1. 30 Oct, 2013 1 commit
    • mark.lam@apple.com's avatar
      Adjust CallFrameHeader's ReturnPC and CallFrame locations to match the native ABI . · c8151c4c
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=123444.
      
      Reviewed by Geoffrey Garen.
      
      - Introduced an explicit CallerFrameAndPC struct.
      - A CallFrame is expected to start with a CallerFrameAndPC struct. 
      - The Register class no longer supports CallFrame* and Instruction*.
      
        These hides the differences between JSVALUE32_64 and JSVALUE64 in
        terms of managing the callerFrame() and returnPC() values.
      
      - Convert all uses of JSStack::CallerFrame and JSStack::ReturnPC to
        go through CallFrame to access the appropriate values and offsets.
        CallFrame, in turn, will access the callerFrame and returnPC via
        the CallerFrameAndPC struct.
      
      - InlineCallFrame will provide offsets for its callerFrame and
        returnPC. It will make use of CallFrame::callerFrameOffset() and
        CallerFrame::returnPCOffset() to compute these.
      
      * bytecode/CodeOrigin.h:
      (JSC::InlineCallFrame::callerFrameOffset):
      (JSC::InlineCallFrame::returnPCOffset):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileExceptionHandlers):
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::reifyInlinedCallFrames):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::calleeFrameSlot):
      (JSC::DFG::SpeculativeJIT::calleeArgumentSlot):
      (JSC::DFG::SpeculativeJIT::calleeFrameTagSlot):
      (JSC::DFG::SpeculativeJIT::calleeFramePayloadSlot):
      (JSC::DFG::SpeculativeJIT::calleeArgumentTagSlot):
      (JSC::DFG::SpeculativeJIT::calleeArgumentPayloadSlot):
      - Prefixed all the above with callee since they apply to the callee frame.
      (JSC::DFG::SpeculativeJIT::calleeFrameCallerFrame):
      - Added to set the callerFrame pointer in the callee frame.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * ftl/FTLLink.cpp:
      (JSC::FTL::compileEntry):
      (JSC::FTL::link):
      * interpreter/CallFrame.h:
      (JSC::ExecState::callerFrame):
      (JSC::ExecState::callerFrameOffset):
      (JSC::ExecState::returnPC):
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (JSC::ExecState::returnPCOffset):
      (JSC::ExecState::setCallerFrame):
      (JSC::ExecState::setReturnPC):
      (JSC::ExecState::callerFrameAndPC):
      * interpreter/JSStack.h:
      * interpreter/Register.h:
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::emitPutToCallFrameHeader):
      - Convert to using storePtr() here and simplify the code.
      (JSC::AssemblyHelpers::emitGetCallerFrameFromCallFrameHeaderPtr):
      (JSC::AssemblyHelpers::emitPutCallerFrameToCallFrameHeader):
      (JSC::AssemblyHelpers::emitGetReturnPCFromCallFrameHeaderPtr):
      (JSC::AssemblyHelpers::emitPutReturnPCToCallFrameHeader):
      - Helpers to emit gets/puts of the callerFrame and returnPC.
      (JSC::AssemblyHelpers::addressForByteOffset):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompile):
      (JSC::JIT::privateCompileExceptionHandlers):
      * jit/JITCall.cpp:
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileOpCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileOpCall):
      * jit/JITInlines.h:
      (JSC::JIT::unmap):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_end):
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_end):
      * jit/JITOperations.cpp:
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::returnJSValue):
      (JSC::SpecializedThunkJIT::returnDouble):
      (JSC::SpecializedThunkJIT::returnInt32):
      (JSC::SpecializedThunkJIT::returnJSCell):
      * jit/ThunkGenerators.cpp:
      (JSC::throwExceptionFromCallSlowPathGenerator):
      (JSC::slowPathFor):
      (JSC::nativeForGenerator):
      
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LowLevelInterpreter.asm:
      - Updated offsets and asserts to match the new CallFrame layout.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158315 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c8151c4c
  2. 19 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using... · d49bfe80
      fpizlo@apple.com authored
      A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
      https://bugs.webkit.org/show_bug.cgi?id=122940
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
      whereas previously it was in a Vector, so it moved. This allows you to use pointers to
      StructureStubInfo. This also eliminates the use of return PC as a way of finding the
      StructureStubInfo's. It removes some of the need for the compile-time property access
      records; for example the DFG no longer has to save information about registers in a
      property access record only to later save it to the stub info.
              
      The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
      at any stage of compilation.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::propagateTransitions):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::addStubInfo):
      (JSC::CodeBlock::getStubInfoMap):
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::begin):
      (JSC::CodeBlock::end):
      (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::CodeOrigin):
      (JSC::CodeOrigin::isHashTableDeletedValue):
      (JSC::CodeOrigin::hash):
      (JSC::CodeOriginHash::hash):
      (JSC::CodeOriginHash::equal):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      * bytecode/StructureStubInfo.h:
      (JSC::getStructureStubInfoCodeOrigin):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
      (JSC::DFG::InRecord::InRecord):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileIn):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      * jit/CCallHelpers.h:
      (JSC::CCallHelpers::setupArgumentsWithExecState):
      * jit/JIT.cpp:
      (JSC::PropertyStubCompilationInfo::copyToStubInfo):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::PropertyStubCompilationInfo::slowCaseInfo):
      * jit/JITInlines.h:
      (JSC::JIT::callOperation):
      * jit/JITOperations.cpp:
      * jit/JITOperations.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emitSlow_op_put_by_id):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emitSlow_op_put_by_id):
      * jit/Repatch.cpp:
      (JSC::appropriateGenericPutByIdFunction):
      (JSC::appropriateListBuildingPutByIdFunction):
      (JSC::resetPutByID):
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
      
      * GNUmakefile.list.am:
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/BagToHashMap.h: Added.
      (WTF::toHashMap):
      * wtf/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157660 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d49bfe80
  3. 06 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      Compress DFG stack layout · a62d4829
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122024
      
      Reviewed by Oliver Hunt.
              
      The DFG needs to be able to store things at a known offset from frame pointer so that
      the runtime can read those things. Prior to this patch, the DFG would use the exact
      offsets that the bytecode asked for, even in the case of inlining, where it would use
      the callsite stack offset to shift all of the inlined function's variables over just as
      they would have been if a bytecode interpreter had really made the call.
              
      But this won't work once WebKit-LLVM integration is complete. LLVM has no notion of
      storing things at a fixed offset from the frame pointer. We could try to hack LLVM to do
      that, but it would seriously complicate LLVM's stack layout. But what we might be able
      to do is have LLVM tell us (via an addressof intrinsic and a side-channel) where some
      alloca landed relative to the frame pointer. Hence if the DFG can put all of its flushed
      variables in a contiguous range that can be expressed to LLVM as a struct that we
      alloca, then all of this can still work just fine.
              
      Previously the flushed variables didn't fit in a contiguous range, but this patch makes
      them contiguous by allowing the stack layout to be compressed.
              
      What this really means is that there is now a distinction between where the DFG saw a
      variable stored in bytecode and where it will actually store it in the resulting machine
      code. Henceforth when the DFG says "local" or "virtual register" it means the variable
      according to bytecode (with the stack offsetting for inlined code as before), but when
      it says "machine local" or "machine virtual register" it means the actual place where it
      will store things in the resulting machine code. All of the OSR exit, inlined arguments,
      captured variables, and various stack unwinding machine now knows about all of this.
              
      Note that the DFG's abstract interpretation still uses bytecode variables rather than
      machine variables. Same for CSE and abstract heaps. This makes sense since it means that
      we don't have to decide on machine variable allocation just to do those optimizations.
              
      The decision of what a local's machine location becomes is deferred to very late in
      compilation. We only need to assign machine locations to variables that must be stored
      to the stack. It's now mandatory to run some kind of "stack layout phase" that makes the
      decision and updates all data structures.
              
      So far the way that this is being used is just to compress the DFG stack layout, which
      is something that we should have done anyway, a long time ago. And the compression isn't
      even that good - the current StackLayoutPhase just identifies local indices that are
      unused in machine code and slides all other variables towards zero. This doesn't achieve
      particularly good compression but it is better than nothing. Note that this phase makes
      it seem like the bytecode-machine mapping is based on bytecode local indices; for
      example if bytecode local 4 is mapped to machine local 3 then it always will be. That's
      true for the current StackLayoutPhase but it _will not_ be true for all possible stack
      layout phases and it would be incorrect to assume that it should be true. This is why
      the current data structures have each VariableAccessData hold its own copy of the
      machine virtual register, and also have each InlineCallFrame report their own machine
      virtual registers for the various things. The DFG backend is likely to always use the
      dumb StackLayoutPhase since it is very cheap to run, but the FTL backend is likely to
      eventually get a better one, where we do some kind of constraint-based coloring: we
      institute constraints where some VariableAccessData's must have the same indices as some
      other ones, and also must be right next to some other ones; then we process all
      VariableAccessData's and attempt to assign them machine locals while preserving those
      constraints. This could lead to two VariableAccessDatas for the same bytecode local
      ending up with different machine locals.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::isCaptured):
      (JSC::CodeBlock::framePointerOffsetToGetActivationRegisters):
      (JSC::CodeBlock::machineSlowArguments):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasSlowArguments):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::dump):
      (JSC::InlineCallFrame::calleeForCallFrame):
      (JSC::InlineCallFrame::dumpInContext):
      * bytecode/CodeOrigin.h:
      (JSC::InlineCallFrame::InlineCallFrame):
      (JSC::InlineCallFrame::calleeConstant):
      * bytecode/Operands.h:
      (JSC::Operands::indexForOperand):
      * dfg/DFGBasicBlock.cpp:
      (JSC::DFG::BasicBlock::SSAData::SSAData):
      * dfg/DFGBasicBlock.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCommon.h:
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * dfg/DFGDesiredWriteBarriers.cpp:
      (JSC::DFG::DesiredWriteBarrier::trigger):
      * dfg/DFGDesiredWriteBarriers.h:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      (JSC::DFG::FlushLivenessAnalysisPhase::run):
      (JSC::DFG::FlushLivenessAnalysisPhase::process):
      (JSC::DFG::FlushLivenessAnalysisPhase::reportError):
      * dfg/DFGFlushedAt.cpp: Added.
      (JSC::DFG::FlushedAt::dump):
      (JSC::DFG::FlushedAt::dumpInContext):
      * dfg/DFGFlushedAt.h: Added.
      (JSC::DFG::FlushedAt::FlushedAt):
      (JSC::DFG::FlushedAt::operator!):
      (JSC::DFG::FlushedAt::format):
      (JSC::DFG::FlushedAt::virtualRegister):
      (JSC::DFG::FlushedAt::operator==):
      (JSC::DFG::FlushedAt::operator!=):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::bytecodeRegisterForArgument):
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::machineArgumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::activationRegister):
      (JSC::DFG::Graph::uncheckedActivationRegister):
      (JSC::DFG::Graph::machineActivationRegister):
      (JSC::DFG::Graph::uncheckedMachineActivationRegister):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (JSC::DFG::Node::convertToGetLocal):
      (JSC::DFG::Node::machineLocal):
      (JSC::DFG::Node::hasUnlinkedMachineLocal):
      (JSC::DFG::Node::setUnlinkedMachineLocal):
      (JSC::DFG::Node::unlinkedMachineLocal):
      (JSC::DFG::Node::hasInlineStartData):
      (JSC::DFG::Node::inlineStartData):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::dumpNodeFlags):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      (JSC::DFG::OSREntryReshuffling::OSREntryReshuffling):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::reifyInlinedCallFrames):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::ScoreBoard):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      (JSC::DFG::SpeculativeJIT::createOSREntries):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::calleeFrameOffset):
      (JSC::DFG::SpeculativeJIT::callFrameSlot):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
      (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
      (JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters):
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStackLayoutPhase.cpp: Added.
      (JSC::DFG::StackLayoutPhase::StackLayoutPhase):
      (JSC::DFG::StackLayoutPhase::run):
      (JSC::DFG::performStackLayout):
      * dfg/DFGStackLayoutPhase.h: Added.
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::machineLocal):
      (JSC::DFG::VariableAccessData::flushedAt):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLExitValue.h:
      (JSC::FTL::ExitValue::inJSStack):
      (JSC::FTL::ExitValue::inJSStackAsInt32):
      (JSC::FTL::ExitValue::inJSStackAsInt52):
      (JSC::FTL::ExitValue::inJSStackAsDouble):
      (JSC::FTL::ExitValue::virtualRegister):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      (JSC::FTL::ValueSource::ValueSource):
      (JSC::FTL::ValueSource::kind):
      (JSC::FTL::ValueSource::operator!):
      (JSC::FTL::ValueSource::node):
      (JSC::FTL::ValueSource::virtualRegister):
      * interpreter/Interpreter.cpp:
      (JSC::unwindCallFrame):
      * interpreter/StackVisitor.cpp:
      (JSC::StackVisitor::readInlinedFrame):
      (JSC::StackVisitor::Frame::createArguments):
      (JSC::StackVisitor::Frame::existingArguments):
      * interpreter/StackVisitor.h:
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::addressFor):
      (JSC::AssemblyHelpers::tagFor):
      (JSC::AssemblyHelpers::payloadFor):
      (JSC::AssemblyHelpers::offsetOfArgumentsIncludingThis):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      (JSC::Arguments::allocateSlowArguments):
      (JSC::Arguments::tryDeleteArgument):
      (JSC::Arguments::isDeletedArgument):
      (JSC::Arguments::isArgument):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSC::JSActivation::JSActivation):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156984 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a62d4829
  4. 23 Sep, 2013 1 commit
    • fpizlo@apple.com's avatar
      Never use ReturnPC for exception handling and quit using exception check... · 48a7bc89
      fpizlo@apple.com authored
      Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
      https://bugs.webkit.org/show_bug.cgi?id=121734
      
      Reviewed by Mark Hahnenberg.
              
      Exception handling can deduce where the exception was thrown from by looking at the
      code origin that was stored into the call frame header. There is no need to pass any
      additional meta-data into the exception throwing logic. But the DFG was still doing it
      anyway.
              
      This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
      and friends. It simplifies a lot of code.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::codeOrigins):
      (JSC::CodeBlock::hasCodeOrigins):
      (JSC::CodeBlock::canGetCodeOrigin):
      (JSC::CodeBlock::codeOrigin):
      * bytecode/CodeOrigin.h:
      (JSC::InlineCallFrame::InlineCallFrame):
      * bytecode/InlineCallFrameSet.cpp: Added.
      (JSC::InlineCallFrameSet::InlineCallFrameSet):
      (JSC::InlineCallFrameSet::~InlineCallFrameSet):
      (JSC::InlineCallFrameSet::add):
      (JSC::InlineCallFrameSet::shrinkToFit):
      * bytecode/InlineCallFrameSet.h: Added.
      (JSC::InlineCallFrameSet::isEmpty):
      (JSC::InlineCallFrameSet::size):
      (JSC::InlineCallFrameSet::at):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCommonData.cpp:
      (JSC::DFG::CommonData::addCodeOrigin):
      (JSC::DFG::CommonData::shrinkToFit):
      * dfg/DFGCommonData.h:
      * dfg/DFGDesiredWriteBarriers.cpp:
      (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
      (JSC::DFG::DesiredWriteBarrier::trigger):
      * dfg/DFGDesiredWriteBarriers.h:
      (JSC::DFG::DesiredWriteBarriers::add):
      (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
      (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::compileExceptionHandlers):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
      (JSC::DFG::JITCompiler::exceptionCheck):
      (JSC::DFG::JITCompiler::fastExceptionCheck):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
      (JSC::DFG::SpeculativeJIT::appendCallSetResult):
      (JSC::DFG::SpeculativeJIT::appendCall):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::callPreflight):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::emitExceptionCheck):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156300 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48a7bc89
  5. 13 Sep, 2013 1 commit
    • msaboff@apple.com's avatar
      fourthTier: Change JSStack to grow from high to low addresses · b70e41bc
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=118758
      
      Reviewed by Oliver Hunt.
      
      Changed the JSC stack to grow down.  Effectively the JSC stack frame is flipped from
      what it was.  See JSStack.h for the new offsets.  Changed JSStack begin() and end()
      to be getBaseOfStack() and getLimitOfStack().  Most of the changes are address or offset
      calculation changes.  Decoupled a local register ordinal (loop variable or array index)
      from the offset into the callFrame using localToOperand() and the inverse operandToLocal().
      
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::trustedImm32ForShift):
      (JSC::MacroAssembler::lshiftPtr): Added to create scaled addresses with a negative index
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::lshift64): Added to create scaled addresses with a negative index
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::shlq_i8r): Added to create scaled addresses with a negative index
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      * bytecode/CodeBlock.h:
      (JSC::unmodifiedArgumentsRegister):
      (JSC::CodeBlock::isCaptured):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::stackOffset):
      * bytecode/Operands.h:
      (JSC::localToOperand):
      (JSC::operandIsLocal):
      (JSC::operandToLocal):
      (JSC::operandIsArgument):
      (JSC::operandToArgument):
      (JSC::argumentToOperand):
      * bytecode/VirtualRegister.h: Made InvalidVirtualRegister a positive value that fits in
      31 bits since it can be placed into the 31 bit field "stackOffset" in struct InlineCallFrame.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::addVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
      (JSC::BytecodeGenerator::newRegister):
      (JSC::BytecodeGenerator::emitNewArray):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::CallArguments::registerOffset):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::CallArguments::CallArguments):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::allocate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callFrameSlot):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
      (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::reportValidationContext):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::genericAddSpan):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::frameExtentInternal):
      * interpreter/CallFrame.h:
      (JSC::ExecState::init):
      (JSC::ExecState::argumentOffset):
      (JSC::ExecState::argumentOffsetIncludingThis):
      (JSC::ExecState::argIndexForRegister):
      * interpreter/Interpreter.cpp:
      (JSC::loadVarargs):
      (JSC::Interpreter::dumpRegisters):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      (JSC::JSStack::~JSStack):
      (JSC::JSStack::growSlowCase):
      (JSC::JSStack::gatherConservativeRoots):
      (JSC::JSStack::releaseExcessCapacity):
      (JSC::JSStack::disableErrorStackReserve):
      * interpreter/JSStack.h:
      (JSC::JSStack::getBaseOfStack):
      (JSC::JSStack::getLimitOfStack):
      (JSC::JSStack::size):
      (JSC::JSStack::end):
      (JSC::JSStack::containsAddress):
      (JSC::JSStack::lowAddress):
      (JSC::JSStack::highAddress):
      (JSC::JSStack::reservationEnd):
      (JSC::JSStack::shrink):
      (JSC::JSStack::grow):
      * interpreter/JSStackInlines.h:
      (JSC::JSStack::getTopOfFrame):
      (JSC::JSStack::pushFrame):
      (JSC::JSStack::popFrame):
      (JSC::JSStack::installTrapsAfterFrame):
      * interpreter/StackVisitor.cpp:
      (JSC::inlinedFrameOffset):
      (JSC::StackVisitor::readInlinedFrame):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileOpCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileOpCall):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_create_activation):
      (JSC::JIT::emit_op_get_argument_by_val):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_get_argument_by_val):
      * jit/JITStubs.cpp:
      (JSC::throwExceptionFromOpCall):
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/ThunkGenerators.cpp:
      (JSC::arityFixup):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::genericCall):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArgList.cpp:
      (JSC::ArgList::getSlice):
      (JSC::MarkedArgumentBuffer::slowAppend):
      * runtime/ArgList.h:
      (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
      (JSC::MarkedArgumentBuffer::slotFor):
      (JSC::MarkedArgumentBuffer::mallocBase):
      (JSC::ArgList::at):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/JSActivation.h:
      (JSC::JSActivation::registersOffset):
      (JSC::JSActivation::tearOff):
      (JSC::JSActivation::isValidIndex):
      * runtime/JSArray.h:
      (JSC::constructArrayNegativeIndexed): New method to create an array from registers that grow down.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::globalExec):
      * runtime/JSGlobalObject.h:
      (JSC::constructArrayNegativeIndexed):
      * runtime/JSString.h:
      * runtime/Operations.h:
      (JSC::jsStringFromRegisterArray):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::captureCount):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155711 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b70e41bc
  6. 10 Sep, 2013 1 commit
  7. 25 Jul, 2013 6 commits
    • oliver@apple.com's avatar
      fourthTier: DFG IR dumps should be easier to read · 237b1464
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119050
      
      Source/JavaScriptCore:
      
      Reviewed by Mark Hahnenberg.
      
      Added a DumpContext that includes support for printing an endnote
      that describes all structures in full, while the main flow of the
      dump just uses made-up names for the structures. This is helpful
      since Structure::dump() may print a lot. The stuff it prints is
      useful, but if it's all inline with the surrounding thing you're
      dumping (often, a node in the DFG), then you get a ridiculously
      long print-out. All classes that dump structures (including
      Structure itself) now have dumpInContext() methods that use
      inContext() for dumping anything that might transitively print a
      structure. If Structure::dumpInContext() is called with a NULL
      context, it just uses dump() like before. Hence you don't have to
      know anything about DumpContext unless you want to.
      
      inContext(*structure, context) dumps something like %B4:Array,
      and the endnote will have something like:
      
          %B4:Array    = 0x10e91a180:[Array, {Edge:100, Normal:101, Line:102, NumPx:103, LastPx:104}, ArrayWithContiguous, Proto:0x10e99ffe0]
      
      where B4 is the inferred name that StringHashDumpContext came up
      with.
      
      Also shortened a bunch of other dumps, removing information that
      isn't so important.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ArrayProfile.cpp:
      (JSC::dumpArrayModes):
      * bytecode/CodeBlockHash.cpp:
      (JSC):
      (JSC::CodeBlockHash::CodeBlockHash):
      (JSC::CodeBlockHash::dump):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::dumpInContext):
      (JSC):
      (JSC::InlineCallFrame::dumpInContext):
      (JSC::InlineCallFrame::dump):
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (InlineCallFrame):
      * bytecode/Operands.h:
      (JSC::OperandValueTraits::isEmptyForDump):
      (Operands):
      (JSC::Operands::dump):
      (JSC):
      * bytecode/OperandsInlines.h: Added.
      (JSC):
      (JSC::::dumpInContext):
      * bytecode/StructureSet.h:
      (JSC::StructureSet::dumpInContext):
      (JSC::StructureSet::dump):
      (StructureSet):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::dump):
      (DFG):
      (JSC::DFG::AbstractValue::dumpInContext):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::operator!):
      (AbstractValue):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      * dfg/DFGCommon.cpp:
      * dfg/DFGCommon.h:
      (JSC::DFG::NodePointerTraits::isEmptyForDump):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::createDumpList):
      * dfg/DFGDisassembler.h:
      (Disassembler):
      * dfg/DFGFlushFormat.h:
      (WTF::inContext):
      (WTF):
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGLazyJSValue.cpp:
      (JSC::DFG::LazyJSValue::dumpInContext):
      (JSC::DFG::LazyJSValue::dump):
      (DFG):
      * dfg/DFGLazyJSValue.h:
      (LazyJSValue):
      * dfg/DFGNode.h:
      (JSC::DFG::nodeMapDump):
      (WTF::inContext):
      (WTF):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGStructureAbstractValue.h:
      (JSC::DFG::StructureAbstractValue::dumpInContext):
      (JSC::DFG::StructureAbstractValue::dump):
      (StructureAbstractValue):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      (JSC::FTL::ExitValue::dump):
      (FTL):
      * ftl/FTLExitValue.h:
      (ExitValue):
      * ftl/FTLLowerDFGToLLVM.cpp:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dumpInContext):
      (FTL):
      * ftl/FTLValueSource.h:
      (ValueSource):
      * runtime/DumpContext.cpp: Added.
      (JSC):
      (JSC::DumpContext::DumpContext):
      (JSC::DumpContext::~DumpContext):
      (JSC::DumpContext::isEmpty):
      (JSC::DumpContext::dump):
      * runtime/DumpContext.h: Added.
      (JSC):
      (DumpContext):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::dump):
      (JSC):
      (JSC::JSValue::dumpInContext):
      * runtime/JSCJSValue.h:
      (JSC):
      (JSValue):
      * runtime/Structure.cpp:
      (JSC::Structure::dumpInContext):
      (JSC):
      (JSC::Structure::dumpBrief):
      (JSC::Structure::dumpContextHeader):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      
      Source/WTF:
      
      Reviewed by Mark Hahnenberg.
      
      Added support for dumping values within a context. By default, if you say
      print(inContext(value, context)) it calls value.dumpInContext(out, context)
      instead of value.dump(out).
      
      Hoisted the support for six-character hashes out of JSC::CodeBlockHash into
      WTF, in the form of SixCharacterHash.h.
      
      Added a helper for creating dump contexts where the inContext() dump will
      just use a short string hash to "name" the object being dumped, and then
      will print out the full dumps in an endnote to your dump.
      
      Added support for using CString as a hashtable key.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/PrintStream.h:
      (WTF):
      (ValueInContext):
      (WTF::ValueInContext::ValueInContext):
      (WTF::ValueInContext::dump):
      (WTF::inContext):
      * wtf/SixCharacterHash.cpp: Added.
      (WTF):
      (WTF::sixCharacterHashStringToInteger):
      (WTF::integerToSixCharacterHashString):
      * wtf/SixCharacterHash.h: Added.
      (WTF):
      * wtf/StringHashDumpContext.h: Added.
      (WTF):
      (StringHashDumpContext):
      (WTF::StringHashDumpContext::StringHashDumpContext):
      (WTF::StringHashDumpContext::getID):
      (WTF::StringHashDumpContext::dumpBrief):
      (WTF::StringHashDumpContext::brief):
      (WTF::StringHashDumpContext::isEmpty):
      (WTF::StringHashDumpContext::dump):
      * wtf/text/CString.cpp:
      (WTF::CString::hash):
      (WTF):
      (WTF::operator<):
      (WTF::CStringHash::equal):
      * wtf/text/CString.h:
      (WTF::CString::CString):
      (CString):
      (WTF::CString::isHashTableDeletedValue):
      (WTF):
      (WTF::CStringHash::hash):
      (CStringHash):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153296 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      237b1464
    • oliver@apple.com's avatar
      fourthTier: CallFrame::trueCallFrame() should populate the bytecodeOffset field · 1e7b6b5d
      oliver@apple.com authored
      when reifying inlined frames..
      https://bugs.webkit.org/show_bug.cgi?id=117209.
      
      Reviewed by Geoffrey Garen.
      
      When reifying an inlined frame, we fill in its CodeBlock, and
      bytecodeOffset. We also set the InlinedFrame bit in the location field.
      This is needed in order to iterate the stack correctly. Here's why:
      
          Let's say we have the following stack trace:
            X calls A inlines B inlines C calls D
      
          Based on the above scenario,
          1. D's callerFrame points to A (not C).
          2. A has a codeOriginIndex that points to C.
      
      When iterating the stack (from D back towards X), we will encounter A
      twice:
      
          t1. when trying to find C as D's caller.
              This is the time when we reify B and C using the
              codeOriginIndex in A, and return C as the caller frame of D.
      
          t2. when getting's the reified B's caller.
              This time, we don't run the reification process, and
              just take A as the caller frame of B.
      
      To discern which treatment of the DFG frame (i.e. A) we need to apply,
      we check if the callee is an inlined frame:
      
          If callee is NOT an inlined frame (e.g. frame D), apply treatment t1.
          If callee is an inlined frame (e.g. frame B), apply treatment t2.
      
      Why not just reify A by replacing its codeOriginIndex with A's
      bytecodeOffset?
      
      We can't do this because D's callerFrame pointer still points to A, and
      needs to remain that way because we did not deopt A. It remains a DFG
      frame which inlined B and C.
      
      If we replace the codeOriginIndex in A with A's bytecodeOffset, we will
      only get to iterate the stack correctly once. If we try to iterate the
      stack a second time, we will not have the information from the
      codeOriginIndex to tell us that D's caller is actually the inlined C,
      and not A.
      
      To recap, when reifying frames for stack iteration purposes, the DFG
      frame needs to hold on to its codeOriginIndex. This in turn means the
      DFG frame will need to be treated in 2 possible ways, and we need to
      know if a callee frame is an inlined frame in order to choose the
      correct treatment for the DFG frame.
      
      Other changes:
      - Simplified Interpreter::getCallerInfo().
      - Removed CodeBlock::codeOriginForReturn() and supporting code
        which is now unneeded.
      - Moved CallFrame location bit encoding from the CodeOrigin to the
        new CallFrame::Location class.
      - Explicitly tagged inlined frames. This is necessary in order to
        iterate the stack correctly as explained above.
      
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::codeOrigins):
      (CodeBlock):
      (JSC::CodeBlock::codeOrigin):
      (RareData):
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::beginCall):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::trueCallFrame):
      (JSC::CallFrame::trueCallerFrame):
      (JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):
      * interpreter/CallFrame.h:
      (Location):
      (ExecState):
      (JSC::ExecState::trueCallerFrame):
      (JSC::ExecState::callerFrameNoFlags):
      * interpreter/CallFrameInlines.h:
      (JSC::CallFrame::Location::encode):
      (JSC::CallFrame::Location::decode):
      (JSC::CallFrame::Location::isBytecodeOffset):
      (JSC::CallFrame::Location::isCodeOriginIndex):
      (JSC::CallFrame::Location::isInlinedFrame):
      (JSC::CallFrame::isInlinedFrame):
      (JSC::CallFrame::setIsInlinedFrame):
      (JSC::CallFrame::hasLocationAsBytecodeOffset):
      (JSC::CallFrame::hasLocationAsCodeOriginIndex):
      (JSC::CallFrame::locationAsBytecodeOffset):
      (JSC::CallFrame::setLocationAsBytecodeOffset):
      (JSC::CallFrame::locationAsCodeOriginIndex):
      * interpreter/Interpreter.cpp:
      (JSC::getCallerInfo):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::findFunctionCallFrameFromVMCode):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153211 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1e7b6b5d
    • oliver@apple.com's avatar
      fourthTier: Disambiguate between CallFrame bytecodeOffset and codeOriginIndex. · c4497327
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117262.
      
      Reviewed by Geoffrey Garen.
      
      When writing to the ArgumentCount tag in CallFrame, we will set the high
      bit if the written value is a codeOriginIndex.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (JSC::CodeOrigin::isHandle):
      (JSC::CodeOrigin::encodeHandle):
      (JSC::CodeOrigin::decodeHandle):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::beginCall):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::locationAsBytecodeOffset):
      (JSC::CallFrame::setLocationAsBytecodeOffset):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallFrame):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::inlineCallFrame):
      * interpreter/CallFrameInlines.h: Added.
      (JSC::CallFrame::hasLocationAsBytecodeOffset):
      (JSC::CallFrame::hasLocationAsCodeOriginIndex):
      (JSC::CallFrame::locationAsRawBits):
      (JSC::CallFrame::setLocationAsRawBits):
      (JSC::CallFrame::locationAsBytecodeOffset):
      (JSC::CallFrame::setLocationAsBytecodeOffset):
      (JSC::CallFrame::locationAsCodeOriginIndex):
      * interpreter/Interpreter.cpp:
      (JSC::getBytecodeOffsetForCallFrame):
      (JSC::getCallerInfo):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153209 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c4497327
    • oliver@apple.com's avatar
      fourthTier: Remove CodeOrigin::valueProfileOffset since it was only needed for op_call_put_result. · bc2930b5
      oliver@apple.com authored
      Rubber stamped by Mark Hahnenberg.
      
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (JSC::CodeOrigin::CodeOrigin):
      (JSC::CodeOrigin::isSet):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::currentCodeOrigin):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueProfileFor):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bc2930b5
    • oliver@apple.com's avatar
      fourthTier: Rationalized 'this' conversion, includes subsequent FTL branch fixes · e2fe4ceb
      oliver@apple.com authored
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
          This fixes a bunch of Sputnik tests, and some bad pointer access.
      
          The new model is that the callee always performs 'this' value conversion.
      
          My ultimate goal is to break up resolve_with_this into single-result
          opcodes. This step avoids having to add a special form of convert_this
          that distinguishes callers vs callees.
      
          Only the callee knows whether it uses 'this' and/or whether 'this'
          conversion should use StrictMode, so it's most natural to perform
          convert_this in the callee.
      
          * API/JSCallbackFunction.cpp:
          (JSC::JSCallbackFunction::call): Perform 'this' value conversion for
          our callee, since it may observe 'this'.
      
          * API/JSCallbackObjectFunctions.h:
          (JSC::::call): Ditto.
      
          * API/JSContextRef.cpp:
          (JSGlobalContextCreateInGroup): Use a proxy 'this' object in global scope
          even when we're not in the browser. This eliminates some odd cases where
          API clients used to be able to get a direct reference to an environment
          record. Now, any reference to an environment record unambiguously means
          that the VM resolved that record in the scope chain.
      
          (JSContextGetGlobalObject): Removed an incorrect comment. Now that JSC
          participates in the proxy 'this' object scheme, the behavior is not
          WebCore-only.
      
          * API/JSObjectRef.cpp:
          (JSObjectSetPrototype):
          (JSObjectCallAsFunction): Don't perform 'this' value conversion in the
          caller; the callee will do it if needed.
      
          * JavaScriptCore.order: Order!
      
          * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
          * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
          What are the chances that this will work?
      
          * bytecode/CodeBlock.cpp:
          (JSC::CodeBlock::dumpBytecode):
          (JSC::CodeBlock::CodeBlock): Renamed convert_this to to_this, to match our
          other conversion opcodes.
      
          * bytecode/CodeOrigin.h:
          (CodeOrigin):
          (InlineCallFrame):
          (JSC::CodeOrigin::codeOriginOwner): Use the more precise type for our
          executable, so compilation can discover where we're in strict mode.
      
          * bytecode/Opcode.h:
          (JSC::padOpcodeName): Updated for rename.
      
          * bytecompiler/BytecodeGenerator.cpp:
          (JSC::BytecodeGenerator::BytecodeGenerator): Always emit to_this when
          'this' is in use -- strict mode still needs to convert environment
          records to 'undefined'.
      
          * dfg/DFGAbstractState.cpp:
          (JSC::DFG::AbstractState::executeEffects):
          * dfg/DFGByteCodeParser.cpp:
          (JSC::DFG::ByteCodeParser::parseBlock):
          * dfg/DFGCapabilities.h:
          (JSC::DFG::canCompileOpcode): Updated for renames.
      
          * dfg/DFGFixupPhase.cpp:
          (JSC::DFG::FixupPhase::fixupNode): Tightened up this code to consider
          strict mode (a new requirement) and to consider the global object (which
          was always a requirement).
      
          * dfg/DFGGraph.h:
          (JSC::DFG::Graph::globalThisObjectFor):
          (JSC::DFG::Graph::executableFor):
          * dfg/DFGNodeType.h:
          * dfg/DFGOperations.cpp:
          * dfg/DFGOperations.h:
          * dfg/DFGPredictionPropagationPhase.cpp:
          (JSC::DFG::PredictionPropagationPhase::propagate):
          * dfg/DFGSpeculativeJIT32_64.cpp:
          (JSC::DFG::SpeculativeJIT::compile):
          * dfg/DFGSpeculativeJIT64.cpp:
          (JSC::DFG::SpeculativeJIT::compile): Ditto.
      
          * interpreter/Interpreter.cpp:
          (JSC::eval):
          (JSC::Interpreter::execute):
          (JSC::Interpreter::executeCall):
          * interpreter/Interpreter.h: Don't ASSERT about 'this' -- it's our job
          to fix it up if needed.
      
          * jit/JIT.cpp:
          (JSC::JIT::privateCompileMainPass):
          (JSC::JIT::privateCompileSlowCases):
          * jit/JIT.h:
          (JIT):
          * jit/JITOpcodes.cpp:
          (JSC::JIT::emit_op_to_this):
          (JSC::JIT::emitSlow_op_to_this):
          * jit/JITOpcodes32_64.cpp:
          (JSC::JIT::emit_op_to_this):
          (JSC::JIT::emitSlow_op_to_this):
          * jit/JITStubs.cpp:
          (JSC::DEFINE_STUB_FUNCTION):
          * jit/JITStubs.h: Removed special-case code for various kinds of
          conversions. The baseline fast path is now final objects only. It hurt
          my brain to think through how to keep the other fast paths working, and
          our benchmarks do not object.
      
          * llint/LLIntData.cpp:
          (JSC::LLInt::Data::performAssertions):
          * llint/LLIntSlowPaths.cpp:
          (JSC::LLInt::LLINT_SLOW_PATH_DECL):
          * llint/LLIntSlowPaths.h:
          (LLInt):
          * llint/LowLevelInterpreter.asm:
          * llint/LowLevelInterpreter32_64.asm:
          * llint/LowLevelInterpreter64.asm: Updated for renames. Removed some
          special case code, as in the JIT above.
      
          * profiler/ProfileGenerator.cpp:
          (JSC::ProfileGenerator::addParentForConsoleStart):
          * runtime/CallData.cpp:
          (JSC::call):
          * runtime/ClassInfo.h:
          (MethodTable):
          * runtime/Completion.cpp:
          (JSC::evaluate):
          * runtime/DatePrototype.cpp:
          (JSC::dateProtoFuncToJSON): The callee performs 'this' conversion, not
          the caller.
      
          * runtime/GetterSetter.cpp:
          (JSC::callGetter):
          (JSC::callSetter):
          * runtime/GetterSetter.h: Added helper functions for invoking getters
          and setters from C++ code, since this was duplicated in a bunch of
          places.
      
          * runtime/JSActivation.cpp:
          (JSC::JSActivation::toThis):
          * runtime/JSActivation.h:
          (JSActivation):
          * runtime/JSCJSValue.cpp:
          (JSC::JSValue::toThisSlowCase):
          (JSC::JSValue::putToPrimitive):
          * runtime/JSCJSValue.h:
          (JSValue):
          * runtime/JSCJSValueInlines.h:
          (JSC::JSValue::toThis):
          * runtime/JSCell.cpp:
          (JSC::JSCell::toThis):
          * runtime/JSCell.h:
          (JSCell):
          * runtime/JSGlobalObject.cpp:
          (JSC::JSGlobalObject::toThis):
          * runtime/JSGlobalObject.h:
          (JSGlobalObject): Filled out runtime support for converting 'this'
          values as needed, according to the appropriate strictness, using
          helper functions where getter/setter code was duplicated.
      
          * runtime/JSGlobalObjectFunctions.cpp:
          (JSC::globalFuncProtoGetter):
          (JSC::globalFuncProtoSetter): Perform 'this' value conversion, since we
          observe 'this'.
      
          * runtime/JSNameScope.cpp:
          (JSC::JSNameScope::toThis):
          * runtime/JSNameScope.h:
          (JSNameScope): Same as JSActivation.
      
          * runtime/JSObject.cpp:
          (JSC::JSObject::put):
          (JSC::JSObject::setPrototypeWithCycleCheck): Bug fix. Don't peform
          'this' value conversion in this helper function. The __proto__
          setter does this for us, since it's the function that logically observes
          'this' -- and we can ASSERT so. Also, the previous code used
          "globalExec()->thisValue()", which is a read past the beginning of a
          buffer! I don't think this ever worked on purpose.
      
          (JSC::JSObject::toThis):
          (JSC::JSObject::fillGetterPropertySlot):
          * runtime/JSObject.h:
          (JSC::JSObject::inlineGetOwnPropertySlot):
          * runtime/JSScope.cpp:
          (JSC::JSScope::resolveWithThis):
          * runtime/JSString.cpp:
          (JSC::JSString::toThis):
          * runtime/JSString.h:
          (JSString):
          * runtime/PropertySlot.cpp:
          (JSC::PropertySlot::functionGetter):
          * runtime/PropertySlot.h:
          (JSC):
          (JSC::PropertySlot::setGetterSlot):
          (JSC::PropertySlot::setCacheableGetterSlot):
          * runtime/SparseArrayValueMap.cpp:
          (JSC::SparseArrayEntry::get):
          (JSC::SparseArrayEntry::put):
          * runtime/StrictEvalActivation.cpp:
          (JSC::StrictEvalActivation::toThis):
          * runtime/StrictEvalActivation.h:
          (StrictEvalActivation): Ditto.
      
      Source/WebCore:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      Source/WebKit/mac:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      Source/WebKit2:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      LayoutTests:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153145 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e2fe4ceb
    • oliver@apple.com's avatar
      fourthTier: DFG tries to ref/deref StringImpls in a ton of places · 02039469
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=115300
      
      Source/JavaScriptCore:
      
      Reviewed by Geoffrey Garen.
      
      Change any code transitively called from DFG compilation to use StringImpl*
      directly instead of String, Identifier, or PropertyName. I use the convention
      of passing "StringImpl* uid" instead of an Identifier or PropertyName.
      
      Switch over any code transitively called from DFG compilation to use CStrings
      whenever possible for all of its debug dumping.
      
      This makes it possible to compile things without hitting the ref/deref
      assertion in StringImpl.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::inferredName):
      (JSC::CodeBlock::sourceCodeForTools):
      (JSC::CodeBlock::sourceCodeOnOneLine):
      (JSC::constantName):
      (JSC::idName):
      (JSC::CodeBlock::registerName):
      (JSC::regexpToSourceString):
      (JSC::regexpName):
      (JSC::pointerToSourceString):
      (JSC::CodeBlock::printUnaryOp):
      (JSC::CodeBlock::printBinaryOp):
      (JSC::CodeBlock::printConditionalJump):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::dumpStructure):
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::printPutByIdOp):
      (JSC::CodeBlock::printStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dumpBytecode):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/CodeBlockHash.cpp:
      (JSC::CodeBlockHash::CodeBlockHash):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::inferredName):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC::GetByIdStatus::computeForChain):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC):
      (GetByIdStatus):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (JSC):
      (PutByIdStatus):
      * bytecode/ReduceWhitespace.cpp:
      (JSC::reduceWhitespace):
      * bytecode/ReduceWhitespace.h:
      (JSC):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ResolveGlobalStatus.h:
      (JSC):
      (ResolveGlobalStatus):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGDesiredIdentifiers.cpp: Added.
      (DFG):
      (JSC::DFG::DesiredIdentifiers::DesiredIdentifiers):
      (JSC::DFG::DesiredIdentifiers::~DesiredIdentifiers):
      (JSC::DFG::DesiredIdentifiers::addLazily):
      (JSC::DFG::DesiredIdentifiers::reallyAdd):
      * dfg/DFGDesiredIdentifiers.h: Added.
      (DFG):
      (DesiredIdentifiers):
      (JSC::DFG::DesiredIdentifiers::numberOfIdentifiers):
      (JSC::DFG::DesiredIdentifiers::at):
      (JSC::DFG::DesiredIdentifiers::operator[]):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::identifierUID):
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * parser/SourceCode.cpp: Added.
      (JSC):
      (JSC::SourceCode::toUTF8):
      * parser/SourceCode.h:
      (SourceCode):
      * profiler/ProfilerBytecodes.cpp:
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerBytecodes.h:
      (JSC::Profiler::Bytecodes::inferredName):
      (JSC::Profiler::Bytecodes::sourceCode):
      (Bytecodes):
      * runtime/Identifier.h:
      (JSC::Identifier::utf8):
      (JSC):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransitionToExistingStructureImpl):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
      (JSC::Structure::getConcurrently):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      (JSC):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::getConcurrently):
      
      Source/WTF:
      
      Reviewed by Geoffrey Garen.
      
      Make it possible to do more things directly to StringImpl*'s, including being
      able to directly do utf8 conversion on a substring without creating the
      substring first.
      
      Add assertions to StringImpl that it isn't being ref/deref'd from the
      compilation thread.
      
      * wtf/PrintStream.cpp:
      (WTF::printInternal):
      (WTF):
      * wtf/PrintStream.h:
      (WTF):
      (WTF::printInternal):
      * wtf/StringPrintStream.h:
      (WTF):
      (WTF::toCString):
      * wtf/text/StringImpl.cpp:
      (WTF::StringImpl::utf8ForRange):
      (WTF::StringImpl::utf8):
      (WTF):
      * wtf/text/StringImpl.h:
      (StringImpl):
      (WTF::StringImpl::hasAtLeastOneRef):
      (WTF::StringImpl::ref):
      (WTF::StringImpl::deref):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153142 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02039469
  8. 24 Jan, 2013 1 commit
    • oliver@apple.com's avatar
      Harden JSC a bit with RELEASE_ASSERT · 903b0c0b
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=107766
      
      Reviewed by Mark Hahnenberg.
      
      Went through and replaced a pile of ASSERTs that were covering
      significantly important details (bounds checks, etc) where
      having the checks did not impact release performance in any
      measurable way.
      
      * API/JSContextRef.cpp:
      (JSContextCreateBacktrace):
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::branchAdd32):
      (JSC::MacroAssembler::branchMul32):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::handlerForBytecodeOffset):
      (JSC::CodeBlock::lineNumberForBytecodeOffset):
      (JSC::CodeBlock::bytecodeOffset):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::exceptionHandler):
      (JSC::CodeBlock::codeOrigin):
      (JSC::CodeBlock::immediateSwitchJumpTable):
      (JSC::CodeBlock::characterSwitchJumpTable):
      (JSC::CodeBlock::stringSwitchJumpTable):
      (JSC::CodeBlock::setIdentifiers):
      (JSC::baselineCodeBlockForInlineCallFrame):
      (JSC::ExecState::uncheckedR):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::inlineStack):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::CodeOrigin):
      * dfg/DFGCSEPhase.cpp:
      * dfg/DFGOSRExit.cpp:
      * dfg/DFGScratchRegisterAllocator.h:
      (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
      (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::allocate):
      (JSC::DFG::SpeculativeJIT::spill):
      (JSC::DFG::SpeculativeJIT::integerResult):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::ValueSource::ValueSource):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      * heap/BlockAllocator.cpp:
      (JSC::BlockAllocator::BlockAllocator):
      (JSC::BlockAllocator::releaseFreeRegions):
      (JSC::BlockAllocator::blockFreeingThreadMain):
      * heap/Heap.cpp:
      (JSC::Heap::lastChanceToFinalize):
      (JSC::Heap::collect):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      * jit/GCAwareJITStubRoutine.cpp:
      (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      * jit/JITInlines.h:
      (JSC::JIT::emitLoad):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_end):
      (JSC::JIT::emit_resolve_operations):
      * jit/JITStubRoutine.cpp:
      (JSC::JITStubRoutine::observeZeroRefCount):
      * jit/JITStubs.cpp:
      (JSC::returnToThrowTrampoline):
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      (JSC::Arguments::didTearOffActivation):
      * runtime/ArrayPrototype.cpp:
      (JSC::shift):
      (JSC::unshift):
      (JSC::arrayProtoFuncLastIndexOf):
      * runtime/ButterflyInlines.h:
      (JSC::Butterfly::growPropertyStorage):
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
      * runtime/CodeCache.h:
      (JSC::CacheMap::add):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::EvalExecutable::unlinkCalls):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::unlinkCalls):
      (JSC::ProgramExecutable::initializeGlobalProperties):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::unlinkCalls):
      (JSC::NativeExecutable::hashFor):
      * runtime/Executable.h:
      (JSC::EvalExecutable::compile):
      (JSC::ProgramExecutable::compile):
      (JSC::FunctionExecutable::compileForCall):
      (JSC::FunctionExecutable::compileForConstruct):
      * runtime/IndexingHeader.h:
      (JSC::IndexingHeader::setVectorLength):
      * runtime/JSArray.cpp:
      (JSC::JSArray::pop):
      (JSC::JSArray::shiftCountWithArrayStorage):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::jsStrDecimalLiteral):
      * runtime/JSObject.cpp:
      (JSC::JSObject::copyButterfly):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      * runtime/JSString.cpp:
      (JSC::JSRopeString::getIndexSlowCase):
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::Interpreter::popParenthesesDisjunctionContext):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140619 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      903b0c0b
  9. 08 Jan, 2013 2 commits
    • fpizlo@apple.com's avatar
      REGRESSION (r138921): Crash in JSC::Arguments::create · 608ecbe4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=106329
      <rdar://problem/12974196>
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      Arguments::finishCreation() that takes an InlineCallFrame* needs to understand that the callee can
      be unset, indicating that the callee needs to be loaded from the true call frame. This adds a
      method to InlineCallFrame to do just that.
      
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::calleeForCallFrame):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreation):
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
      
      * fast/js/dfg-create-inlined-arguments-in-closure-inline-expected.txt: Added.
      * fast/js/dfg-create-inlined-arguments-in-closure-inline.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-create-inlined-arguments-in-closure-inline.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139109 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      608ecbe4
    • fpizlo@apple.com's avatar
      Rationalize closure call heuristics and profiling · 806b5821
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=106270
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Did a number of things:
              
      - CallLinkInfo now remembers if it was ever a closure call, and CallLinkStatus uses
        this. Reduces the likelihood that we will inline a closure call as if it was a
        normal call.
              
      - Made InlineCallFrame print inferred function names, and refactored
        CodeBlock::inferredName() to better use FunctionExecutable's API.
              
      - Made bytecode dumping print frequent exit sites that led to recompilation.
              
      - Made bytecode dumping for op_call and op_construct print what the CallLinkStatus
        saw.
              
      * bytecode/CallLinkInfo.h:
      (JSC::CallLinkInfo::CallLinkInfo):
      (CallLinkInfo):
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::inferredName):
      (JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
      (JSC::CodeBlock::printCallOp):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::dump):
      (JSC::InlineCallFrame::inferredName):
      (JSC):
      (JSC::InlineCallFrame::dumpBriefFunctionInformation):
      (JSC::InlineCallFrame::dump):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      * bytecode/DFGExitProfile.cpp:
      (JSC::DFG::ExitProfile::exitSitesFor):
      (DFG):
      * bytecode/DFGExitProfile.h:
      (ExitProfile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
              
      Add a macro to add a method to a class that returns a dumper. Allows you to have
      secondary dump() methods for dumping either more or less information.
      
      * wtf/PrintStream.h:
      (WTF):
      
      Tools: 
      
      Reviewed by Oliver Hunt.
              
      Add ability to use display-profiler-output via a pipe, and add the ability to dump
      all generated code ('display *' or 'd *').
      
      * Scripts/display-profiler-output:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139021 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      806b5821
  10. 02 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG inlining machinery should be robust against the inline callee varying... · 439e9e55
      fpizlo@apple.com authored
      DFG inlining machinery should be robust against the inline callee varying while the executable stays the same
      https://bugs.webkit.org/show_bug.cgi?id=105953
      
      Reviewed by Mark Hahnenberg.
              
      This institutes the policy that if InlineCallFrame::callee is null, then the callee and scope have already
      been stored into the true call frame (i.e. the place where the call frame of the inlined call would have
      been) and so any attempt to access the callee or scope should do a load instead of assuming that the value
      is constant. This wires the changes through the bytecode parser, the stack scanning logic, and the compiler
      optimization phases and backends.
      
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::dump):
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (InlineCallFrame):
      (JSC::InlineCallFrame::isClosureCall):
      (JSC::CodeOrigin::stackOffset):
      (JSC):
      * dfg/DFGAssemblyHelpers.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::get):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::getScope):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCSEPhase.cpp:
      (CSEPhase):
      (JSC::DFG::CSEPhase::genericPureCSE):
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::pureCSERequiringSameInlineCallFrame):
      (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::trueCallFrame):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@138669 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      439e9e55
  11. 05 Dec, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should be able to report profiling data associated with the IR dumps and disassembly · 4a81fa41
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=102999
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Added a new profiler to JSC. It's simply called "Profiler" in anticipation of it
      ultimately replacing the previous profiling infrastructure. This profiler counts the
      number of times that a bytecode executes in various engines, and will record both the
      counts and all disassembly and bytecode dumps, into a database that can be at any
      time turned into either a JS object using any global object or global data of your
      choice, or can be turned into a JSON string, or saved to a file.
              
      Currently the only use of this is the new '-p <file>' flag to the jsc command-line.
              
      The profiler is always compiled in and normally incurs no execution time cost, but is
      only activated when you create a Profiler::Database and install it in
      JSGlobalData::m_perBytecodeProfiler. From that point on, all code blocks will be
      compiled along with disassembly and bytecode dumps stored into the Profiler::Database,
      and all code blocks will have execution counts, which are also stored in the database.
      The database will continue to keep information about code blocks alive even after they
      are otherwise GC'd.
              
      This currently still has some glitches, like the fact that it only counts executions
      in the JITs. Doing execution counting in the LLInt might require a bit of a rethink
      about how the counting is expressed - currently it is implicit in bytecode, so there
      is no easy way to "turn it on" in the LLInt. Also, right now there is no information
      recorded about OSR exits or out-of-line stubs. But, even so, it's quite cool, and
      gives you a peek into what JSC is doing that would otherwise not be possible.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::~CodeBlock):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::baselineCodeBlock):
      (JSC):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dump):
      (DFG):
      (JSC::DFG::Disassembler::reportToProfiler):
      (JSC::DFG::Disassembler::dumpHeader):
      (JSC::DFG::Disassembler::append):
      (JSC::DFG::Disassembler::createDumpList):
      * dfg/DFGDisassembler.h:
      (Disassembler):
      (JSC::DFG::Disassembler::DumpedOp::DumpedOp):
      (DumpedOp):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGNode.h:
      (Node):
      (JSC::DFG::Node::hasExecutionCounter):
      (JSC::DFG::Node::executionCounter):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JIT):
      * jit/JITDisassembler.cpp:
      (JSC::JITDisassembler::dump):
      (JSC::JITDisassembler::reportToProfiler):
      (JSC):
      (JSC::JITDisassembler::dumpHeader):
      (JSC::JITDisassembler::firstSlowLabel):
      (JSC::JITDisassembler::dumpVectorForInstructions):
      (JSC::JITDisassembler::dumpForInstructions):
      (JSC::JITDisassembler::reportInstructions):
      * jit/JITDisassembler.h:
      (JITDisassembler):
      (DumpedOp):
      * jsc.cpp:
      (CommandLine::CommandLine):
      (CommandLine):
      (printUsageStatement):
      (CommandLine::parseArguments):
      (jscmain):
      * profiler/ProfilerBytecode.cpp: Added.
      (Profiler):
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecode.h: Added.
      (Profiler):
      (Bytecode):
      (JSC::Profiler::Bytecode::Bytecode):
      (JSC::Profiler::Bytecode::bytecodeIndex):
      (JSC::Profiler::Bytecode::description):
      (JSC::Profiler::getBytecodeIndexForBytecode):
      * profiler/ProfilerBytecodes.cpp: Added.
      (Profiler):
      (JSC::Profiler::Bytecodes::Bytecodes):
      (JSC::Profiler::Bytecodes::~Bytecodes):
      (JSC::Profiler::Bytecodes::indexForBytecodeIndex):
      (JSC::Profiler::Bytecodes::forBytecodeIndex):
      (JSC::Profiler::Bytecodes::dump):
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerBytecodes.h: Added.
      (Profiler):
      (Bytecodes):
      (JSC::Profiler::Bytecodes::append):
      (JSC::Profiler::Bytecodes::id):
      (JSC::Profiler::Bytecodes::hash):
      (JSC::Profiler::Bytecodes::size):
      (JSC::Profiler::Bytecodes::at):
      * profiler/ProfilerCompilation.cpp: Added.
      (Profiler):
      (JSC::Profiler::Compilation::Compilation):
      (JSC::Profiler::Compilation::~Compilation):
      (JSC::Profiler::Compilation::addDescription):
      (JSC::Profiler::Compilation::executionCounterFor):
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompilation.h: Added.
      (Profiler):
      (Compilation):
      (JSC::Profiler::Compilation::bytecodes):
      (JSC::Profiler::Compilation::kind):
      * profiler/ProfilerCompilationKind.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * profiler/ProfilerCompilationKind.h: Added.
      (Profiler):
      (WTF):
      * profiler/ProfilerCompiledBytecode.cpp: Added.
      (Profiler):
      (JSC::Profiler::CompiledBytecode::CompiledBytecode):
      (JSC::Profiler::CompiledBytecode::~CompiledBytecode):
      (JSC::Profiler::CompiledBytecode::toJS):
      * profiler/ProfilerCompiledBytecode.h: Added.
      (Profiler):
      (CompiledBytecode):
      (JSC::Profiler::CompiledBytecode::originStack):
      (JSC::Profiler::CompiledBytecode::description):
      * profiler/ProfilerDatabase.cpp: Added.
      (Profiler):
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::~Database):
      (JSC::Profiler::Database::addBytecodes):
      (JSC::Profiler::Database::ensureBytecodesFor):
      (JSC::Profiler::Database::notifyDestruction):
      (JSC::Profiler::Database::newCompilation):
      (JSC::Profiler::Database::toJS):
      (JSC::Profiler::Database::toJSON):
      (JSC::Profiler::Database::save):
      * profiler/ProfilerDatabase.h: Added.
      (Profiler):
      (Database):
      * profiler/ProfilerExecutionCounter.h: Added.
      (Profiler):
      (ExecutionCounter):
      (JSC::Profiler::ExecutionCounter::ExecutionCounter):
      (JSC::Profiler::ExecutionCounter::address):
      (JSC::Profiler::ExecutionCounter::count):
      * profiler/ProfilerOrigin.cpp: Added.
      (Profiler):
      (JSC::Profiler::Origin::Origin):
      (JSC::Profiler::Origin::dump):
      (JSC::Profiler::Origin::toJS):
      * profiler/ProfilerOrigin.h: Added.
      (JSC):
      (Profiler):
      (Origin):
      (JSC::Profiler::Origin::Origin):
      (JSC::Profiler::Origin::operator!):
      (JSC::Profiler::Origin::bytecodes):
      (JSC::Profiler::Origin::bytecodeIndex):
      (JSC::Profiler::Origin::operator!=):
      (JSC::Profiler::Origin::operator==):
      (JSC::Profiler::Origin::hash):
      (JSC::Profiler::Origin::isHashTableDeletedValue):
      (JSC::Profiler::OriginHash::hash):
      (JSC::Profiler::OriginHash::equal):
      (OriginHash):
      (WTF):
      * profiler/ProfilerOriginStack.cpp: Added.
      (Profiler):
      (JSC::Profiler::OriginStack::OriginStack):
      (JSC::Profiler::OriginStack::~OriginStack):
      (JSC::Profiler::OriginStack::append):
      (JSC::Profiler::OriginStack::operator==):
      (JSC::Profiler::OriginStack::hash):
      (JSC::Profiler::OriginStack::dump):
      (JSC::Profiler::OriginStack::toJS):
      * profiler/ProfilerOriginStack.h: Added.
      (JSC):
      (Profiler):
      (OriginStack):
      (JSC::Profiler::OriginStack::OriginStack):
      (JSC::Profiler::OriginStack::operator!):
      (JSC::Profiler::OriginStack::size):
      (JSC::Profiler::OriginStack::fromBottom):
      (JSC::Profiler::OriginStack::fromTop):
      (JSC::Profiler::OriginStack::isHashTableDeletedValue):
      (JSC::Profiler::OriginStackHash::hash):
      (JSC::Profiler::OriginStackHash::equal):
      (OriginStackHash):
      (WTF):
      * runtime/CommonIdentifiers.h:
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::~JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/Options.h:
      (JSC):
      
      Source/WTF: 
      
      Made some minor changes to support the new profiler. FileOutputStream now has an
      open() method, and DataLog uses it. StringPrintStream has a reset() method, which
      allows you to reuse the same StringPrintStream for creating multiple strings.
      SegmentedVector now has a const operator[]. And, WTFString now can do fromUTF8() on
      a CString directly.
      
      * wtf/DataLog.cpp:
      (WTF::initializeLogFileOnce):
      * wtf/FilePrintStream.cpp:
      (WTF::FilePrintStream::open):
      (WTF):
      * wtf/FilePrintStream.h:
      * wtf/SegmentedVector.h:
      (WTF::SegmentedVector::at):
      (SegmentedVector):
      (WTF::SegmentedVector::operator[]):
      * wtf/StringPrintStream.cpp:
      (WTF::StringPrintStream::reset):
      (WTF):
      * wtf/StringPrintStream.h:
      (StringPrintStream):
      * wtf/text/WTFString.cpp:
      (WTF::String::fromUTF8):
      (WTF):
      * wtf/text/WTFString.h:
      (String):
      
      Tools: 
      
      Added a tool that allows you to grok the output from JSC's new profiler. Currently,
      this still gets confused a bit about the execution counts of a method running
      standalone versus a method running inlined, but other than that, it's pretty cool.
      See the attached "sampling profiling session" attached to the bug to see it in
      action.
              
      Also had to feed EFL's build system.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      * Scripts/display-profiler-output: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136601 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4a81fa41
  12. 30 Nov, 2012 2 commits
    • fpizlo@apple.com's avatar
      Rationalize and clean up DFG handling of scoped accesses · 20d46248
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=103715
      
      Reviewed by Oliver Hunt.
      
      Previously, we had a GetScope node that specified the depth to which you wanted
      to travel to get a JSScope, and the backend implementation of the node would
      perform all of the necessary footwork, including potentially skipping the top
      scope if necessary, and doing however many loads were needed. But there were
      strange things. First, if you had accesses at different scope depths, then the
      loads to get to the common depth could not be CSE'd - CSE would match only
      GetScope's that had identical depth. Second, GetScope would be emitted even if
      we already had the scope, for example in put_to_base. And finally, even though
      the ResolveOperations could tell us whether or not we had to skip the top scope,
      the backend would recompute this information itself, often pessimistically.
              
      This eliminates GetScope and replaces it with the following:
              
      GetMyScope: just get the JSScope from the call frame header. This will forever
      mean getting the JSScope associated with the machine call frame; it will not
      mean getting the scope of an inlined function. Or at least that's the intent.
              
      SkipTopScope: check if there is an activation, and if so, skip a scope. This
      takes a scope as a child and returns a scope.
              
      SkipScope: skip one scope level.
              
      The bytecode parser now emits the right combination of the above, and
      potentially emits multiple SkipScope's, based on the ResolveOperations.
              
      This change also includes some fixups to debug logging. We now always print
      the ExecutableBase* in addition to the CodeBlock* in the CodeBlock's dump,
      and we are now more verbose when dumping CodeOrigins and InlineCallFrames.
              
      This is performance-neutral. It's just meant to be a clean-up.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpAssumingJITType):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::inlineStack):
      (JSC::CodeOrigin::dump):
      (JSC):
      (JSC::InlineCallFrame::dump):
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (InlineCallFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getScope):
      (DFG):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dump):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dumpBlockHeader):
      * dfg/DFGNode.h:
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITDisassembler.cpp:
      (JSC::JITDisassembler::dump):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136276 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      20d46248
    • fpizlo@apple.com's avatar
      It should be easy to find code blocks in debug dumps · 0bfcc38a
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=103623
      
      Source/JavaScriptCore: 
      
      Reviewed by Goeffrey Garen.
      
      This gives CodeBlock a relatively strong, but also relatively compact, hash. We compute
      it lazily so that it only impacts run-time when debug support is enabled. We stringify
      it smartly so that it's short and easy to type. We base it on the source code so that
      the optimization level is irrelevant. And, we use SHA1 since it's already in our code
      base. Now, when a piece of code wants to print some debugging to say that it's operating
      on some code block, it can use this CodeBlockHash instead of memory addresses.
      
      This also takes CodeBlock debugging into the new world of print() and dataLog(). In
      particular, CodeBlock::dump() corresponds to the thing you want printed if you do:
      
      dataLog("I heart ", *myCodeBlock);
      
      Probably, you want to just print some identifying information at this point rather than
      the full bytecode dump. So, the existing CodeBlock::dump() has been renamed to
      CodeBlock::dumpBytecode(), and CodeBlock::dump() now prints the CodeBlockHash plus just
      a few little tidbits.
              
      Here's an example of CodeBlock::dump() output:
              
      EkILzr:[0x103883a00, BaselineFunctionCall]
              
      EkILzr is the CodeBlockHash. 0x103883a00 is the CodeBlock's address in memory. The other
      part is self-explanatory.
      
      Finally, this new notion of CodeBlockHash is available for other purposes like bisecting
      breakage. As such CodeBlockHash has all of the comparison operator overloads. When
      bisecting in DFGDriver.cpp, you can now say things like:
              
      if (codeBlock->hash() < CodeBlockHash("CAAAAA"))
          return false;
              
      And yes, CAAAAA is near the median hash, and the largest one is smaller than E99999. Such
      is life when you use base 62 to encode a 32-bit number.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CallLinkInfo.h:
      (CallLinkInfo):
      (JSC::CallLinkInfo::specializationKind):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::hash):
      (JSC):
      (JSC::CodeBlock::dumpAssumingJITType):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::resetStubInternal):
      (JSC::CodeBlock::reoptimize):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::CodeBlock::shouldOptimizeNow):
      (JSC::CodeBlock::tallyFrequentExitSites):
      (JSC::CodeBlock::dumpValueProfiles):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::specializationKind):
      (CodeBlock):
      (JSC::CodeBlock::getJITType):
      * bytecode/CodeBlockHash.cpp: Added.
      (JSC):
      (JSC::CodeBlockHash::CodeBlockHash):
      (JSC::CodeBlockHash::dump):
      * bytecode/CodeBlockHash.h: Added.
      (JSC):
      (CodeBlockHash):
      (JSC::CodeBlockHash::CodeBlockHash):
      (JSC::CodeBlockHash::hash):
      (JSC::CodeBlockHash::operator==):
      (JSC::CodeBlockHash::operator!=):
      (JSC::CodeBlockHash::operator<):
      (JSC::CodeBlockHash::operator>):
      (JSC::CodeBlockHash::operator<=):
      (JSC::CodeBlockHash::operator>=):
      * bytecode/CodeBlockWithJITType.h: Added.
      (JSC):
      (CodeBlockWithJITType):
      (JSC::CodeBlockWithJITType::CodeBlockWithJITType):
      (JSC::CodeBlockWithJITType::dump):
      * bytecode/CodeOrigin.cpp: Added.
      (JSC):
      (JSC::CodeOrigin::inlineDepthForCallFrame):
      (JSC::CodeOrigin::inlineDepth):
      (JSC::CodeOrigin::inlineStack):
      (JSC::InlineCallFrame::hash):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      (JSC::InlineCallFrame::specializationKind):
      (JSC):
      * bytecode/CodeType.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * bytecode/CodeType.h:
      (WTF):
      * bytecode/ExecutionCounter.cpp:
      (JSC::ExecutionCounter::dump):
      * bytecode/ExecutionCounter.h:
      (ExecutionCounter):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dump):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dumpCodeOrigin):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::dfgLinkClosureCall):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpCallFrame):
      * jit/JITCode.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * jit/JITCode.h:
      (JSC::JITCode::jitType):
      (WTF):
      * jit/JITDisassembler.cpp:
      (JSC::JITDisassembler::dump):
      (JSC::JITDisassembler::dumpForInstructions):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/CodeSpecializationKind.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * runtime/CodeSpecializationKind.h:
      (JSC::specializationFromIsCall):
      (JSC):
      (JSC::specializationFromIsConstruct):
      (WTF):
      * runtime/Executable.cpp:
      (JSC::ExecutableBase::hashFor):
      (JSC):
      (JSC::NativeExecutable::hashFor):
      (JSC::ScriptExecutable::hashFor):
      * runtime/Executable.h:
      (ExecutableBase):
      (NativeExecutable):
      (ScriptExecutable):
      (JSC::ScriptExecutable::source):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
      
      Changed RawPointer to accept both const void* and void*, and use the former internally.
              
      Cleaned up SHA1 so that the functionality already used internally for self-testing is
      available via the API. This includes addBytes(CString) and computing hex digests.
      
      * wtf/RawPointer.h:
      (WTF::RawPointer::RawPointer):
      (RawPointer):
      (WTF::RawPointer::value):
      * wtf/SHA1.cpp:
      (WTF::expectSHA1):
      (WTF::SHA1::hexDigest):
      (WTF::SHA1::computeHexDigest):
      * wtf/SHA1.h:
      (WTF::SHA1::addBytes):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136199 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0bfcc38a
  13. 12 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should have fast virtual calls · 5e135773
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90924
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implements virtual call support in the style of the old JIT, with the
      caveat that we still use the same slow path for both InternalFunction
      calls and JSFunction calls. Also rationalized the way that our
      CodeOrigin indices tie into exception checks (previously it was a
      strange one-to-one mapping with fairly limited assertions; now it's a
      one-to-many mapping for CodeOrigins to exception checks, respectively).
      I also took the opportunity to clean up
      CallLinkInfo::callReturnLocation, which previously was either a Call or
      a NearCall. Now it's just a NearCall. As well, exceptions during slow
      path call resolution are now handled by returning an exception throwing
      thunk rather than returning null. And finally, I made a few things
      public that were previously private-with-lots-of-friends, because I
      truly despise the thought of listing each thunk generating function as
      a friend of JSValue and friends.
              
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CallLinkInfo.h:
      (CallLinkInfo):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::CodeOrigin):
      (JSC::CodeOrigin::isSet):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::CCallHelpers):
      * dfg/DFGGPRInfo.h:
      (GPRInfo):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::CallBeginToken::CallBeginToken):
      (JSC::DFG::CallBeginToken::~CallBeginToken):
      (CallBeginToken):
      (JSC::DFG::CallBeginToken::set):
      (JSC::DFG::CallBeginToken::registerWithExceptionCheck):
      (JSC::DFG::CallBeginToken::codeOrigin):
      (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
      (CallExceptionRecord):
      (JSC::DFG::JITCompiler::currentCodeOriginIndex):
      (JITCompiler):
      (JSC::DFG::JITCompiler::beginCall):
      (JSC::DFG::JITCompiler::notifyCall):
      (JSC::DFG::JITCompiler::prepareForExceptionCheck):
      (JSC::DFG::JITCompiler::addExceptionCheck):
      (JSC::DFG::JITCompiler::addFastExceptionCheck):
      * dfg/DFGOperations.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::dfgLinkFor):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::emitPointerValidation):
      (DFG):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::linkForThunkGenerator):
      (JSC::DFG::linkCallThunkGenerator):
      (JSC::DFG::linkConstructThunkGenerator):
      (JSC::DFG::virtualForThunkGenerator):
      (JSC::DFG::virtualCallThunkGenerator):
      (JSC::DFG::virtualConstructThunkGenerator):
      * dfg/DFGThunks.h:
      (DFG):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      (JSC::JIT::linkFor):
      * runtime/Executable.h:
      (ExecutableBase):
      (JSC::ExecutableBase::offsetOfJITCodeFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      * runtime/JSValue.h:
      (JSValue):
      
      LayoutTests: 
      
      Rubber stamped by Oliver Hunt.
      
      This changes which piece of code appears on top of the stack at the point of a stack
      overflow. As far as Oliver and I can tell, it doesn't matter, so I just rebased the
      test.
      
      * fast/js/stack-trace-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@122392 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5e135773
  14. 23 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG variable capture analysis should work even if the variables arose through inlining · 1688cc18
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85945
      
      Reviewed by Oliver Hunt.
              
      Merged r116555 from dfgopt.
              
      This just changes how the DFG queries whether a variable is captured. It does not
      change any user-visible behavior.
              
      As part of this change, I further solidified the policy that the CFA behaves in an
      undefined way for captured locals and queries about their values will not yield
      reliable results. This will likely be changed in the future, but for now it makes
      sense.
              
      One fun part about this change is that it recognizes that the same variable may
      be both captured and not, at the same time, because their live interval spans
      inlining boundaries. This only happens in the case of arguments to functions that
      capture their arguments, and this change treats them with just the right touch of
      conservatism: they will be treated as if captured by the caller as well as the 
      callee.
              
      Finally, this also adds captured variable reasoning to the InlineCallFrame, which
      I thought might be useful for later tooling.
              
      This is perf-neutral, since it does it does not make the DFG take advantage of this
      new functionality in any way. In particular, it is still the case that the DFG will
      not inline functions that use arguments reflectively or that create activations.
      
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::needsActivation):
      (JSC::CodeBlock::argumentIsCaptured):
      (JSC::CodeBlock::localIsCaptured):
      (JSC::CodeBlock::isCaptured):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::endBasicBlock):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::merge):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::newVariableAccessData):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::flushArgument):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      * dfg/DFGCommon.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::nameOfVariableAccessData):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::needsActivation):
      (JSC::DFG::Graph::usesArguments):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (JSC::DFG::VariableAccessData::mergeIsCaptured):
      (VariableAccessData):
      (JSC::DFG::VariableAccessData::isCaptured):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1688cc18
  15. 02 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      Release build debugging should be easier · ce9f26de
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=77669
      
      Reviewed by Gavin Barraclough.
      
      * assembler/ARMAssembler.h:
      (ARMAssembler):
      (JSC::ARMAssembler::debugOffset):
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::debugOffset):
      (ARMInstructionFormatter):
      (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
      * assembler/AbstractMacroAssembler.h:
      (AbstractMacroAssembler):
      (JSC::AbstractMacroAssembler::debugOffset):
      * assembler/AssemblerBuffer.h:
      (AssemblerBuffer):
      (JSC::AssemblerBuffer::debugOffset):
      * assembler/LinkBuffer.h:
      (LinkBuffer):
      (JSC::LinkBuffer::debugSize):
      * assembler/MIPSAssembler.h:
      (MIPSAssembler):
      (JSC::MIPSAssembler::debugOffset):
      * assembler/X86Assembler.h:
      (X86Assembler):
      (JSC::X86Assembler::debugOffset):
      (X86InstructionFormatter):
      (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
      * bytecode/CodeBlock.cpp:
      (JSC):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/CodeOrigin.h:
      (CodeOrigin):
      (JSC):
      (JSC::CodeOrigin::inlineStack):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * bytecode/PredictedType.cpp:
      (JSC):
      (JSC::predictionToString):
      * bytecode/PredictedType.h:
      (JSC):
      * bytecode/ValueRecovery.h:
      (ValueRecovery):
      (JSC::ValueRecovery::dump):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC):
      (JSC::BytecodeGenerator::setDumpsGeneratedCode):
      (JSC::BytecodeGenerator::dumpsGeneratedCode):
      (JSC::BytecodeGenerator::generate):
      * dfg/DFGAbstractValue.h:
      (StructureAbstractValue):
      (JSC::DFG::StructureAbstractValue::dump):
      (AbstractValue):
      (JSC::DFG::AbstractValue::dump):
      * dfg/DFGAssemblyHelpers.h:
      (DFG):
      (AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::debugCall):
      * dfg/DFGFPRInfo.h:
      (FPRInfo):
      (JSC::DFG::FPRInfo::debugName):
      * dfg/DFGGPRInfo.h:
      (GPRInfo):
      (JSC::DFG::GPRInfo::debugName):
      * dfg/DFGGraph.cpp:
      (DFG):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGNode.h:
      (DFG):
      (JSC::DFG::arithNodeFlagsAsString):
      (Node):
      (JSC::DFG::Node::hasIdentifier):
      (JSC::DFG::Node::dumpChildren):
      * dfg/DFGOSRExit.cpp:
      (DFG):
      (JSC::DFG::OSRExit::dump):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * runtime/JSValue.cpp:
      (JSC):
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (JSValue):
      * wtf/BitVector.cpp:
      (WTF):
      (WTF::BitVector::dump):
      * wtf/BitVector.h:
      (BitVector):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106590 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ce9f26de
  16. 20 Jan, 2012 1 commit
    • fpizlo@apple.com's avatar
      Bytecode instructions that may have value profiling should have a direct inline · afcf9040
      fpizlo@apple.com authored
      link to the ValueProfile instance
      https://bugs.webkit.org/show_bug.cgi?id=76682
      <rdar://problem/10727689>
      
      Reviewed by Sam Weinig.
              
      Each opcode that gets value profiled now has a link to its ValueProfile. This
      required rationalizing the emission of value profiles for opcode combos, like
      op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
      sense for one of them to have a value profile link, and it makes most sense
      for it to be the one that actually sets the result. The previous behavior was
      to have op_method_check profile for op_get_by_id when they were used together,
      but otherwise for op_get_by_id to have its own profiles. op_call already did
      the right thing; all profiling was done by op_call_put_result.
              
      But rationalizing this code required breaking some of the natural boundaries
      that the code had; for instance the code in DFG that emits a GetById in place
      of both op_method_check and op_get_by_id must now know that it's the latter of
      those that has the value profile, while the first of those constitutes the OSR
      target. Hence each CodeOrigin must now have two bytecode indices - one for
      OSR exit and one for profiling.
              
      Finally this change required some refiddling of our optimization heuristics,
      because now all code blocks have "more instructions" due to the value profile
      slots.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::valueProfileForBytecodeOffset):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::CodeOrigin):
      (JSC::CodeOrigin::bytecodeIndexForValueProfile):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitProfiledOpcode):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitGetScopedVar):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitGetByVal):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitCallVarargs):
      (JSC::BytecodeGenerator::emitConstruct):
      * bytecompiler/BytecodeGenerator.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::currentCodeOrigin):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getPrediction):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueProfileFor):
      * jit/JIT.h:
      (JSC::JIT::emitValueProfilingSite):
      * jit/JITCall.cpp:
      (JSC::JIT::emit_op_call_put_result):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emit_op_call_put_result):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitValueProfilingSite):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_global_dynamic):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_method_check):
      (JSC::JIT::emitSlow_op_method_check):
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC::JIT::emit_op_get_global_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_method_check):
      (JSC::JIT::emitSlow_op_method_check):
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC::JIT::emit_op_get_global_var):
      * jit/JITStubCall.h:
      (JSC::JITStubCall::callWithValueProfiling):
      * runtime/Options.cpp:
      (JSC::Options::initializeOptions):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105533 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      afcf9040
  17. 14 Dec, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit for UInt32ToNumber should roll forward, not roll backward · 769d8d33
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74463
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
      how to execute the slow path of UInt32ToNumber.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::lastOSRExit):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::operator!=):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::uint32InGPR):
      (JSC::ValueRecovery::gpr):
      (JSC::ValueRecovery::dump):
      * dfg/DFGAssemblyHelpers.cpp:
      * dfg/DFGAssemblyHelpers.h:
      * dfg/DFGOSRExit.h:
      (JSC::DFG::OSRExit::valueRecoveryForOperand):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::compile):
      
      LayoutTests: 
      
      Reviewed by Gavin Barraclough.
      
      * fast/js/dfg-uint32-to-number-expected.txt: Added.
      * fast/js/dfg-uint32-to-number.html: Added.
      * fast/js/script-tests/dfg-uint32-to-number.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@102723 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      769d8d33
  18. 17 Nov, 2011 1 commit
    • fpizlo@apple.com's avatar
      JSC::CodeBlock should know which references generated by the DFG are weak · 5e37f9a2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=72563
      
      Reviewed by Geoff Garen.
              
      CodeBlock::m_dfgData now tracks weak references and weak reference transitions
      (like ephemerons) generated by the DFG. The DFG makes sure to notify the
      CodeBlock of all uses of weak references and weak reference transitions.
      CodeBlock currently marks them strongly, since the weak marking logic is not
      in place, yet.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::stronglyVisitWeakReferences):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendWeakReference):
      (JSC::CodeBlock::shrinkWeakReferencesToFit):
      (JSC::CodeBlock::appendWeakReferenceTransition):
      (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
      (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::codeOriginOwner):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addWeakReference):
      (JSC::DFG::JITCompiler::addWeakReferenceTransition):
      (JSC::DFG::JITCompiler::branchWeakPtr):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100527 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5e37f9a2
  19. 03 Nov, 2011 1 commit
    • fpizlo@apple.com's avatar
      Source/JavaScriptCore: DFG inlining breaks function.arguments[something] if the argument being · 116a0899
      fpizlo@apple.com authored
      retrieved was subjected to DFG's unboxing optimizations
      https://bugs.webkit.org/show_bug.cgi?id=71436
      
      Reviewed by Oliver Hunt.
              
      This makes inlined arguments retrieval use some of the same machinery as
      OSR to determine where from, and how, to retrieve a value that the DFG
      might have somehow squirreled away while the old JIT would put it in its
      obvious location, using an obvious format.
              
      To that end, previously DFG-internal notions such as DataFormat,
      VirtualRegister, and ValueRecovery are now in bytecode/ since they are
      stored as part of InlineCallFrames.
      
      * bytecode/CodeOrigin.h:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGJITCompiler32_64.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGNode.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::inlineCallFrame):
      * interpreter/Register.h:
      (JSC::Register::asInlineCallFrame):
      (JSC::Register::unboxedInt32):
      (JSC::Register::unboxedBoolean):
      (JSC::Register::unboxedCell):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreationAndCopyRegisters):
      
      LayoutTests: DFG inlining breaks function.arguments[something] if the argument being
      retrieved was subjected to DFG's unboxing optimizations
      https://bugs.webkit.org/show_bug.cgi?id=71436        
      
      Reviewed by Oliver Hunt.
      
      * fast/js/dfg-inline-arguments-int32-expected.txt: Added.
      * fast/js/dfg-inline-arguments-int32.html: Added.
      * fast/js/script-tests/dfg-inline-arguments-int32.js: Added.
      (foo):
      (bar):
      (baz):
      (argsToStr):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99148 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      116a0899
  20. 30 Oct, 2011 1 commit
    • fpizlo@apple.com's avatar
      The DFG inliner should not flush the callee · 39edeafb
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71191
      
      Reviewed by Oliver Hunt.
              
      0.6% speed-up on V8.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::visitAggregate):
      * bytecode/CodeOrigin.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGJITCompiler32_64.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::trueCallerFrameSlow):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98831 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      39edeafb
  21. 22 Oct, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG should have inlining · d9ded3b5
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69996
      
      Reviewed by Oliver Hunt.
              
      Implements inlining that's hooked into the bytecode parser. Only
      works for calls, for now, though nothing fundamentally prevents us
      from inlining constructor calls. 2% overall speed-up on all
      benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
      richards respectively), neutral on Kraken and SunSpider. 
              
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::visitAggregate):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::setInstructionCount):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::inlineDepthForCallFrame):
      (JSC::CodeOrigin::inlineDepth):
      (JSC::CodeOrigin::operator==):
      (JSC::CodeOrigin::inlineStack):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::beginBasicBlock):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::BasicBlock):
      (JSC::DFG::BasicBlock::ensureLocals):
      (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::setDirect):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::linkBlocks):
      (JSC::DFG::ByteCodeParser::handleSuccessor):
      (JSC::DFG::ByteCodeParser::determineReachability):
      (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      (JSC::DFG::canCompileOpcodes):
      (JSC::DFG::canInlineOpcodes):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::mightCompileEval):
      (JSC::DFG::mightCompileProgram):
      (JSC::DFG::mightCompileFunctionForCall):
      (JSC::DFG::mightCompileFunctionForConstruct):
      (JSC::DFG::mightInlineFunctionForCall):
      (JSC::DFG::mightInlineFunctionForConstruct):
      (JSC::DFG::canInlineOpcode):
      (JSC::DFG::canInlineOpcodes):
      (JSC::DFG::canInlineFunctionForCall):
      (JSC::DFG::canInlineFunctionForConstruct):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::printWhiteSpace):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::GetBytecodeBeginForBlock::operator()):
      (JSC::DFG::Graph::blockIndexForBytecodeOffset):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::decodedCodeMapFor):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::debugCall):
      (JSC::DFG::JITCompiler::baselineCodeBlockFor):
      * dfg/DFGJITCompiler32_64.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasVariableAccessData):
      (JSC::DFG::Node::shouldGenerate):
      * dfg/DFGOperands.h:
      (JSC::DFG::Operands::ensureLocals):
      (JSC::DFG::Operands::setLocal):
      (JSC::DFG::Operands::getLocal):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::trueCallerFrameSlow):
      * jit/JITCall.cpp:
      (JSC::JIT::compileOpCallSlowCase):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::profiledCodeBlockFor):
      (JSC::FunctionExecutable::parameterCount):
      * runtime/Heuristics.cpp:
      (JSC::Heuristics::initializeHeuristics):
      * runtime/Heuristics.h:
      * runtime/JSFunction.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98179 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d9ded3b5
  22. 17 Oct, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG bytecode parser should understand inline stacks · 41f5c958
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=70278
      
      Reviewed by Oliver Hunt.
              
      The DFG bytecode parser is now capable of parsing multiple code blocks at
      once. This remains turned off since not all inlining functionality is
      implemented.       
              
      This required making a few changes elsewhere in the system. The bytecode
      parser now may do some of the same things that the bytecode generator does,
      like allocating constants and identifiers. Basic block linking relies on
      bytecode indices, which are only meaningful within the context of one basic
      block. This is fine, so long as linking is done eagerly whenever switching
      from one code block to another.
      
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::CodeOrigin):
      * bytecompiler/BytecodeGenerator.h:
      * dfg/DFGBasicBlock.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::getThis):
      (JSC::DFG::ByteCodeParser::setThis):
      (JSC::DFG::ByteCodeParser::currentCodeOrigin):
      (JSC::DFG::ByteCodeParser::getPrediction):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::linkBlocks):
      (JSC::DFG::ByteCodeParser::setupPredecessors):
      (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGGraph.h:
      (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
      (JSC::DFG::GetBytecodeBeginForBlock::operator()):
      (JSC::DFG::Graph::blockIndexForBytecodeOffset):
      * dfg/DFGNode.h:
      * runtime/Identifier.h:
      (JSC::IdentifierMapIndexHashTraits::emptyValue):
      * runtime/JSValue.h:
      * wtf/StdLibExtras.h:
      (WTF::binarySearchWithFunctor):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@97675 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      41f5c958
  23. 14 Oct, 2011 1 commit
    • fpizlo@apple.com's avatar
      Reflective Arguments retrieval should be hardened for the · 5098c8b1
      fpizlo@apple.com authored
      possibility of inlining
      https://bugs.webkit.org/show_bug.cgi?id=70068
      
      Reviewed by Oliver Hunt.
              
      CodeBlock can now track, as part of its RareData, the virtual inline
      stack at callsites. CallFrame walking can now rematerialize "inline"
      CallFrames by combining the meta-data in CodeBlock with the information
      already in the JS stack. Arguments can now safely retrieve the
      arguments from inline CallFrames.
              
      The DFG already had the notion of a "CodeOrigin" in preparation for
      inlining. This notion will now be saved into the CodeBlock, if the DFG
      had done inlining. So, CodeOrigin has been moved to bytecode/ and has
      been changed to behave more like a struct since that is how it's
      meant to be used.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::inlineCallFrames):
      (JSC::CodeBlock::codeOrigins):
      (JSC::CodeBlock::hasCodeOrigins):
      (JSC::CodeBlock::codeOriginForReturn):
      * bytecode/CodeOrigin.h: Added.
      (JSC::CodeOrigin::CodeOrigin):
      (JSC::CodeOrigin::isSet):
      (JSC::getCallReturnOffsetForCodeOrigin):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::isInlineCallFrame):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::inlineCallFrame):
      (JSC::ExecState::setInlineCallFrame):
      (JSC::ExecState::isInlineCallFrame):
      (JSC::ExecState::trueCallerFrame):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::findFunctionCallFrame):
      * interpreter/Register.h:
      (JSC::Register::operator=):
      (JSC::Register::inlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::getArgumentsData):
      (JSC::Arguments::finishCreationButDontCopyRegisters):
      (JSC::Arguments::finishCreation):
      (JSC::Arguments::finishCreationAndCopyRegisters):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::parameterCount):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@97512 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5098c8b1
  24. 26 Aug, 2011 1 commit
    • fpizlo@apple.com's avatar
      The GC does not have a facility for profiling the kinds of objects · d6bcd37d
      fpizlo@apple.com authored
      that occupy the heap
      https://bugs.webkit.org/show_bug.cgi?id=66849
      
      Reviewed by Geoffrey Garen.
      
      Destructor calls and object scans are now optionally counted, per
      vtable. When the heap is destroyed and profiling is enabled, the
      counts are dumped, with care taken to print the names of classes
      (modulo C++ mangling) sorted in descending commonality.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/Heap.cpp:
      (JSC::Heap::destroy):
      * heap/Heap.h:
      * heap/MarkStack.cpp:
      (JSC::SlotVisitor::visitChildren):
      (JSC::SlotVisitor::drain):
      * heap/MarkStack.h:
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::callDestructor):
      * heap/MarkedBlock.h:
      * heap/VTableSpectrum.cpp: Added.
      (JSC::VTableSpectrum::VTableSpectrum):
      (JSC::VTableSpectrum::~VTableSpectrum):
      (JSC::VTableSpectrum::countVPtr):
      (JSC::VTableSpectrum::count):
      (JSC::VTableAndCount::VTableAndCount):
      (JSC::VTableAndCount::operator<):
      (JSC::VTableSpectrum::dump):
      * heap/VTableSpectrum.h: Added.
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93918 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d6bcd37d
  25. 17 Mar, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 56603 - DFG JIT related cleanup · d9976840
      barraclough@apple.com authored
      Move node generation out to separate function, move binarySearch algorithm out
      to StdLibExtras, fix Graph::dump() to print comma between non-node children,
      even if there are no node children.
      
      Reviewed by Sam Weinig.
      
      * bytecode/CodeBlock.h:
      (JSC::getCallReturnOffset):
      (JSC::CodeBlock::getStubInfo):
      (JSC::CodeBlock::getCallLinkInfo):
      (JSC::CodeBlock::getMethodCallLinkInfo):
      (JSC::CodeBlock::bytecodeOffset):
          - Move binaryChop to binarySearch in StdLibExtras
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::parse):
      (JSC::DFG::parse):
          - Make m_noArithmetic a member, initialize m_currentIndex in the constructor.
      * dfg/DFGByteCodeParser.h:
          - Change parse() to not take a start index (always 0).
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
          - Fix Graph::dump() to print comma between non-node children, even if there are no node children.
      * dfg/DFGJITCodeGenerator.h:
      (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
          - Initialize m_compileIndex in constructor.
      * dfg/DFGNonSpeculativeJIT.cpp:
      (JSC::DFG::NonSpeculativeJIT::compile):
      * dfg/DFGNonSpeculativeJIT.h:
          - Spilt out compilation of individual node.
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationConvertThis):
      * dfg/DFGOperations.h:
          - Cleanup parameter name.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.h:
          - Spilt out compilation of individual node.
      * runtime/Executable.cpp:
      (JSC::tryDFGCompile):
          - Change parse() to not take a start index (always 0).
      * wtf/StdLibExtras.h:
      (WTF::binarySearch):
          - Move binaryChop to binarySearch in StdLibExtras
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81403 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d9976840
  26. 14 Mar, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 56284 - Add a dataflow intermediate representation for use in JIT generation. · 2302c04f
      barraclough@apple.com authored
      Reviewed by Geoffrey Garen & Oliver Hunt.
      
      The JSC JIT presently generates code directly from the bytecode used by the interpreter.
      This is not an optimal intermediate representation for JIT code generation, since it does
      not capture liveness information of values, and provides little opportunity to perform
      any static analysis for even primitive types. The JIT currently generates two code paths,
      a fast path handling common cases, and a slower path handling less common operand types.
      However the slow path jumps back into the fast path, meaning that information arising
      from the earlier type checks cannot be propagated to later operations.
      
      This patch adds:
          * a dataflow intermediate representation capable of describing a single basic block
            of operations,
          * a mechanism to convert a simple, single-block bytecode functions to the new IR,
          * and a JIT code generator capable of generating code from this representation.
      
      The JIT generates two code paths, with the slower path not reentering the fast path
      mid-block, allowing speculative optimizations to be made on the hot path, with type
      information arising from these speculative decisions able to be propagated through the
      dataflow. Code generation of both speculative and non-speculative paths exploits the type
      and liveness information represented in the dataflow graph to attempt to avoid redundant
      boxing and type-checking of values, and to remove unnecessary spills of temporary values
      to the RegisterFile.
      
      The dataflow JIT currently can only support a subset of bytecode operations, limited to
      arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
      dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
      expanded to include, control-flow, function calls, and then the long-tail of remaining
      bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
      this only supports x86-64.
      
      The status of the dataflow JIT is currently work-in-progress. Limitations of the present
      JIT code generation may cause performance regressions, particularly:
          * the policy to only generate arithmetic code on the speculative path using integer
            instructions, never using floating point.
          * the policy to only generate arithmetic code on the non-speculative path using
            floating point instructions, never using integer.
          * always generating JSValue adds on the non-speculative path as a call out to a
            C-function, never handling this in JIT code.
          * always assuming by-Value property accesses on the speculative path to be array
            accesses.
          * generating all by-Value property accesses from the non-speculative path as a call
            out to a C-function.
          * generating all by-Indentifer property accesses as a call out to a C-function.
      Due to these regressions, the code is landed in a state where it is disabled in most
      cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
      addressed, the JIT will be allowed to trigger in more cases.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
          - Added new files to Xcode project.
      * dfg: Added.
          - Added directory for new code.
      * dfg/DFGByteCodeParser.cpp: Added.
      * dfg/DFGByteCodeParser.h: Added.
          - Contruct a DFG::Graph representation from a bytecode CodeBlock.
      * dfg/DFGGenerationInfo.h: Added.
          - Track type & register information for VirtualRegisters during JIT code generation.
      * dfg/DFGGraph.cpp: Added.
      * dfg/DFGGraph.h: Added.
          - Dataflow graph intermediate representation for code generation.
      * dfg/DFGJITCodeGenerator.cpp: Added.
      * dfg/DFGJITCodeGenerator.h: Added.
          - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
      * dfg/DFGJITCompiler.cpp: Added.
      * dfg/DFGJITCompiler.h: Added.
          - Class responsible for driving code generation of speculativeJIT & non-speculative
            code paths from the dataflow graph.
      * dfg/DFGNonSpeculativeJIT.cpp: Added.
      * dfg/DFGNonSpeculativeJIT.h: Added.
          - Used to generate the non-speculative code path, this make no assumptions
            about operand types.
      * dfg/DFGOperations.cpp: Added.
      * dfg/DFGOperations.h: Added.
          - Helper functions called from the JIT generated code.
      * dfg/DFGRegisterBank.h: Added.
          - Used to track contents of physical registers during JIT code generation.
      * dfg/DFGSpeculativeJIT.cpp: Added.
      * dfg/DFGSpeculativeJIT.h: Added.
          - Used to generate the speculative code path, this make assumptions about
            operand types to enable optimization.
      * runtime/Executable.cpp:
          - Add code to attempt to use the DFG JIT to compile a function, with fallback
            to the existing JIT.
      * wtf/Platform.h:
          - Added compile guards to enable the DFG JIT.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81079 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2302c04f
  27. 09 Feb, 2011 1 commit
    • pvarga@webkit.org's avatar
      Replace PCRE with Yarr in WebCore · 4ab8255f
      pvarga@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=53496
      
      Reviewed by Gavin Barraclough.
      
      Rollback r77626 with windows build fix.
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.exp:
      * JavaScriptCore.gyp/JavaScriptCore.gyp:
      * JavaScriptCore.gypi:
      * JavaScriptCore.pro:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * create_regex_tables:
      * runtime/RegExp.cpp:
      * wtf/Platform.h:
      * yarr/Yarr.h:
      * yarr/YarrJIT.cpp:
      * yarr/YarrJIT.h:
      * yarr/YarrParser.h:
      * yarr/YarrPattern.h:
      * yarr/YarrSyntaxChecker.h:
      * yarr/yarr.pri: Added.
      
      Source/WebCore:
      
      No new tests needed.
      
      * Android.jscbindings.mk:
      * CMakeLists.txt:
      * ForwardingHeaders/pcre/pcre.h: Removed.
      * ForwardingHeaders/yarr/Yarr.h: Added.
      * ForwardingHeaders/yarr/YarrInterpreter.h: Added.
      * ForwardingHeaders/yarr/YarrPattern.h: Added.
      * WebCore.gyp/WebCore.gyp:
      * WebCore.pro:
      * WebCore.vcproj/WebCore.vcproj:
      * WebCore.vcproj/copyForwardingHeaders.cmd:
      * platform/text/RegularExpression.cpp:
      (WebCore::RegularExpression::Private::create):
      (WebCore::RegularExpression::Private::Private):
      (WebCore::RegularExpression::Private::compile):
      (WebCore::RegularExpression::match):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78042 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4ab8255f
  28. 04 Feb, 2011 2 commits
    • loislo@chromium.org's avatar
      2011-02-04 Sheriff Bot <webkit.review.bot@gmail.com> · 66fc8e99
      loislo@chromium.org authored
              Unreviewed, rolling out r77625 and r77626.
              http://trac.webkit.org/changeset/77625
              http://trac.webkit.org/changeset/77626
              https://bugs.webkit.org/show_bug.cgi?id=53765
      
              It broke Windows builds (Requested by Ossy_ on #webkit).
      
              * Android.jscbindings.mk:
              * CMakeLists.txt:
              * ForwardingHeaders/pcre/pcre.h: Added.
              * ForwardingHeaders/yarr/Yarr.h: Removed.
              * ForwardingHeaders/yarr/YarrInterpreter.h: Removed.
              * ForwardingHeaders/yarr/YarrPattern.h: Removed.
              * WebCore.gyp/WebCore.gyp:
              * WebCore.pro:
              * WebCore.vcproj/WebCore.vcproj:
              * WebCore.vcproj/copyForwardingHeaders.cmd:
              * platform/text/RegularExpression.cpp:
              (WebCore::RegularExpression::Private::regexp):
              (WebCore::RegularExpression::Private::compile):
              (WebCore::RegularExpression::Private::Private):
              (WebCore::RegularExpression::Private::create):
              (WebCore::RegularExpression::Private::~Private):
              (WebCore::RegularExpression::match):
      
      2011-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
      
              Unreviewed, rolling out r77625 and r77626.
              http://trac.webkit.org/changeset/77625
              http://trac.webkit.org/changeset/77626
              https://bugs.webkit.org/show_bug.cgi?id=53765
      
              It broke Windows builds (Requested by Ossy_ on #webkit).
      
              * JavaScriptCore.exp:
              * JavaScriptCore.gyp/JavaScriptCore.gyp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * create_regex_tables:
              * runtime/RegExp.cpp:
              * wtf/Platform.h:
              * yarr/Yarr.h:
              * yarr/YarrJIT.cpp:
              * yarr/YarrJIT.h:
              * yarr/YarrParser.h:
              * yarr/YarrPattern.h:
              * yarr/YarrSyntaxChecker.h:
              * yarr/yarr.pri: Removed.
      
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77630 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      66fc8e99
    • pvarga@webkit.org's avatar
      2011-02-04 Peter Varga <pvarga@webkit.org> · 43e81a73
      pvarga@webkit.org authored
              Reviewed by Gavin Barraclough.
      
              Replace PCRE with Yarr in WebCore
              https://bugs.webkit.org/show_bug.cgi?id=53496
      
              * JavaScriptCore.exp:
              * JavaScriptCore.gyp/JavaScriptCore.gyp:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * create_regex_tables:
              * runtime/RegExp.cpp:
              * wtf/Platform.h:
              * yarr/Yarr.h:
              * yarr/YarrJIT.cpp:
              * yarr/YarrJIT.h:
              * yarr/YarrParser.h:
              * yarr/YarrPattern.h:
              * yarr/YarrSyntaxChecker.h:
              * yarr/yarr.pri: Added.
      2011-02-04  Peter Varga  <pvarga@webkit.org>
      
              Reviewed by Gavin Barraclough.
      
              Replace PCRE with Yarr in WebCore
              https://bugs.webkit.org/show_bug.cgi?id=53496
      
              No new tests needed.
      
              * Android.jscbindings.mk:
              * CMakeLists.txt:
              * ForwardingHeaders/pcre/pcre.h: Removed.
              * ForwardingHeaders/yarr/Yarr.h: Added.
              * ForwardingHeaders/yarr/YarrInterpreter.h: Added.
              * ForwardingHeaders/yarr/YarrPattern.h: Added.
              * WebCore.gyp/WebCore.gyp:
              * WebCore.pro:
              * WebCore.vcproj/WebCore.vcproj:
              * WebCore.vcproj/copyForwardingHeaders.cmd:
              * platform/text/RegularExpression.cpp:
              (WebCore::RegularExpression::Private::create):
              (WebCore::RegularExpression::Private::Private):
              (WebCore::RegularExpression::Private::compile):
              (WebCore::RegularExpression::match):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77625 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43e81a73
  29. 10 Jan, 2011 1 commit
    • barraclough@apple.com's avatar
      Bug 52079 - Syntax errors should be early errors. · 7e6bd6d6
      barraclough@apple.com authored
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      From chapter 16 the spec:
          An implementation must report most errors at the time the relevant ECMAScript language construct is
          evaluated. An early error is an error that can be detected and reported prior to the evaluation of
          any construct in the Program containing the error. An implementation must report early errors in a
          Program prior to the first evaluation of that Program. Early errors in eval code are reported at
          the time eval is called but prior to evaluation of any construct within the eval code. All errors
          that are not early errors are runtime errors.
      
          An implementation must treat any instance of the following kinds of errors as an early error:
              * Any syntax error."
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
          Added new files.
      * bytecode/CodeBlock.cpp:
          Removed op_throw_syntax_error.
      * bytecode/Opcode.h:
          Removed op_throw_syntax_error.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate):
          If m_expressionTooDeep then throw a runtime error.
      (JSC::BytecodeGenerator::BytecodeGenerator):
          Initialize m_expressionTooDeep.
      (JSC::BytecodeGenerator::emitThrowExpressionTooDeepException):
          Sets m_expressionTooDeep.
      * bytecompiler/BytecodeGenerator.h:
          Added m_expressionTooDeep, removed emitThrowSyntaxError.
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::ContinueNode::emitBytecode):
      (JSC::BreakNode::emitBytecode):
      (JSC::ReturnNode::emitBytecode):
      (JSC::LabelNode::emitBytecode):
          Conditions that threw syntax error are now handled during parsing;
          during bytecompilation these are now just ASSERTs.
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      * jit/JIT.h:
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
          Removed op_throw_syntax_error.
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::createRegExp):
          Renamed; added syntax check.
      * parser/JSParser.cpp:
      (JSC::JSParser::breakIsValid):
      (JSC::JSParser::hasLabel):
      (JSC::JSParser::Scope::Scope):
      (JSC::JSParser::Scope::setIsFunction):
      (JSC::JSParser::Scope::isFunctionBoundary):
      (JSC::JSParser::ScopeRef::hasContainingScope):
      (JSC::JSParser::ScopeRef::containingScope):
      (JSC::JSParser::AutoPopScopeRef::AutoPopScopeRef):
      (JSC::JSParser::AutoPopScopeRef::~AutoPopScopeRef):
      (JSC::JSParser::AutoPopScopeRef::setPopped):
      (JSC::JSParser::popScopeInternal):
      (JSC::JSParser::popScope):
      (JSC::jsParse):
      (JSC::JSParser::JSParser):
      (JSC::JSParser::parseProgram):
      (JSC::JSParser::parseBreakStatement):
      (JSC::JSParser::parseContinueStatement):
      (JSC::JSParser::parseReturnStatement):
      (JSC::JSParser::parseTryStatement):
      (JSC::JSParser::parseFunctionInfo):
      (JSC::JSParser::parseExpressionOrLabelStatement):
      (JSC::JSParser::parsePrimaryExpression):
      * parser/JSParser.h:
      * parser/Nodes.h:
      * parser/Parser.cpp:
      (JSC::Parser::parse):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::createRegExp):
          Renamed; added syntax check.
      * runtime/ExceptionHelpers.cpp:
      (JSC::createOutOfMemoryError):
      (JSC::throwOutOfMemoryError):
      * runtime/ExceptionHelpers.h:
          Broke out createOutOfMemoryError.
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
          Add check for exception after bytecode generation.
      * runtime/RegExpConstructor.cpp:
      (JSC::constructRegExp):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
          RegExp error prefixes not included in error string.
      * yarr/RegexParser.h:
      (JSC::Yarr::Parser::parse):
          Removed regexBegin/regexEnd/regexError.
      * yarr/RegexPattern.cpp:
      (JSC::Yarr::RegexPatternConstructor::regexBegin):
          Removed regexEnd/regexError.
      (JSC::Yarr::compileRegex):
          Add call to regexBegin (no longer called from the parser).
      * yarr/YarrSyntaxChecker.cpp: Added.
      (JSC::Yarr::SyntaxChecker::assertionBOL):
      (JSC::Yarr::SyntaxChecker::assertionEOL):
      (JSC::Yarr::SyntaxChecker::assertionWordBoundary):
      (JSC::Yarr::SyntaxChecker::atomPatternCharacter):
      (JSC::Yarr::SyntaxChecker::atomBuiltInCharacterClass):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassBegin):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassAtom):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassRange):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassBuiltIn):
      (JSC::Yarr::SyntaxChecker::atomCharacterClassEnd):
      (JSC::Yarr::SyntaxChecker::atomParenthesesSubpatternBegin):
      (JSC::Yarr::SyntaxChecker::atomParentheticalAssertionBegin):
      (JSC::Yarr::SyntaxChecker::atomParenthesesEnd):
      (JSC::Yarr::SyntaxChecker::atomBackReference):
      (JSC::Yarr::SyntaxChecker::quantifyAtom):
      (JSC::Yarr::SyntaxChecker::disjunction):
      (JSC::Yarr::checkSyntax):
      * yarr/YarrSyntaxChecker.h: Added.
          Check RegExp syntax.
      
      LayoutTests: 
      
      Fix syntax errors in layout tests, and update expected results.
      
      * editing/selection/select-crash-001.html:
      * editing/selection/select-crash-002.html:
      * fast/canvas/webgl/renderbuffer-initialization.html:
      * fast/forms/25153.html:
      * fast/forms/textfield-drag-into-disabled.html:
      * fast/js/exception-codegen-crash-expected.txt:
      * fast/js/exception-codegen-crash.html:
      * fast/js/kde/parse-expected.txt:
      * fast/js/kde/script-tests/parse.js:
      * fast/js/large-expressions-expected.txt:
      * fast/js/named-function-expression-expected.txt:
      * fast/js/parser-syntax-check-expected.txt:
      * fast/js/script-tests/large-expressions.js:
      * fast/js/script-tests/named-function-expression.js:
      * fast/js/script-tests/parser-syntax-check.js:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A11.1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A11_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A12.1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.6_Iteration_Statements/12.6.3_The_for_Statement/S12.6.3_A12_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A1_T4-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A5_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A5_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A5_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A6-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A8_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.7_The_continue_Statement/S12.7_A8_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A1_T4-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A5_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A5_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A5_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A6-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A8_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.8_The_break_Statement/S12.8_A8_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T1-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T10-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T2-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T3-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T4-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T5-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T6-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T7-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T8-expected.txt:
      * fast/js/sputnik/Conformance/12_Statement/12.9_The_return_Statement/S12.9_A1_T9-expected.txt:
      * http/tests/security/isolatedWorld/events.html:
      * http/tests/security/isolatedWorld/userGestureEvents.html:
      * svg/custom/resources/use-instanceRoot-event-listeners.js:
      * svg/custom/rgbcolor-syntax.svg:
      * svg/custom/use-instanceRoot-modifications.svg:
      * svg/custom/use-property-changes-through-svg-dom.svg:
      * webarchive/adopt-attribute-styled-body-webarchive-expected.webarchive:
      * webarchive/resources/adopt-attribute-styled-body-iframe.html:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@75408 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7e6bd6d6
  30. 08 Jan, 2011 1 commit
  31. 09 Sep, 2009 1 commit
  32. 07 Apr, 2009 1 commit