit.org> · 6c85708d
      ap authored
              Reviewed by Darin.
              - changes for http://bugs.webkit.org/show_bug.cgi?id=11078
                Forms Don't Submit (ASP Pages)
              * JavaScriptCore.exp:
              * kjs/value.cpp:
              (KJS::JSValue::toInt32): Folded toInt32Inline into this method, which was its
              only caller.
              (KJS::JSValue::toUInt32): Added a variant that reports if the conversion has
              * kjs/value.h:
              * bindings/js/kjs_html.cpp:
              (KJS::JSHTMLCollectionProtoFunc::callAsFunction): Changed item() to fall back
              to namedItem() if its argument does not convert to a number.
              * fast/dom/collection-namedItem-via-item-expected.txt: Added.
              * fast/dom/collection-namedItem-via-item.html: Added.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@18715 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  28. 29 Dec, 2006 1 commit
    • ggaren's avatar
      JavaScriptCore: · 7593bef1
      ggaren authored
              Reviewed by Brian Dash... err... Mark Rowe.
              More cleanup in preparation for fixing <rdar://problem/4608404> 
              WebScriptObject's _executionContext lack of ownership policy causes 
              crashes (e.g., in Dashcode)
              The key change here is to RootObject::RootObject().
              * JavaScriptCore.exp:
              * bindings/c/c_utility.cpp:
              (KJS::Bindings::convertValueToNPVariant): Changed to use new constructor.
              * bindings/jni/jni_jsobject.cpp:
              (JavaJSObject::createNative): Changed to use new constructor. Replaced
              large 'if' followed by default condition with "if !" and explicit default
              * bindings/objc/objc_runtime.mm:
              (convertValueToObjcObject): Changed to use new constructor.
              * bindings/runtime_root.cpp:
              (KJS::Bindings::RootObject::destroy): "removeAllNativeReferences" => "destroy"
              because this function actually destroys the RootObject.
              * bindings/runtime_root.h: Changed Interpreter* to RefPtr<Interpreter>
              to prevent a RootObject from holding a stale Interperter*.
              (KJS::Bindings::RootObject::RootObject): Changed constructor to take an 
              Interpreter*, since it's pointless to create a RootObject without one.
              Removed setRootObjectImp() and rootObjectImp() because they were just
              a confusing way of setting and getting the Interpreter's global object.
              (KJS::Bindings::RootObject::nativeHandle): "_nativeHandle" => "m_nativeHandle"
              (KJS::Bindings::RootObject::interpreter): "_interpreter" => "m_interpreter"
              Reviewed by Brian Dash... err... Mark Rowe.
              More cleanup in preparation for fixing <rdar://problem/4608404> 
              WebScriptObject's _executionContext lack of ownership policy causes 
              crashes (e.g., in Dashcode)
              The key change here is to RootObject::RootObject().
              Layout tests pass.
              Renamed "_bindingRoot" => "_bindingRootObject" because "RootObject" is the
              type name.
              * bindings/objc/WebScriptObject.mm:
              (_didExecute): Use Interpreter::globalObject(), since RootObject::rootObjectImp() 
              no longer exists.
              * page/mac/FrameMac.mm:
              (WebCore::FrameMac::bindingRootObject): Use the new RootObject constructor.
              Stop lying about who deletes _bindingRoot.
              (WebCore::FrameMac::cleanupPluginObjects): => "destroy". Fixed a bug where
              the RootObject would only free its own memory if there were a ReferencesSet*
              associated with it.
              * page/mac/WebCoreFrameBridge.mm:
              (-[WebCoreFrameBridge rootObjectForView:]): Use new constructor. Changed
              misleading comment.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@18481 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  29. 28 Dec, 2006 1 commit
    • ggaren's avatar
      JavaScriptCore: · dd7de074
      ggaren authored
              Reviewed by Brady Eidson.
              Some cleanup in preparation for fixing <rdar://problem/4608404> 
              WebScriptObject's _executionContext lack of ownership policy causes 
              crashes (e.g., in Dashcode)
              I'm just trying to make heads or tails of this baffling code.
              Renamed "root" | "execContext" | "executionContext" => "rootObject", because
              that's the object's (admittedly vague) type name.
              * bindings/runtime.cpp: Removed createLanguageInstanceForValue
              because I'll give you a dollar if you can explain to me what it actually did.
              * bindings/runtime_root.cpp: Put everything in the KJS::Bindings namespace,
              removing the KJS::Bindings prefix from individual functions and datatypes.
              This matches the header and eliminates a lot of syntax cruft.
              * bindings/c/c_utility.cpp:
              (KJS::Bindings::convertValueToNPVariant): Replaced use of createLanguageInstanceForValue
              with call to _NPN_CreateScriptObject because that's what createLanguageInstanceForValue
              actually did (but don't ask me for that dollar now; that's cheating.)
              * bindings/objc/objc_utility.h:
              * bindings/objc/objc_utility.mm:
              (KJS::Bindings::convertValueToObjcValue): Removed. Its only purpose was 
              to call a single function for WebKit, which WebKit can do on its own.
              * kjs/interpreter.h: Removed rtti() because it was unused, and this class
              is scheduled for demolition anyway.
              * kjs/interpreter.cpp: Removed createLanguageInstanceForValue because it had
              nothing to do with the Interpreter, and nothing makes Chuck Norris more mad
              than a function whose sole purpose is to call another function of the same
              name. (Really, I asked him.)
              Reviewed by Brady Eidson.
              Some cleanup in preparation for fixing <rdar://problem/4608404> 
              WebScriptObject's _executionContext lack of ownership policy causes 
              crashes (e.g., in Dashcode)
              Layout tests pass.
              Renamed "root" | "execContext" | "executionContext" => rootObject, because
              that's the object's (admittedly vague) type name.
              * bindings/js/kjs_binding.cpp:
              * bindings/js/kjs_binding.h: Removed createLanguageInstanceForValue
              and createObjcInstanceForValue because their only purpose was to confuse you.
              * bindings/objc/DOMInternal.h: Moved declaration of createDOMWrapper here.
              createDOMWrapper is the new name for createObjcInstanceForValue.
              * bindings/objc/DOMInternal.mm: Renamed Interpreter::createObjcInstanceForValue
              to createDOMWrapper because creating DOM wrappers has nothing to do with the interpreter,
              and everything to do with the DOM. Renamed value to object because it is one.
              Removed newObj nil check that is unnecessary in ObjC.
              * bindings/objc/WebScriptObject.mm: Replaced call to createLanguageInstanceForValue
              with explicit code to do the same thing it would have done: (1) try to create 
              a DOM wrapper; (2) if the object is not a wrappable DOM object, create a 
              vanilla WebScriptObject for it instead.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@18461 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  30. 19 Dec, 2006 1 commit
    • andersca's avatar
      Reviewed by Geoff. · 57e8b7c0
      andersca authored
              Add -p option to testkjs which pretty prints the files instead of executing them.
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * kjs/Parser.cpp:
              * kjs/Parser.h:
              * kjs/testkjs.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@18337 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  31. 11 Dec, 2006 1 commit
    • ap's avatar
      http://bugs.webkit.org/show_bug.cgi?id=9673 · dcae628b
      ap authored
              Add support for window.atob() and window.btoa()
              Reviewed by Darin.
              * JavaScriptCore.exp: Export UString::is8Bit().
              * JavaScriptCore.xcodeproj/project.pbxproj: Added StringExtras.h as
              a private header.
              * WebCore.xcodeproj/project.pbxproj: Added Base64.{h,cpp}
              * bindings/js/kjs_window.cpp:
              * bindings/js/kjs_window.h:
              * platform/Base64.cpp: Added.
              * platform/Base64.h: Added.
              * ForwardingHeaders/wtf/StringExtras.h: Added.
              * platform/DeprecatedString.cpp: Use strncasecmp from StringExtras.
              * fast/dom/Window/atob-btoa-expected.txt: Added.
              * fast/dom/Window/atob-btoa.html: Added.
              * fast/dom/Window/btoa-pnglet-expected.checksum: Added.
              * fast/dom/Window/btoa-pnglet-expected.png: Added.
              * fast/dom/Window/btoa-pnglet-expected.txt: Added.
              * fast/dom/Window/btoa-pnglet.html: Added.
              * fast/dom/Window/window-properties-expected.txt:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@18170 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  32. 12 Oct, 2006 1 commit
    • ggaren's avatar
      Reviewed by Maciej. · 20b23b1e
      ggaren authored
              Removed JSObjectMakeWithPrototype, clarified some comments. We really
              don't want people to manage their own prototypes, so we don't want an
              extra function in the API devoted to just that. People can still manage
              their own prototypes if they really want by using JSObjectSetPrototype.
              * API/JSClassRef.cpp:
              * API/JSClassRef.h:
              * API/JSObjectRef.cpp:
              * API/JSObjectRef.h:
              * API/testapi.c:
              * JavaScriptCore.exp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@17017 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  33. 03 Sep, 2006 1 commit
    • ap's avatar
      Reviewed by Tim H. · 897b7094
      ap authored
              Convert JavaScript arrays to AppleScript lists
              * JavaScriptCore.exp: Export ArrayInstance::info and ArrayInstance::getItem().
              * kjs/array_instance.h:
              * kjs/array_object.cpp:
              (ArrayInstance::getItem): Added a method to access array items from C++.
              * bridge/mac/WebCoreFrameBridge.mm:
              (aeDescFromJSValue): Added a case for ArrayInstance.
              * fast/AppleScript/array-expected.txt:
              * fast/AppleScript/array.html: Updated results, added a test for
              circular dependencies.
              * DumpRenderTree/AppleScriptController.m:
              (-[AppleScriptController doJavaScript:]): Support printing AEDescLists.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@16200 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  34. 13 Aug, 2006 1 commit
    • mjs's avatar
      JavaScriptCore: · 308be5ab
      mjs authored
              Reviewed (and tweaked a little) by Maciej.
              - shrank the size of JSObject by 8 bytes and made the corresponding reduction to the cell size, resulting
              in a 1.2% speed improvement on JS iBench (and probably overall memory savings).
              This was done by removing _scope and _internalValue data members
              from JSObject and moving them only to the subclasses that actually
              make use of them.
              * kjs/object.cpp: 
              (KJS::JSObject::mark): No need to mark scope or internal value here.
              * kjs/object.h:
              (KJS::JSObject::JSObject): Don't initialize them.
              * kjs/JSWrapperObject.cpp: Added. New base class for object types that
              wrap primitive values (Number, String, Boolean, Date).
              * kjs/JSWrapperObject.h: Added.
              * kjs/array_object.cpp:
              (ArrayPrototype::ArrayPrototype): Don't set useless internal value.
              * kjs/bool_object.cpp:
              (BooleanInstance::BooleanInstance): Inherit from JSWrapperObject.
              (BooleanProtoFunc::callAsFunction): Fixed to account for fact that not all
              JSObjects have an internal value.
              (BooleanObjectImp::construct): ditto.
              * kjs/bool_object.h:
              * kjs/collector.cpp: Lowered cell size to 48.
              (KJS::Collector::allocate): meaningless whitespace change
              * kjs/date_object.cpp:
              (KJS::DateInstance::DateInstance): Inherit from JSWrapperObject.
              (KJS::DateProtoFunc::callAsFunction): adjusted for move of internalValue
              (KJS::DateObjectImp::construct): ditto
              * kjs/date_object.h:
              * kjs/error_object.cpp:
              (ErrorPrototype::ErrorPrototype): don't set internal value
              * kjs/function.cpp: move _scope and related handling here
              (KJS::FunctionImp::mark): mark scope
              * kjs/function.h:
              (KJS::FunctionImp::scope): moved here from JSObject
              (KJS::FunctionImp::setScope): ditto
              * kjs/number_object.cpp:
              (NumberInstance::NumberInstance): inherit from JSWrapperObject
              (NumberProtoFunc::callAsFunction): adjusted
              (NumberObjectImp::construct): adjusted
              * kjs/number_object.h: shring RegExp-related objects a little
              * kjs/regexp_object.cpp:
              (RegExpPrototype::RegExpPrototype): Adjust for size tweaks
              (RegExpObjectImp::RegExpObjectImp): ditto
              * kjs/regexp_object.h:
              * kjs/string_object.cpp:
              (StringInstance::StringInstance): inherit from JSWrapperObject
              (StringProtoFunc::callAsFunction): adjusted
              * kjs/string_object.h:
              * JavaScriptCore.exp: Exported new methods as needed.
              * JavaScriptCore.xcodeproj/project.pbxproj: Added new files to build.
              Reviewed (and tweaked a little) by Maciej.
              - shrank the size of JSObject by 8 bytes and made the corresponding reduction to the cell size, resulting
              in a 1.2% speed improvement on JS iBench (and probably overall memory savings).
              The WebCore part of this is to expect only FunctionImp to have a scope, not all JSObjects.
              * bindings/js/kjs_events.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@15846 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  35. 24 Jul, 2006 1 commit
    • thatcher's avatar
      JavaScriptCore: · d5e16e37
      thatcher authored
              Reviewed by Maciej.
              Bug 9686: [Drosera] Need the ability to break into Drosera on Javascript exceptions
              JavaScriptCore portion of the fix.
              * JavaScriptCore.exp: Update symbol for change in argument type.
              * kjs/debugger.cpp:
              (Debugger::detach): Clear map of recent exceptions.
              (Debugger::hasHandledException): Track the most recent exception
              thrown by an interpreter.
              (Debugger::exception): Change exception argument to a JSValue.
              * kjs/debugger.h:
              * kjs/nodes.cpp:
              (Node::debugExceptionIfNeeded): Notify the debugger of an exception
              if it hasn't seen it before.
              (ThrowNode::execute): Notify the debugger that an exception is being thrown.
              * kjs/nodes.h:
          2006-07-23  Geoffrey Garen  <ggaren@apple.com>
              Patch by Eric Albert, reviewed by Darin and me.
              - Fixed <rdar://problem/4645931> JavaScriptCore stack-scanning code 
              crashes (Collector::markStackObjectsConservatively)
              * bindings/jni/jni_jsobject.cpp: On 64bit systems, jint is a long, not an
              * kjs/collector.cpp:
              (KJS::Collector::markCurrentThreadConservatively): Use a pointer instead of
              an int as 'dummy,' because on LP64 systems, an int is not pointer-aligned,
              and we want to scan the stack for pointers.
              * JavaScriptCore.xcodeproj/project.pbxproj: After a tense cease-fire, the 
              XCode war has started up again!
              Reviewed by maciej.
              Bug 9686: [Drosera] Need the ability to break into Drosera on Javascript exceptions
              WebCore portion of the fix.
              * bridge/mac/WebCoreScriptDebugger.h:
              (-[WebScriptDebugger exceptionRaised:sourceId:line::]): Add delegate method.
              * bridge/mac/WebCoreScriptDebugger.mm:
              (WebCoreScriptDebuggerImp::exception): Call delegate method when an exception is raised.
              Reviewed by Maciej.
              Bug 9686: [Drosera] Need the ability to break into Drosera on Javascript exceptions
              WebKit portion of the fix.
              * DefaultDelegates/WebDefaultScriptDebugDelegate.m:
              (-[WebDefaultScriptDebugDelegate webView:exceptionWasRaised:sourceId:line:forWebFrame:]):
              * DefaultDelegates/WebScriptDebugServer.h:
              * DefaultDelegates/WebScriptDebugServer.m:
              (-[WebScriptDebugServer webView:exceptionWasRaised:sourceId:line:forWebFrame:]): Notify
              listeners that an exception has been raised.
              * WebView/WebScriptDebugDelegate.h:
              * WebView/WebScriptDebugDelegate.m:
              (-[WebScriptCallFrame exceptionRaised:sourceId:line:]): Dispatch through to delegate and
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@15593 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  36. 21 Jul, 2006 1 commit
    • ggaren's avatar
      JavaScriptCore: · b7d19066
      ggaren authored
              Reviewed by Darin.
              - Added support for strings that masquerade as undefined. Currently used
              by WebCore to implement undetectable style.filter.
              The name is a little long, but it's only used in one line of code, so I
              thought clarity should win over brevity.
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * kjs/object.h:
              * kjs/string_object.h:
              Test for undetectable style.filter property.
              * fast/dom/undetectable-style-filter-expected.txt: Added.
              * fast/dom/undetectable-style-filter.html: Added.
              Reviewed by Darin.
              - Fixed <rdar://problem/4507265> REGRESSION: overlays don't work on 
              HousingMaps.com (Google Maps-based site)
              - Made style.filter undetectable, like document.all.
              Unfortunately, the SVG spec-makers invented a CSS attribute named 'filter',
              which conflicts with IE's custom CSS attribute by the same name. Web programs 
              like the Google maps API test for style.filter, and assume it's the IE 
              style.filter if they find it, so we need to make style.filter undetectable 
              to avoid breaking them.
              An alternative solution would be to hotwire a delorean, go back in time,
              and beg the web standards makers to make standards that work on the web.
              * bindings/js/kjs_css.cpp:
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@15557 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  37. 17 Jul, 2006 1 commit
    • ggaren's avatar
      Reviewed by Maciej. · 0503a4b5
      ggaren authored
              - Added automatic prototype creation for classes.
              A class stores a weak reference to a prototype, which is cleared when
              the prototype is garbage collected, to avoid a reference cycle.
              We now have an attributes field in JSClassDefinition, that currently is
              used only to override automatic prototype creation when you want to manage your
              own prototypes, but can be extended in the future for other nefarious purposes.
              Similarly, we have JSObjectMake and JSObjectMakeWithPrototype, the latter
              allowing you to manage your own prototypes.
              JSObjectMakeConstructor is more interesting now, able to make a constructor
              on your behalf if you just give it a class.
              - Removed bogus old code from minidom.js.
              - Tweaked the headerdocs.
              - Added more GC testing, which caught some leaks, and tested more funny 
              edge cases in lookup, which caught a lookup bug. Removed some testing 
              we used to do with MyObject because it was redundant with the new, cool 
              While fixing the lookup bug I retracted this change:
                  "If a static setProperty callback returns 'false', to indicate that the
                  property was not set, we no longer forward the set request up the class
                  chain, because that's almost certainly not what the programmer expected."
              Returning false when setting a static property is a little silly, but you can see
              it being useful when shadowing a base class's static properties, and, regardless
              of usefullness, this is the defined behavior of the setProperty callback.
              - Plus a little ASCII art, for the kids.
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@15497 268f45cc-cd09-0410-ab3c-d52691b4dbfc