1. 04 Dec, 2013 1 commit
    • fpizlo@apple.com's avatar
      Infer constant closure variables · 88fedde1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124630
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Captured variables that are assigned once (not counting op_enter's Undefined
      initialization) and that are contained within a function that has thus far only been
      entered once are now constant folded. It's pretty awesome.
              
      This involves a watchpoint on the assignment to variables and a watchpoint on entry
      into the function. The former is reused from global variable constant inference and the
      latter is reused from one-time closure inference.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedInstruction::UnlinkedInstruction):
      * bytecode/VariableWatchpointSet.h:
      (JSC::VariableWatchpointSet::invalidate):
      * bytecode/Watchpoint.h:
      (JSC::WatchpointSet::invalidate):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::addVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::emitInitLazyRegister):
      (JSC::BytecodeGenerator::emitMove):
      (JSC::BytecodeGenerator::emitNewFunctionInternal):
      (JSC::BytecodeGenerator::createArgumentsIfNecessary):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::addVar):
      (JSC::BytecodeGenerator::watchableVariable):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::inferredConstant):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::tryGetActivation):
      (JSC::DFG::Graph::tryGetRegisters):
      * dfg/DFGGraph.h:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_mov):
      (JSC::JIT::emit_op_captured_mov):
      (JSC::JIT::emit_op_new_captured_func):
      (JSC::JIT::emitSlow_op_captured_mov):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_mov):
      (JSC::JIT::emit_op_captured_mov):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      * runtime/ConstantMode.h: Added.
      * runtime/JSGlobalObject.h:
      * runtime/JSScope.cpp:
      (JSC::abstractAccess):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTableEntry::prepareToWatch):
      
      LayoutTests: 
      
      Reviewed by Geoffrey Garen.
              
      This adds both correctness and performance tests for constant closure variable
      inference.
      
      * js/regress/infer-closure-const-then-mov-expected.txt: Added.
      * js/regress/infer-closure-const-then-mov-no-inline-expected.txt: Added.
      * js/regress/infer-closure-const-then-mov-no-inline.html: Added.
      * js/regress/infer-closure-const-then-mov.html: Added.
      * js/regress/infer-closure-const-then-put-to-scope-expected.txt: Added.
      * js/regress/infer-closure-const-then-put-to-scope-no-inline-expected.txt: Added.
      * js/regress/infer-closure-const-then-put-to-scope-no-inline.html: Added.
      * js/regress/infer-closure-const-then-put-to-scope.html: Added.
      * js/regress/infer-closure-const-then-reenter-expected.txt: Added.
      * js/regress/infer-closure-const-then-reenter-no-inline-expected.txt: Added.
      * js/regress/infer-closure-const-then-reenter-no-inline.html: Added.
      * js/regress/infer-closure-const-then-reenter.html: Added.
      * js/regress/script-tests/infer-closure-const-then-mov-no-inline.js: Added.
      * js/regress/script-tests/infer-closure-const-then-mov.js: Added.
      * js/regress/script-tests/infer-closure-const-then-put-to-scope-no-inline.js: Added.
      (thingy.):
      (thingy):
      * js/regress/script-tests/infer-closure-const-then-put-to-scope.js: Added.
      (thingy.):
      (thingy):
      * js/regress/script-tests/infer-closure-const-then-reenter-no-inline.js: Added.
      (.return.foo):
      (foo):
      * js/regress/script-tests/infer-closure-const-then-reenter.js: Added.
      (.return.foo):
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160109 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      88fedde1
  2. 28 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      Infer one-time scopes · 1a72409c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124812
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This detects JSActivations that are created only once. The JSActivation pointer is then
      baked into the machine code.
              
      This takes advantage of the one-time scope inference to reduce the number of
      indirections needed to get to a closure variable in case where the scope is only
      allocated once. This isn't really a speed-up since in the common case the total number
      of instruction bytes needed to load the scope from the stack is about equal to the
      number of instruction bytes needed to materialize the absolute address of a scoped
      variable. But, this is a necessary prerequisite to
      https://bugs.webkit.org/show_bug.cgi?id=124630, so it's probably a good idea anyway.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.h:
      (JSC::WatchpointSet::notifyWrite):
      (JSC::InlineWatchpointSet::notifyWrite):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolveScope):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::tryGetRegisters):
      * dfg/DFGGraph.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::varNumber):
      (JSC::DFG::Node::hasSymbolTable):
      (JSC::DFG::Node::symbolTable):
      * dfg/DFGNodeType.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      * runtime/JSScope.cpp:
      (JSC::abstractAccess):
      (JSC::JSScope::abstractResolve):
      * runtime/JSScope.h:
      (JSC::ResolveOp::ResolveOp):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::registers):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::SymbolTable):
      * runtime/SymbolTable.h:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * js/regress/infer-one-time-closure-expected.txt: Added.
      * js/regress/infer-one-time-closure-ten-vars-expected.txt: Added.
      * js/regress/infer-one-time-closure-ten-vars.html: Added.
      * js/regress/infer-one-time-closure-two-vars-expected.txt: Added.
      * js/regress/infer-one-time-closure-two-vars.html: Added.
      * js/regress/infer-one-time-closure.html: Added.
      * js/regress/infer-one-time-deep-closure-expected.txt: Added.
      * js/regress/infer-one-time-deep-closure.html: Added.
      * js/regress/script-tests/infer-one-time-closure-ten-vars.js: Added.
      * js/regress/script-tests/infer-one-time-closure-two-vars.js: Added.
      * js/regress/script-tests/infer-one-time-closure.js: Added.
      * js/regress/script-tests/infer-one-time-deep-closure.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159834 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1a72409c
  3. 27 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      Restructure global variable constant inference so that it could work for any... · 8646834a
      fpizlo@apple.com authored
      Restructure global variable constant inference so that it could work for any kind of symbol table variable
      https://bugs.webkit.org/show_bug.cgi?id=124760
      
      Reviewed by Oliver Hunt.
              
      This changes the way global variable constant inference works so that it can be reused
      for closure variable constant inference. Some of the premises that originally motivated
      this patch are somewhat wrong, but it led to some simplifications anyway and I suspect
      that we'll be able to fix those premises in the future. The main point of this patch is
      to make it easy to reuse global variable constant inference for closure variable
      constant inference, and this will be possible provided we can also either (a) infer
      one-shot closures (easy) or (b) infer closure variables that are always assigned prior
      to first use.
              
      One of the things that this patch is meant to enable is constant inference for closure
      variables that may be part of a multi-shot closure. Closure variables may be
      instantiated multiple times, like:
              
          function foo() {
              var WIDTH = 45;
              function bar() {
                  ... use WIDTH ...
              }
              ...
          }
              
      Even if foo() is called many times and WIDTH is assigned to multiple times, that
      doesn't change the fact that it's a constant. The goal of closure variable constant
      inference is to catch any case where a closure variable has been assigned at least once
      and its value has never changed. This patch doesn't implement that, but it does change
      global variable constant inference to have most of the powers needed to do that. Note
      that most likely we will use this functionality only to implement constant inference
      for one-shot closures, but the resulting machinery is still simpler than what we had
      before.
              
      This involves three changes:
              
          - The watchpoint object now contains the inferred value. This involves creating a
            new kind of watchpoint set, the VariableWatchpointSet. We will reuse this object
            for closure variables.
              
          - Writing to a variable that is watchpointed still involves these three states that
            we proceed through monotonically (Uninitialized->Initialized->Invalidated) but
            now, the Initialized->Invalidated state transition only happens if we change the
            variable's value, rather than store to the variable. Repeatedly storing the same
            value won't change the variable's state.
              
          - On 64-bit systems (the only systems on which we do concurrent JIT), you no longer
            need fancy fencing to get a consistent view of the watchpoint in the JIT. The
            state of the VariableWatchpointSet for the purposes of constant folding is
            entirely encapsulated in the VariableWatchpointSet::m_inferredValue. If that is
            JSValue() then you cannot fold (either because the set is uninitialized or
            because it's invalidated - doesn't matter which); on the other hand if the value
            is anything other than JSValue() then you can fold, and that's the value you fold
            to. Simple!
              
      This also changes the way that DFG IR deals with variable watchpoints. It's now
      oblivious to global variables. You install a watchpoint using VariableWatchpoint and
      you notify write using NotifyWrite. Easy!
              
      Note that this will requires some more tweaks because of the fact that op_enter will
      store Undefined into every captured variable. Hence it won't even work for one-shot
      closures. One-shot closures are easily fixed by introducing another state (so we'll
      have Uninitialized->Undefined->Initialized->Invalidated). Multi-shot closures will
      require static analysis. One-shot closures are clearly a higher priority.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Instruction.h:
      * bytecode/VariableWatchpointSet.h: Added.
      (JSC::VariableWatchpointSet::VariableWatchpointSet):
      (JSC::VariableWatchpointSet::~VariableWatchpointSet):
      (JSC::VariableWatchpointSet::inferredValue):
      (JSC::VariableWatchpointSet::notifyWrite):
      (JSC::VariableWatchpointSet::invalidate):
      (JSC::VariableWatchpointSet::finalizeUnconditionally):
      (JSC::VariableWatchpointSet::addressOfInferredValue):
      * bytecode/Watchpoint.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::hasVariableWatchpointSet):
      (JSC::DFG::Node::variableWatchpointSet):
      * dfg/DFGNodeType.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileNotifyWrite):
      * jit/JIT.h:
      * jit/JITOperations.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitNotifyWrite):
      (JSC::JIT::emitPutGlobalVar):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emitNotifyWrite):
      (JSC::JIT::emitPutGlobalVar):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::addGlobalVar):
      (JSC::JSGlobalObject::addFunction):
      * runtime/JSGlobalObject.h:
      * runtime/JSScope.h:
      (JSC::ResolveOp::ResolveOp):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTableEntry::inferredValue):
      (JSC::SymbolTableEntry::prepareToWatch):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTable::visitChildren):
      (JSC::SymbolTable::WatchpointCleanup::WatchpointCleanup):
      (JSC::SymbolTable::WatchpointCleanup::~WatchpointCleanup):
      (JSC::SymbolTable::WatchpointCleanup::finalizeUnconditionally):
      * runtime/SymbolTable.h:
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159798 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8646834a
  4. 18 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      put_to_scope[5] should not point to the structure if it's a variable access,... · 40f7cbf3
      fpizlo@apple.com authored
      put_to_scope[5] should not point to the structure if it's a variable access, but it should point to the WatchpointSet
      https://bugs.webkit.org/show_bug.cgi?id=124539
      
      Reviewed by Mark Hahnenberg.
              
      This is in preparation for getting put_to_scope to directly invalidate the watchpoint set
      on stores, which will allow us to run constant inference on all globals.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      * bytecode/Instruction.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * runtime/JSScope.cpp:
      (JSC::abstractAccess):
      (JSC::JSScope::abstractResolve):
      * runtime/JSScope.h:
      (JSC::ResolveOp::ResolveOp):
      * runtime/SymbolTable.h:
      (JSC::SymbolTableEntry::watchpointSet):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159462 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      40f7cbf3
  5. 26 Sep, 2013 3 commits
    • msaboff@apple.com's avatar
      VirtualRegister should be a class · 62aa8b77
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121732
      
      Reviewed by Geoffrey Garen.
      
      This is a refactoring change.  Changed VirtualRegister from an enum to a class.
      Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
      and the similar functions for locals to VirtualRegister class.
      
      This is in preparation for changing the offset for the first local register from
      0 to -1.  This is needed since most native calling conventions have the architected
      frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
      pointer.  Local values start below that address.
      
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      * bytecode/MethodOfGettingAValueProfile.cpp:
      * bytecode/Operands.h:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecode/UnlinkedCodeBlock.h:
      * bytecode/ValueRecovery.h:
      * bytecode/VirtualRegister.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * bytecompiler/BytecodeGenerator.h:
      * bytecompiler/RegisterID.h:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGAbstractHeap.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      * dfg/DFGArgumentPosition.h:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      * dfg/DFGCapabilities.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCode.cpp:
      * dfg/DFGNode.h:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGScoreBoard.h:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGValidate.cpp:
      * dfg/DFGValueRecoveryOverride.h:
      * dfg/DFGVariableAccessData.h:
      * dfg/DFGVariableEvent.h:
      * dfg/DFGVariableEventStream.cpp:
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      * ftl/FTLExitArgumentForOperand.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLLowerDFGToLLVM.cpp:
      * ftl/FTLOSREntry.cpp:
      * ftl/FTLOSRExit.cpp:
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * jit/AssemblyHelpers.h:
      * jit/JIT.h:
      * jit/JITCall.cpp:
      * jit/JITCall32_64.cpp:
      * jit/JITInlines.h:
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITPropertyAccess32_64.cpp:
      * jit/JITStubs.cpp:
      * llint/LLIntSlowPaths.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * runtime/CommonSlowPaths.cpp:
      * runtime/JSActivation.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156511 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62aa8b77
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r156474. · bf43ed96
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/156474
      https://bugs.webkit.org/show_bug.cgi?id=121966
      
      Broke the builds. (Requested by xenon on #webkit).
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::registerName):
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::nameForRegister):
      * bytecode/CodeBlock.h:
      (JSC::unmodifiedArgumentsRegister):
      (JSC::CodeBlock::isKnownNotImmediate):
      (JSC::CodeBlock::setThisRegister):
      (JSC::CodeBlock::thisRegister):
      (JSC::CodeBlock::setArgumentsRegister):
      (JSC::CodeBlock::argumentsRegister):
      (JSC::CodeBlock::uncheckedArgumentsRegister):
      (JSC::CodeBlock::setActivationRegister):
      (JSC::CodeBlock::activationRegister):
      (JSC::CodeBlock::uncheckedActivationRegister):
      (JSC::CodeBlock::usesArguments):
      (JSC::CodeBlock::isCaptured):
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
      (JSC::LazyOperandValueProfileKey::operator!):
      (JSC::LazyOperandValueProfileKey::hash):
      (JSC::LazyOperandValueProfileKey::operand):
      (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
      (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
      * bytecode/MethodOfGettingAValueProfile.cpp:
      (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
      (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
      * bytecode/Operands.h:
      (JSC::localToOperand):
      (JSC::operandIsLocal):
      (JSC::operandToLocal):
      (JSC::operandIsArgument):
      (JSC::operandToArgument):
      (JSC::argumentToOperand):
      (JSC::Operands::operand):
      (JSC::Operands::hasOperand):
      (JSC::Operands::setOperand):
      (JSC::Operands::operandForIndex):
      (JSC::Operands::setOperandFirstTime):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedCodeBlock::setThisRegister):
      (JSC::UnlinkedCodeBlock::setActivationRegister):
      (JSC::UnlinkedCodeBlock::setArgumentsRegister):
      (JSC::UnlinkedCodeBlock::usesArguments):
      (JSC::UnlinkedCodeBlock::argumentsRegister):
      (JSC::UnlinkedCodeBlock::usesGlobalObject):
      (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
      (JSC::UnlinkedCodeBlock::globalObjectRegister):
      (JSC::UnlinkedCodeBlock::thisRegister):
      (JSC::UnlinkedCodeBlock::activationRegister):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * bytecode/VirtualRegister.h:
      (WTF::printInternal):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate):
      (JSC::BytecodeGenerator::addVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
      (JSC::BytecodeGenerator::newRegister):
      (JSC::BytecodeGenerator::emitLoadGlobalObject):
      (JSC::BytecodeGenerator::emitGetArgumentsLength):
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::createArgumentsIfNecessary):
      (JSC::BytecodeGenerator::emitReturn):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::registerFor):
      * bytecompiler/RegisterID.h:
      (JSC::RegisterID::RegisterID):
      (JSC::RegisterID::setIndex):
      (JSC::RegisterID::index):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::thisObject):
      * dfg/DFGAbstractHeap.h:
      (JSC::DFG::AbstractHeap::Payload::Payload):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      (JSC::DFG::::clobberCapturedVars):
      * dfg/DFGArgumentPosition.h:
      (JSC::DFG::ArgumentPosition::dump):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::newVariableAccessData):
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::setDirect):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
      (JSC::DFG::ByteCodeParser::findArgumentPosition):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::getToInt32):
      (JSC::DFG::ByteCodeParser::getThis):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitFunctionChecks):
      (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedActivationRegisterFor):
      (JSC::DFG::Graph::valueProfileFor):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (JSC::DFG::Node::hasVirtualRegister):
      (JSC::DFG::Node::virtualRegister):
      (JSC::DFG::Node::setVirtualRegister):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      (JSC::DFG::OSREntrypointCreationPhase::run):
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGRegisterBank.h:
      (JSC::DFG::RegisterBank::tryAllocate):
      (JSC::DFG::RegisterBank::allocateSpecific):
      (JSC::DFG::RegisterBank::retain):
      (JSC::DFG::RegisterBank::isInUse):
      (JSC::DFG::RegisterBank::dump):
      (JSC::DFG::RegisterBank::releaseAtIndex):
      (JSC::DFG::RegisterBank::allocateInternal):
      (JSC::DFG::RegisterBank::MapEntry::MapEntry):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::allocate):
      (JSC::DFG::ScoreBoard::use):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::checkConsistency):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::allocate):
      (JSC::DFG::SpeculativeJIT::fprAllocate):
      (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
      (JSC::DFG::SpeculativeJIT::flushRegisters):
      (JSC::DFG::SpeculativeJIT::isFlushed):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
      (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
      (JSC::DFG::SpeculativeJIT::setNodeForOperand):
      (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::validateCPS):
      (JSC::DFG::Validate::checkOperand):
      (JSC::DFG::Validate::reportValidationContext):
      * dfg/DFGValueRecoveryOverride.h:
      (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::operand):
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
      (JSC::DFG::VariableAccessData::flushFormat):
      * dfg/DFGVariableEvent.h:
      (JSC::DFG::VariableEvent::spill):
      (JSC::DFG::VariableEvent::setLocal):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLExitArgumentForOperand.h:
      (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
      (JSC::FTL::ExitArgumentForOperand::operand):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
      (JSC::FTL::LowerDFGToLLVM::observeMovHint):
      (JSC::FTL::LowerDFGToLLVM::addressFor):
      (JSC::FTL::LowerDFGToLLVM::payloadFor):
      (JSC::FTL::LowerDFGToLLVM::tagFor):
      * ftl/FTLOSREntry.cpp:
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSRExit.cpp:
      (JSC::FTL::OSRExit::convertToForward):
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      (JSC::unwindCallFrame):
      (JSC::Interpreter::unwind):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::addressFor):
      (JSC::AssemblyHelpers::tagFor):
      (JSC::AssemblyHelpers::payloadFor):
      (JSC::AssemblyHelpers::argumentsRegisterFor):
      * jit/JIT.h:
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITInlines.h:
      (JSC::JIT::emitGetVirtualRegister):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_tear_off_arguments):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_enter):
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_enter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::argumentsGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bf43ed96
    • msaboff@apple.com's avatar
      VirtualRegister should be a class · 1796ad0f
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121732
      
      Reviewed by Geoffrey Garen.
      
      This is a refactoring change.  Changed VirtualRegister from an enum to a class.
      Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
      and the similar functions for locals to VirtualRegister class.
      
      This is in preparation for changing the offset for the first local register from
      0 to -1.  This is needed since most native calling conventions have the architected
      frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
      pointer.  Local values start below that address.
      
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/Instruction.h:
      * bytecode/LazyOperandValueProfile.h:
      * bytecode/MethodOfGettingAValueProfile.cpp:
      * bytecode/Operands.h:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecode/UnlinkedCodeBlock.h:
      * bytecode/ValueRecovery.h:
      * bytecode/VirtualRegister.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * bytecompiler/BytecodeGenerator.h:
      * bytecompiler/RegisterID.h:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGAbstractHeap.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      * dfg/DFGArgumentPosition.h:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCFGSimplificationPhase.cpp:
      * dfg/DFGCPSRethreadingPhase.cpp:
      * dfg/DFGCapabilities.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCode.cpp:
      * dfg/DFGNode.h:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGScoreBoard.h:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGValidate.cpp:
      * dfg/DFGValueRecoveryOverride.h:
      * dfg/DFGVariableAccessData.h:
      * dfg/DFGVariableEvent.h:
      * dfg/DFGVariableEventStream.cpp:
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      * ftl/FTLExitArgumentForOperand.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLLowerDFGToLLVM.cpp:
      * ftl/FTLOSREntry.cpp:
      * ftl/FTLOSRExit.cpp:
      * ftl/FTLOSRExit.h:
      * ftl/FTLOSRExitCompiler.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * jit/AssemblyHelpers.h:
      * jit/JIT.h:
      * jit/JITCall.cpp:
      * jit/JITInlines.h:
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITStubs.cpp:
      * llint/LLIntSlowPaths.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * runtime/CommonSlowPaths.cpp:
      * runtime/JSActivation.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156474 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1796ad0f
  6. 25 Jul, 2013 1 commit
    • oliver@apple.com's avatar
      fourthTier: Re-worked non-local variable resolution · 58c86752
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117375
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      This patch has two goals:
      
      (1) Simplicity.
      
          * Net removes 15 opcodes.
          * Net removes 2,000 lines of code.
          * Removes setPair() from the DFG: All DFG nodes have 1 result register now.
      
      (2) Performance.
      
          * 2%-3% speedup on SunSpider (20% in LLInt and Baseline JIT)
          * 2% speedup on v8-spider
          * 10% speedup on js-regress-hashmap*
          * Amusing 2X speedup on js-regress-poly-stricteq
      
      The bytecode now separates the scope chain resolution opcode from the
      scope access opcode.
      
          OLD:
              get_scoped_var  r0, 1, 0
              inc             r0
              put_scoped_var  1, 0, r0
      
          NEW:
              resolve_scope   r0, x(@id0)
              get_from_scope  r1, r0, x(@id0)
              inc             r1
              put_to_scope    r0, x(@id0), r1
      
      Also, we link non-local variable resolution opcodes at CodeBlock link
      time instead of time of first opcode execution.
      
      This means that we can represent all possible non-local variable
      resolutions using just three opcodes, and any optimizations in these
      opcodes naturally apply across-the-board.
      
      * API/JSCTestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles):
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri: Build!
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode): Updated for removed things.
      
      (JSC::CodeBlock::CodeBlock): Always provide the full scope chain when
      creating a CodeBlock, so we can perform non-local variable resolution.
      
      Added code to perform linking for these opcodes. This is where we figure
      out which non-local variable resolutions are optimizable, and how.
      
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::noticeIncomingCall):
      (JSC::CodeBlock::optimizeAfterWarmUp):
      (JSC::CodeBlock::optimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeSoon): Updated for removed things.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::needsActivation):
      (JSC::GlobalCodeBlock::GlobalCodeBlock):
      (JSC::ProgramCodeBlock::ProgramCodeBlock):
      (JSC::EvalCodeBlock::EvalCodeBlock):
      (JSC::FunctionCodeBlock::FunctionCodeBlock):
      * bytecode/EvalCodeCache.h:
      (JSC::EvalCodeCache::getSlow): Updated for interface changes.
      
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFor): Treat global object access as
      optimizable even though the global object has a custom property access
      callback. This is what we've always done since, otherwise, we can't
      optimize globals. (In future, we probably want to figure out a more
      targeted policy than "any property access callback means no
      optimization".)
      
      * bytecode/GlobalResolveInfo.h: Removed.
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFor): Like GetByIdStatus.
      
      * bytecode/ResolveGlobalStatus.cpp: Removed.
      * bytecode/ResolveGlobalStatus.h: Removed.
      * bytecode/ResolveOperation.h: Removed.
      
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h: Don't provide a scope chain to unlinked
      code blocks. Giving a scope to an unscoped compilation unit invites
      programming errors.
      
      * bytecode/Watchpoint.h:
      (JSC::WatchpointSet::addressOfIsInvalidated):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolveCallee):
      (JSC::BytecodeGenerator::local):
      (JSC::BytecodeGenerator::constLocal):
      (JSC::BytecodeGenerator::resolveType):
      (JSC::BytecodeGenerator::emitResolveScope):
      (JSC::BytecodeGenerator::emitGetFromScope):
      (JSC::BytecodeGenerator::emitPutToScope):
      (JSC::BytecodeGenerator::emitInstanceOf):
      (JSC::BytecodeGenerator::emitPushWithScope):
      (JSC::BytecodeGenerator::emitPopScope):
      (JSC::BytecodeGenerator::pushFinallyContext):
      (JSC::BytecodeGenerator::emitComplexPopScopes):
      (JSC::BytecodeGenerator::popTryAndEmitCatch):
      (JSC::BytecodeGenerator::emitPushNameScope):
      (JSC::BytecodeGenerator::isArgumentNumber):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::Local::Local):
      (JSC::Local::operator bool):
      (JSC::Local::get):
      (JSC::Local::isReadOnly):
      (JSC::BytecodeGenerator::scopeDepth):
      (JSC::BytecodeGenerator::shouldOptimizeLocals):
      (JSC::BytecodeGenerator::canOptimizeNonLocals): Refactored the bytecode
      generator to resolve all variables within local scope, as if there
      were no non-local scope. This helps provide a separation of concerns:
      unlinked bytecode is always scope-free, and the linking stage links
      in the provided scope.
      
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ResolveNode::isPure):
      (JSC::ResolveNode::emitBytecode):
      (JSC::EvalFunctionCallNode::emitBytecode):
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixNode::emitResolve):
      (JSC::DeleteResolveNode::emitBytecode):
      (JSC::TypeOfResolveNode::emitBytecode):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      (JSC::ForInNode::emitBytecode): A bunch of this codegen is no longer
      necessary, since it's redundant with the linking stage.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
      (JSC::DFG::ByteCodeParser::handlePutByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock): Updated for interface changes.
      Notably, we can reuse existing DFG nodes -- but the mapping between
      bytecode and DFG nodes has changed, and some nodes and corner cases have
      been removed.
      
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::varInjectionWatchpointElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE): Added CSE for var injection
      watchpoints. Even though watchpoints are "free", they're quite common
      inside code that's subject to var injection, so I figured we'd save a
      little memory.
      
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * dfg/DFGCapabilities.h: Removed detection for old forms.
      
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCode.cpp:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
      (JSC::DFG::Node::hasVarNumber):
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::hasHeapPrediction):
      * dfg/DFGNodeType.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.h:
      (JSC::DFG::dfgResetGetByID):
      (JSC::DFG::dfgResetPutByID):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation): Removed some unneeded things,
      and updated for renames.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): The two primary changes here are:
      
      (1) Use a watchpoint for var injection instead of looping over the scope
      chain and checking. This is more efficient and much easier to model in
      code generation.
      
      (2) I've eliminated the notion of an optimized global assignment that
      needs to check for whether it should fire a watchpiont. Instead, we
      fire pre-emptively at the point of optimization. This removes a bunch
      of edge cases, and it seems like a more honest representation of
      the fact that our new optimization contradicts our old one.
      
      * dfg/DFGTypeCheckHoistingPhase.cpp:
      (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
      (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
      * heap/DFGCodeBlocks.cpp:
      (JSC::DFGCodeBlocks::jettison):
      * interpreter/CallFrame.h:
      (JSC::ExecState::trueCallFrame): Removed stuff that's unused now, and
      fixed the build.
      
      * interpreter/Interpreter.cpp:
      (JSC::eval):
      (JSC::getBytecodeOffsetForCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::throwException): Updated exception scope tracking
      to match the rest of our linking strategy: The unlinked bytecode compiles
      exception scope as if non-local scope did not exist, and we add in
      non-local scope at link time. This means that we can restore the right
      scope depth based on a simple number, without checking the contents of
      the scope chain.
      
      (JSC::Interpreter::execute): Make sure to establish the full scope chain
      before linking eval code. We now require the full scope chain at link
      time, in order to link non-local variable resolution opcodes.
      
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emit_op_add):
      * jit/JITCode.cpp:
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emitSlow_op_bitxor):
      (JSC::JIT::emitSlow_op_bitor):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emitSlow_op_to_primitive):
      (JSC::JIT::emit_op_strcat):
      (JSC::JIT::emitSlow_op_create_this):
      (JSC::JIT::emitSlow_op_to_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitVarInjectionCheck):
      (JSC::JIT::emitResolveClosure):
      (JSC::JIT::emit_op_resolve_scope):
      (JSC::JIT::emitSlow_op_resolve_scope):
      (JSC::JIT::emitLoadWithStructureCheck):
      (JSC::JIT::emitGetGlobalProperty):
      (JSC::JIT::emitGetGlobalVar):
      (JSC::JIT::emitGetClosureVar):
      (JSC::JIT::emit_op_get_from_scope):
      (JSC::JIT::emitSlow_op_get_from_scope):
      (JSC::JIT::emitPutGlobalProperty):
      (JSC::JIT::emitPutGlobalVar):
      (JSC::JIT::emitPutClosureVar):
      (JSC::JIT::emit_op_put_to_scope):
      (JSC::JIT::emitSlow_op_put_to_scope):
      (JSC::JIT::emit_op_init_global_const):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emitVarInjectionCheck):
      (JSC::JIT::emitResolveClosure):
      (JSC::JIT::emit_op_resolve_scope):
      (JSC::JIT::emitSlow_op_resolve_scope):
      (JSC::JIT::emitLoadWithStructureCheck):
      (JSC::JIT::emitGetGlobalProperty):
      (JSC::JIT::emitGetGlobalVar):
      (JSC::JIT::emitGetClosureVar):
      (JSC::JIT::emit_op_get_from_scope):
      (JSC::JIT::emitSlow_op_get_from_scope):
      (JSC::JIT::emitPutGlobalProperty):
      (JSC::JIT::emitPutGlobalVar):
      (JSC::JIT::emitPutClosureVar):
      (JSC::JIT::emit_op_put_to_scope):
      (JSC::JIT::emitSlow_op_put_to_scope):
      (JSC::JIT::emit_op_init_global_const):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h: Re-wrote baseline JIT codegen for our new variable
      resolution model.
      
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntSlowPaths.cpp:
      * llint/LLIntSlowPaths.h:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Ditto for LLInt.
      
      * offlineasm/x86.rb: Fixed a pre-existing encoding bug for a syntactic
      form that we never used before.
      
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncToLocaleString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      (JSC::arrayProtoFuncIndexOf):
      (JSC::arrayProtoFuncLastIndexOf): Fixed some pre-existing bugs in
      'this' value conversion, which I made much more common by removing
      special cases in bytecode generation.
      
      These functions need to invoke toThis() because they observe the 'this'
      value. Also, toLocaleString() is specified to accept non-array 'this'
      values.
      
      (Most other host functions don't need this fix because they perform
      strict 'this' checking, which never coerces unexpected types.)
      
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      * runtime/CodeCache.h: Don't supply a scope to the unlinked code cache.
      Unlinked code is supposed to be scope-free, so let's have the compiler
      help verify that.
      
      * runtime/CommonSlowPaths.cpp:
      (JSC::SLOW_PATH_DECL):
      * runtime/CommonSlowPaths.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::create):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::EvalExecutable::numVariables):
      (JSC::EvalExecutable::numberOfFunctionDecls):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecutionImpl):
      (JSC::prepareFunctionForExecutionImpl):
      (JSC::installOptimizedCode): Fiddled with executable initialization so
      that we can always generate a full scope chain before we go to link a
      code block. We need this because code block linking now depends on the
      scope chain to link non-local variable resolution opcodes.
      
      * runtime/JSActivation.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::varInjectionWatchpoint):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
      * runtime/JSNameScope.h:
      * runtime/JSScope.cpp:
      (JSC::abstractAccess):
      (JSC::JSScope::objectAtScope):
      (JSC::JSScope::depth):
      (JSC::JSScope::resolve):
      (JSC::JSScope::abstractResolve): Updated to match changes explained above.
      
      * runtime/JSScope.h:
      (JSC::makeType):
      (JSC::needsVarInjectionChecks):
      (JSC::ResolveOp::ResolveOp):
      (JSC::ResolveModeAndType::ResolveModeAndType):
      (JSC::ResolveModeAndType::mode):
      (JSC::ResolveModeAndType::type):
      (JSC::ResolveModeAndType::operand): Removed the old variable resolution
      state machine, since it's unused now. Added logic for performing abstract
      variable resolution at link time. This is used by codeblock linking.
      
      * runtime/ObjectPrototype.cpp:
      (JSC::objectProtoFuncValueOf):
      (JSC::objectProtoFuncHasOwnProperty):
      (JSC::objectProtoFuncIsPrototypeOf):
      (JSC::objectProtoFuncDefineGetter):
      (JSC::objectProtoFuncDefineSetter):
      (JSC::objectProtoFuncLookupGetter):
      (JSC::objectProtoFuncLookupSetter):
      (JSC::objectProtoFuncPropertyIsEnumerable):
      (JSC::objectProtoFuncToLocaleString):
      (JSC::objectProtoFuncToString): Fixed some pre-existing bugs in
      'this' value conversion, which I made much more common by removing
      special cases in bytecode generation.
      
      These functions need to invoke toThis() because they observe the 'this'
      value.
      
      * runtime/StringPrototype.cpp:
      (JSC::checkObjectCoercible):
      (JSC::stringProtoFuncReplace):
      (JSC::stringProtoFuncCharAt):
      (JSC::stringProtoFuncCharCodeAt):
      (JSC::stringProtoFuncConcat):
      (JSC::stringProtoFuncIndexOf):
      (JSC::stringProtoFuncLastIndexOf):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSlice):
      (JSC::stringProtoFuncSplit):
      (JSC::stringProtoFuncSubstr):
      (JSC::stringProtoFuncSubstring):
      (JSC::stringProtoFuncToLowerCase):
      (JSC::stringProtoFuncToUpperCase):
      (JSC::stringProtoFuncLocaleCompare):
      (JSC::stringProtoFuncBig):
      (JSC::stringProtoFuncSmall):
      (JSC::stringProtoFuncBlink):
      (JSC::stringProtoFuncBold):
      (JSC::stringProtoFuncFixed):
      (JSC::stringProtoFuncItalics):
      (JSC::stringProtoFuncStrike):
      (JSC::stringProtoFuncSub):
      (JSC::stringProtoFuncSup):
      (JSC::stringProtoFuncFontcolor):
      (JSC::stringProtoFuncFontsize):
      (JSC::stringProtoFuncAnchor):
      (JSC::stringProtoFuncLink):
      (JSC::trimString): Fixed some pre-existing bugs in
      'this' value conversion, which I made much more common by removing
      special cases in bytecode generation.
      
      These functions need to invoke toThis() because they observe the 'this'
      value.
      
      * runtime/StructureRareData.cpp:
      * runtime/VM.cpp:
      (JSC::VM::~VM):
      
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::slot): Modified to reduce casting in client code.
      
      LayoutTests:
      
      This patch removed special-case 'this' resolution from bytecode, making
      some pre-existing edge cases in 'this' value treatment much more common.
      
      I updated the test results below, and added some tests, to match bug
      fixes for these cases.
      
      * fast/js/script-tests/array-functions-non-arrays.js:
      * fast/js/array-functions-non-arrays-expected.txt: As specified, it's
      not an error to pass a non-array to toLocaleString. Our new result
      matches Firefox and Chrome.
      
      * fast/js/array-prototype-properties-expected.txt: Updated for slightly
      clearer error message.
      
      * fast/js/basic-strict-mode-expected.txt: Updated for slightly more
      standard error message.
      
      * fast/js/object-prototype-toString-expected.txt: Added.
      * fast/js/object-prototype-toString.html: Added. This test demonstrates
      why we now fail a Sputnik test below, while Firefox and Chrome pass it.
      (The test doesn't test what it thinks it tests, and this test verifies
      that we get right what it does think it tests.)
      
      * fast/js/string-prototype-function-this-expected.txt: Added.
      * fast/js/string-prototype-function-this.html: Added. This test shows
      that we CheckObjectCoercible in string prototype functions. (We used
      to get this wrong, but Sputnik tests made it seem like we got it right
      because they didn't test the dynamic scope case.)
      
      * sputnik/Conformance/11_Expressions/11.1_Primary_Expressions/11.1.1_The_this_Keyword/S11.1.1_A2-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.3_Array_prototype_toLocaleString/S15.4.4.3_A2_T1-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.6_String.prototype.concat/S15.5.4.6_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A1_T3-expected.txt:
      * sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A1_T3-expected.txt:
      
      Updated to show failing results. Firefox and Chrome also fail these
      tests, and the ES5 spec seems to mandate failure. Because these tests
      resolve a String.prototype function at global scope, the 'this' value
      for the call is an environment record. Logically, an environment record
      converts to 'undefined' at the call site, and should then fail the
      CheckObjectCoercible test.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153221 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      58c86752
  7. 18 Apr, 2013 1 commit
    • ggaren@apple.com's avatar
      Renamed JSGlobalData to VM · 9a9a4b52
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114777
      
      Reviewed by Phil Pizlo.
      
      ../JavaScriptCore: 
      
      * API/APICast.h:
      (JSC):
      (toJS):
      (toRef):
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APICallbackShim::APICallbackShim):
      (JSC::APICallbackShim::~APICallbackShim):
      (APICallbackShim):
      * API/JSAPIWrapperObject.h:
      (JSAPIWrapperObject):
      * API/JSAPIWrapperObject.mm:
      (JSC::::createStructure):
      (JSC::JSAPIWrapperObject::JSAPIWrapperObject):
      (JSC::JSAPIWrapperObject::finishCreation):
      (JSC::JSAPIWrapperObject::visitChildren):
      * API/JSBase.cpp:
      (JSGarbageCollect):
      (JSReportExtraMemoryCost):
      (JSSynchronousGarbageCollectForDebugging):
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::create):
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObjectData::setPrivateProperty):
      (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
      (JSCallbackObject):
      (JSC::JSCallbackObject::setPrivateProperty):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::JSCallbackObject):
      (JSC::::finishCreation):
      (JSC::::put):
      (JSC::::staticFunctionGetter):
      * API/JSClassRef.cpp:
      (OpaqueJSClassContextData::OpaqueJSClassContextData):
      (OpaqueJSClass::contextData):
      (OpaqueJSClass::prototype):
      * API/JSClassRef.h:
      (OpaqueJSClassContextData):
      * API/JSContext.mm:
      (-[JSContext setException:]):
      (-[JSContext initWithGlobalContextRef:]):
      (+[JSContext contextWithGlobalContextRef:]):
      * API/JSContextRef.cpp:
      (JSContextGroupCreate):
      (JSContextGroupRelease):
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRetain):
      (JSGlobalContextRelease):
      (JSContextGetGroup):
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMake):
      (JSObjectMakeConstructor):
      (JSObjectMakeFunction):
      (JSObjectSetPrototype):
      (JSObjectHasProperty):
      (JSObjectGetProperty):
      (JSObjectSetProperty):
      (JSObjectDeleteProperty):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
      (OpaqueJSPropertyNameArray):
      (JSObjectCopyPropertyNames):
      (JSPropertyNameArrayRelease):
      (JSPropertyNameAccumulatorAddName):
      * API/JSScriptRef.cpp:
      (OpaqueJSScript::create):
      (OpaqueJSScript::vm):
      (OpaqueJSScript::OpaqueJSScript):
      (OpaqueJSScript):
      (parseScript):
      * API/JSVirtualMachine.mm:
      (scanExternalObjectGraph):
      * API/JSVirtualMachineInternal.h:
      (JSC):
      * API/JSWrapperMap.mm:
      (makeWrapper):
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * API/ObjCCallbackFunction.mm:
      (JSC::ObjCCallbackFunction::create):
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::identifier):
      * API/OpaqueJSString.h:
      (JSC):
      (OpaqueJSString):
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * KeywordLookupGenerator.py:
      (Trie.printSubTreeAsC):
      * Target.pri:
      * assembler/ARMAssembler.cpp:
      (JSC::ARMAssembler::executableCopy):
      * assembler/ARMAssembler.h:
      (ARMAssembler):
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/AssemblerBufferWithConstantPool.h:
      (JSC::AssemblerBufferWithConstantPool::executableCopy):
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::linkCode):
      * assembler/LinkBuffer.h:
      (JSC):
      (JSC::LinkBuffer::LinkBuffer):
      (LinkBuffer):
      * assembler/MIPSAssembler.h:
      (JSC::MIPSAssembler::executableCopy):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CallLinkInfo.h:
      (CallLinkInfo):
      * bytecode/CodeBlock.cpp:
      (JSC::dumpStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::findClosureCallForReturnPC):
      (JSC::ProgramCodeBlock::jettisonImpl):
      (JSC::EvalCodeBlock::jettisonImpl):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::predictedMachineCodeSize):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendWeakReference):
      (JSC::CodeBlock::appendWeakReferenceTransition):
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::setGlobalData):
      (JSC::CodeBlock::vm):
      (JSC::CodeBlock::valueProfileForBytecodeOffset):
      (JSC::CodeBlock::addConstant):
      (JSC::CodeBlock::setConstantRegisters):
      (CodeBlock):
      (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
      * bytecode/EvalCodeCache.h:
      (JSC::EvalCodeCache::getSlow):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC::GetByIdStatus::computeForChain):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/ObjectAllocationProfile.h:
      (JSC::ObjectAllocationProfile::initialize):
      (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
      * bytecode/PolymorphicAccessStructureList.h:
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      * bytecode/PreciseJumpTargets.cpp:
      (JSC::computePreciseJumpTargets):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (JSC):
      (PutByIdStatus):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingTool::notifyOfScope):
      * bytecode/SamplingTool.h:
      (JSC::ScriptSampleRecord::ScriptSampleRecord):
      (SamplingTool):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::initGetByIdSelf):
      (JSC::StructureStubInfo::initGetByIdProto):
      (JSC::StructureStubInfo::initGetByIdChain):
      (JSC::StructureStubInfo::initPutByIdTransition):
      (JSC::StructureStubInfo::initPutByIdReplace):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::link):
      (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::create):
      (UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::finishCreation):
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedCodeBlock::addRegExp):
      (JSC::UnlinkedCodeBlock::addConstant):
      (JSC::UnlinkedCodeBlock::addFunctionDecl):
      (JSC::UnlinkedCodeBlock::addFunctionExpr):
      (JSC::UnlinkedCodeBlock::vm):
      (UnlinkedCodeBlock):
      (JSC::UnlinkedCodeBlock::finishCreation):
      (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::create):
      (JSC::UnlinkedProgramCodeBlock::addFunctionDeclaration):
      (JSC::UnlinkedProgramCodeBlock::UnlinkedProgramCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::create):
      (JSC::UnlinkedEvalCodeBlock::UnlinkedEvalCodeBlock):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::create):
      (JSC::UnlinkedFunctionCodeBlock::UnlinkedFunctionCodeBlock):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::addConstant):
      (JSC::BytecodeGenerator::emitLoad):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::addStringConstant):
      (JSC::BytecodeGenerator::expectedFunctionForIdentifier):
      (JSC::BytecodeGenerator::emitThrowReferenceError):
      (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::vm):
      (JSC::BytecodeGenerator::propertyNames):
      (JSC::BytecodeGenerator::makeFunction):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::ArrayNode::toArgumentList):
      (JSC::ApplyFunctionCallDotNode::emitBytecode):
      (JSC::InstanceOfNode::emitBytecode):
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      (JSC::evaluateInGlobalCallFrame):
      * debugger/Debugger.h:
      (JSC):
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::DebuggerActivation):
      (JSC::DebuggerActivation::finishCreation):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::create):
      (JSC::DebuggerActivation::createStructure):
      (DebuggerActivation):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::evaluate):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::vm):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGByteCodeParser.h:
      (JSC):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::CCallHelpers):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::reportToProfiler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      (JSC::DFG::operationPutByValInternal):
      (JSC::getHostCallReturnValueWithExecState):
      * dfg/DFGPhase.h:
      (JSC::DFG::Phase::vm):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      (JSC::DFG::linkSlowFor):
      (JSC::DFG::dfgLinkFor):
      (JSC::DFG::dfgLinkSlowFor):
      (JSC::DFG::dfgLinkClosureCall):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::compileFromCharCode):
      (JSC::DFG::SpeculativeJIT::compileMakeRope):
      (JSC::DFG::SpeculativeJIT::compileStringEquality):
      (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::linkForThunkGenerator):
      (JSC::DFG::linkCallThunkGenerator):
      (JSC::DFG::linkConstructThunkGenerator):
      (JSC::DFG::linkClosureCallThunkGenerator):
      (JSC::DFG::virtualForThunkGenerator):
      (JSC::DFG::virtualCallThunkGenerator):
      (JSC::DFG::virtualConstructThunkGenerator):
      * dfg/DFGThunks.h:
      (JSC):
      (DFG):
      * heap/BlockAllocator.h:
      (JSC):
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      (JSC::CopiedSpace::tryReallocate):
      * heap/CopiedSpaceInlines.h:
      (JSC::CopiedSpace::tryAllocate):
      * heap/GCThreadSharedData.cpp:
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      * heap/GCThreadSharedData.h:
      (JSC):
      (GCThreadSharedData):
      * heap/HandleSet.cpp:
      (JSC::HandleSet::HandleSet):
      (JSC::HandleSet::~HandleSet):
      (JSC::HandleSet::grow):
      * heap/HandleSet.h:
      (JSC):
      (HandleSet):
      (JSC::HandleSet::vm):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC):
      (JSC::Heap::lastChanceToFinalize):
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::stack):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::collect):
      (JSC::Heap::isValidAllocation):
      * heap/Heap.h:
      (JSC):
      (Heap):
      (JSC::Heap::vm):
      * heap/HeapTimer.cpp:
      (JSC::HeapTimer::HeapTimer):
      (JSC::HeapTimer::timerDidFire):
      (JSC::HeapTimer::timerEvent):
      * heap/HeapTimer.h:
      (JSC):
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/Local.h:
      (Local):
      (JSC::::Local):
      (JSC::LocalStack::LocalStack):
      (JSC::LocalStack::push):
      (LocalStack):
      * heap/LocalScope.h:
      (JSC):
      (LocalScope):
      (JSC::LocalScope::LocalScope):
      * heap/MachineStackMarker.cpp:
      (JSC::MachineThreads::addCurrentThread):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::vm):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::SlotVisitor):
      (JSC::SlotVisitor::setup):
      * heap/Strong.h:
      (JSC):
      (Strong):
      (JSC::Strong::operator=):
      * heap/StrongInlines.h:
      (JSC::::Strong):
      (JSC::::set):
      * heap/SuperRegion.h:
      (JSC):
      * heap/WeakSet.cpp:
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::WeakSet):
      (JSC::WeakSet::vm):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (JSC):
      (AbstractPC):
      * interpreter/CachedCall.h:
      (JSC::CachedCall::CachedCall):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::clearException):
      (JSC::ExecState::clearSupplementaryExceptionInfo):
      (JSC::ExecState::exception):
      (JSC::ExecState::hadException):
      (JSC::ExecState::propertyNames):
      (JSC::ExecState::emptyList):
      (JSC::ExecState::interpreter):
      (JSC::ExecState::heap):
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::jsonTable):
      (JSC::ExecState::mathTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectConstructorTable):
      (JSC::ExecState::privateNamePrototypeTable):
      (JSC::ExecState::regExpTable):
      (JSC::ExecState::regExpConstructorTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable):
      (JSC::ExecState::abstractReturnPC):
      * interpreter/CallFrameClosure.h:
      (CallFrameClosure):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::eval):
      (JSC::loadVarargs):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::appendSourceToError):
      (JSC::getCallerInfo):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::addStackTraceIfNecessary):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      (JSC::Interpreter::retrieveCallerFromVMCode):
      * interpreter/Interpreter.h:
      (JSC):
      (JSC::TopCallFrameSetter::TopCallFrameSetter):
      (JSC::TopCallFrameSetter::~TopCallFrameSetter):
      (TopCallFrameSetter):
      (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
      (Interpreter):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      * interpreter/JSStack.h:
      (JSC):
      * jit/ClosureCallStubRoutine.cpp:
      (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
      * jit/ClosureCallStubRoutine.h:
      (ClosureCallStubRoutine):
      * jit/ExecutableAllocator.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/ExecutableAllocator.h:
      (JSC):
      (ExecutableAllocator):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/GCAwareJITStubRoutine.cpp:
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h:
      (GCAwareJITStubRoutine):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompile):
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JIT.h:
      (JSC::JIT::compile):
      (JSC::JIT::compileClosureCall):
      (JSC::JIT::compileGetByIdProto):
      (JSC::JIT::compileGetByIdSelfList):
      (JSC::JIT::compileGetByIdProtoList):
      (JSC::JIT::compileGetByIdChainList):
      (JSC::JIT::compileGetByIdChain):
      (JSC::JIT::compilePutByIdTransition):
      (JSC::JIT::compileGetByVal):
      (JSC::JIT::compilePutByVal):
      (JSC::JIT::compileCTINativeCall):
      (JSC::JIT::compilePatchGetArrayLength):
      (JIT):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCode.h:
      (JSC):
      (JSC::JITCode::execute):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      (JSC::jitThrow):
      * jit/JITExceptions.h:
      (JSC):
      * jit/JITInlines.h:
      (JSC::JIT::emitLoadCharacterString):
      (JSC::JIT::updateTopCallFrame):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emitSlow_op_eq):
      (JSC::JIT::emitSlow_op_neq):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      (JSC::ctiTrampoline):
      (JSC):
      (JSC::performPlatformSpecificJITAssertions):
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::returnToThrowTrampoline):
      (JSC::throwExceptionFromOpCall):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      (JSC::putByVal):
      * jit/JITStubs.h:
      (JSC):
      (JITStackFrame):
      * jit/JITThunks.cpp:
      (JSC::JITThunks::ctiNativeCall):
      (JSC::JITThunks::ctiNativeConstruct):
      (JSC::JITThunks::ctiStub):
      (JSC::JITThunks::hostFunctionStub):
      * jit/JITThunks.h:
      (JSC):
      (JITThunks):
      * jit/JITWriteBarrier.h:
      (JSC):
      (JSC::JITWriteBarrierBase::set):
      (JSC::JITWriteBarrier::set):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadJSStringArgument):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerator.h:
      (JSC):
      * jit/ThunkGenerators.cpp:
      (JSC::generateSlowCaseFor):
      (JSC::linkForGenerator):
      (JSC::linkCallGenerator):
      (JSC::linkConstructGenerator):
      (JSC::linkClosureCallGenerator):
      (JSC::virtualForGenerator):
      (JSC::virtualCallGenerator):
      (JSC::virtualConstructGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::nativeCallGenerator):
      (JSC::nativeConstructGenerator):
      (JSC::stringCharLoad):
      (JSC::charToString):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * jit/ThunkGenerators.h:
      (JSC):
      * jsc.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      (functionDumpCallFrame):
      (functionJSCStack):
      (functionReleaseExecutableMemory):
      (functionRun):
      (main):
      (runWithScripts):
      (jscmain):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntData.h:
      (JSC):
      (Data):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h:
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/cloop.rb:
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::ASTBuilder):
      (JSC::ASTBuilder::createSourceElements):
      (JSC::ASTBuilder::createCommaExpr):
      (JSC::ASTBuilder::createLogicalNot):
      (JSC::ASTBuilder::createUnaryPlus):
      (JSC::ASTBuilder::createVoid):
      (JSC::ASTBuilder::thisExpr):
      (JSC::ASTBuilder::createResolve):
      (JSC::ASTBuilder::createObjectLiteral):
      (JSC::ASTBuilder::createArray):
      (JSC::ASTBuilder::createNumberExpr):
      (JSC::ASTBuilder::createString):
      (JSC::ASTBuilder::createBoolean):
      (JSC::ASTBuilder::createNull):
      (JSC::ASTBuilder::createBracketAccess):
      (JSC::ASTBuilder::createDotAccess):
      (JSC::ASTBuilder::createRegExp):
      (JSC::ASTBuilder::createNewExpr):
      (JSC::ASTBuilder::createConditionalExpr):
      (JSC::ASTBuilder::createAssignResolve):
      (JSC::ASTBuilder::createFunctionExpr):
      (JSC::ASTBuilder::createFunctionBody):
      (JSC::ASTBuilder::createGetterOrSetterProperty):
      (JSC::ASTBuilder::createArguments):
      (JSC::ASTBuilder::createArgumentsList):
      (JSC::ASTBuilder::createProperty):
      (JSC::ASTBuilder::createPropertyList):
      (JSC::ASTBuilder::createElementList):
      (JSC::ASTBuilder::createFormalParameterList):
      (JSC::ASTBuilder::createClause):
      (JSC::ASTBuilder::createClauseList):
      (JSC::ASTBuilder::createFuncDeclStatement):
      (JSC::ASTBuilder::createBlockStatement):
      (JSC::ASTBuilder::createExprStatement):
      (JSC::ASTBuilder::createIfStatement):
      (JSC::ASTBuilder::createForLoop):
      (JSC::ASTBuilder::createForInLoop):
      (JSC::ASTBuilder::createEmptyStatement):
      (JSC::ASTBuilder::createVarStatement):
      (JSC::ASTBuilder::createReturnStatement):
      (JSC::ASTBuilder::createBreakStatement):
      (JSC::ASTBuilder::createContinueStatement):
      (JSC::ASTBuilder::createTryStatement):
      (JSC::ASTBuilder::createSwitchStatement):
      (JSC::ASTBuilder::createWhileStatement):
      (JSC::ASTBuilder::createDoWhileStatement):
      (JSC::ASTBuilder::createLabelStatement):
      (JSC::ASTBuilder::createWithStatement):
      (JSC::ASTBuilder::createThrowStatement):
      (JSC::ASTBuilder::createDebugger):
      (JSC::ASTBuilder::createConstStatement):
      (JSC::ASTBuilder::appendConstDecl):
      (JSC::ASTBuilder::addVar):
      (JSC::ASTBuilder::combineCommaNodes):
      (JSC::ASTBuilder::Scope::Scope):
      (JSC::ASTBuilder::createNumber):
      (ASTBuilder):
      (JSC::ASTBuilder::makeTypeOfNode):
      (JSC::ASTBuilder::makeDeleteNode):
      (JSC::ASTBuilder::makeNegateNode):
      (JSC::ASTBuilder::makeBitwiseNotNode):
      (JSC::ASTBuilder::makeMultNode):
      (JSC::ASTBuilder::makeDivNode):
      (JSC::ASTBuilder::makeModNode):
      (JSC::ASTBuilder::makeAddNode):
      (JSC::ASTBuilder::makeSubNode):
      (JSC::ASTBuilder::makeLeftShiftNode):
      (JSC::ASTBuilder::makeRightShiftNode):
      (JSC::ASTBuilder::makeURightShiftNode):
      (JSC::ASTBuilder::makeBitOrNode):
      (JSC::ASTBuilder::makeBitAndNode):
      (JSC::ASTBuilder::makeBitXOrNode):
      (JSC::ASTBuilder::makeFunctionCallNode):
      (JSC::ASTBuilder::makeBinaryNode):
      (JSC::ASTBuilder::makeAssignNode):
      (JSC::ASTBuilder::makePrefixNode):
      (JSC::ASTBuilder::makePostfixNode):
      * parser/Lexer.cpp:
      (JSC::Keywords::Keywords):
      (JSC::::Lexer):
      (JSC::::parseIdentifier):
      (JSC::::parseIdentifierSlowCase):
      * parser/Lexer.h:
      (JSC::Keywords::isKeyword):
      (JSC::Keywords::getKeyword):
      (Keywords):
      (Lexer):
      (JSC::::makeIdentifier):
      (JSC::::makeRightSizedIdentifier):
      (JSC::::makeIdentifierLCharFromUChar):
      (JSC::::makeLCharIdentifier):
      * parser/NodeConstructors.h:
      (JSC::ParserArenaFreeable::operator new):
      (JSC::ParserArenaDeletable::operator new):
      (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
      (JSC::PropertyNode::PropertyNode):
      (JSC::ContinueNode::ContinueNode):
      (JSC::BreakNode::BreakNode):
      (JSC::ForInNode::ForInNode):
      * parser/Nodes.cpp:
      (JSC::ScopeNode::ScopeNode):
      (JSC::ProgramNode::ProgramNode):
      (JSC::ProgramNode::create):
      (JSC::EvalNode::EvalNode):
      (JSC::EvalNode::create):
      (JSC::FunctionBodyNode::FunctionBodyNode):
      (JSC::FunctionBodyNode::create):
      * parser/Nodes.h:
      (ParserArenaFreeable):
      (ParserArenaDeletable):
      (ParserArenaRefCounted):
      (ArrayNode):
      (ForInNode):
      (ContinueNode):
      (BreakNode):
      (ScopeNode):
      (ProgramNode):
      (EvalNode):
      (FunctionBodyNode):
      * parser/Parser.cpp:
      (JSC::::Parser):
      (JSC::::parseInner):
      (JSC::::parseSourceElements):
      (JSC::::parseTryStatement):
      (JSC::::parseFunctionBody):
      (JSC::::parseFunctionInfo):
      (JSC::::parseAssignmentExpression):
      (JSC::::parseProperty):
      (JSC::::parsePrimaryExpression):
      (JSC::::parseMemberExpression):
      (JSC::::parseUnaryExpression):
      * parser/Parser.h:
      (JSC):
      (JSC::Scope::Scope):
      (JSC::Scope::declareVariable):
      (JSC::Scope::declareParameter):
      (Scope):
      (Parser):
      (JSC::Parser::pushScope):
      (JSC::::parse):
      (JSC::parse):
      * parser/ParserArena.h:
      (IdentifierArena):
      (JSC::IdentifierArena::makeIdentifier):
      (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
      (JSC::IdentifierArena::makeNumericIdentifier):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::SyntaxChecker):
      (JSC::SyntaxChecker::createProperty):
      (JSC::SyntaxChecker::createGetterOrSetterProperty):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::startProfiling):
      (JSC::LegacyProfiler::stopProfiling):
      * profiler/LegacyProfiler.h:
      (JSC):
      * profiler/ProfilerBytecode.cpp:
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      (JSC::Profiler::BytecodeSequence::addSequenceProperties):
      * profiler/ProfilerBytecodes.cpp:
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerCompilation.cpp:
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompiledBytecode.cpp:
      (JSC::Profiler::CompiledBytecode::toJS):
      * profiler/ProfilerDatabase.cpp:
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::toJS):
      (JSC::Profiler::Database::toJSON):
      * profiler/ProfilerDatabase.h:
      (Database):
      * profiler/ProfilerOSRExit.cpp:
      (JSC::Profiler::OSRExit::toJS):
      * profiler/ProfilerOrigin.cpp:
      (JSC::Profiler::Origin::toJS):
      * profiler/ProfilerProfiledBytecodes.cpp:
      (JSC::Profiler::ProfiledBytecodes::toJS):
      * runtime/ArgList.h:
      (MarkedArgumentBuffer):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      (JSC::Arguments::tearOff):
      (JSC::Arguments::didTearOffActivation):
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      (JSC::Arguments::createStructure):
      (Arguments):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::trySetArgument):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BatchedTransitionOptimizer.h:
      (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
      (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
      (BatchedTransitionOptimizer):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      (JSC::constructBoolean):
      (JSC::constructBooleanFromImmediateBoolean):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::BooleanObject):
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (BooleanObject):
      (JSC::BooleanObject::create):
      (JSC::BooleanObject::createStructure):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/Butterfly.h:
      (JSC):
      (Butterfly):
      * runtime/ButterflyInlines.h:
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::createOrGrowArrayRight):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
      * runtime/CodeCache.h:
      (JSC):
      (JSC::SourceCodeValue::SourceCodeValue):
      (CodeCache):
      * runtime/CommonIdentifiers.cpp:
      (JSC):
      (JSC::CommonIdentifiers::CommonIdentifiers):
      * runtime/CommonIdentifiers.h:
      (CommonIdentifiers):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::DateInstance):
      (JSC::DateInstance::finishCreation):
      (JSC::DateInstance::calculateGregorianDateTime):
      (JSC::DateInstance::calculateGregorianDateTimeUTC):
      * runtime/DateInstance.h:
      (DateInstance):
      (JSC::DateInstance::create):
      (JSC::DateInstance::createStructure):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncToJSON):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.cpp:
      (JSC::createError):
      (JSC::createEvalError):
      (JSC::createRangeError):
      (JSC::createReferenceError):
      (JSC::createSyntaxError):
      (JSC::createTypeError):
      (JSC::createURIError):
      (JSC::addErrorInfo):
      (JSC::throwError):
      * runtime/Error.h:
      (JSC):
      (JSC::StrictModeTypeErrorFunction::create):
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::ErrorInstance):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      (JSC::ErrorInstance::create):
      (ErrorInstance):
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::createInterruptedExecutionException):
      (JSC::createTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC):
      (JSC::InterruptedExecutionError::InterruptedExecutionError):
      (JSC::InterruptedExecutionError::create):
      (JSC::InterruptedExecutionError::createStructure):
      (JSC::TerminatedExecutionError::TerminatedExecutionError):
      (JSC::TerminatedExecutionError::create):
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC::EvalExecutable::EvalExecutable):
      (JSC::ProgramExecutable::ProgramExecutable):
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::checkSyntax):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::initializeGlobalProperties):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
      (JSC::FunctionExecutable::fromGlobalCode):
      * runtime/Executable.h:
      (JSC::ExecutableBase::ExecutableBase):
      (JSC::ExecutableBase::finishCreation):
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::create):
      (JSC::NativeExecutable::createStructure):
      (JSC::NativeExecutable::finishCreation):
      (JSC::NativeExecutable::NativeExecutable):
      (JSC::ScriptExecutable::ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::compile):
      (EvalExecutable):
      (JSC::EvalExecutable::create):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (JSC::ProgramExecutable::compile):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::create):
      (JSC::FunctionExecutable::compileForCall):
      (FunctionExecutable):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      (JSC::FunctionExecutable::createStructure):
      (JSC::JSFunction::JSFunction):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::GCActivityCallback):
      * runtime/GCActivityCallbackBlackBerry.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::GetterSetter):
      (JSC::GetterSetter::create):
      (JSC::GetterSetter::setGetter):
      (JSC::GetterSetter::setSetter):
      (JSC::GetterSetter::createStructure):
      * runtime/Identifier.cpp:
      (JSC::Identifier::add):
      (JSC::Identifier::add8):
      (JSC::Identifier::addSlowCase):
      (JSC::Identifier::from):
      (JSC::Identifier::checkCurrentIdentifierTable):
      * runtime/Identifier.h:
      (JSC::Identifier::Identifier):
      (JSC::Identifier::createLCharFromUChar):
      (Identifier):
      (JSC::Identifier::add):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::InternalFunction):
      (JSC::InternalFunction::finishCreation):
      (JSC::InternalFunction::name):
      (JSC::InternalFunction::displayName):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (InternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      (JSC::JSAPIValueWrapper::finishCreation):
      (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::create):
      (JSC::JSActivation::createStructure):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::ContiguousTypeAccessor::setWithValue):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sortVector):
      * runtime/JSArray.h:
      (JSC::JSArray::JSArray):
      (JSArray):
      (JSC::JSArray::shiftCountForShift):
      (JSC::JSArray::unshiftCountForShift):
      (JSC::JSArray::createStructure):
      (JSC::createContiguousArrayButterfly):
      (JSC::createArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      (JSC::constructArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::JSBoundFunction):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::toStringSlowCase):
      * runtime/JSCJSValue.h:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::allocateCell):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSDateMath.cpp:
      (JSC::getDSTOffset):
      (JSC::getUTCOffset):
      (JSC::parseDate):
      * runtime/JSDestructibleObject.h:
      (JSC::JSDestructibleObject::JSDestructibleObject):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::createAllocationProfile):
      (JSC::JSFunction::name):
      (JSC::JSFunction::displayName):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::deleteProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      (JSC::JSFunction::create):
      (JSC::JSFunction::setScope):
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalData.cpp: Removed.
      * runtime/JSGlobalData.h: Removed.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::setGlobalThis):
      (JSC::JSGlobalObject::init):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::resetPrototype):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
      (JSC::JSGlobalObject::createProgramCodeBlock):
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::create):
      (JSGlobalObject):
      (JSC::JSGlobalObject::finishCreation):
      (JSC::JSGlobalObject::vm):
      (JSC::JSGlobalObject::createStructure):
      (JSC::ExecState::dynamicGlobalObject):
      (JSC::constructEmptyArray):
      (DynamicGlobalObjectScope):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoSetter):
      * runtime/JSLock.cpp:
      (JSC::JSLockHolder::JSLockHolder):
      (JSC::JSLockHolder::init):
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::willDestroyGlobalData):
      (JSC::JSLock::lock):
      (JSC::JSLock::unlock):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (JSLockHolder):
      (JSLock):
      (JSC::JSLock::vm):
      (DropAllLocks):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      (JSC::JSNameScope::finishCreation):
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::JSNotAnObject):
      (JSC::JSNotAnObject::create):
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::JSONObject):
      (JSC::JSONObject::finishCreation):
      (Holder):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::stringify):
      (JSC::Stringifier::toJSON):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::Walker):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      (JSC::JSONStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::rageConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::convertUndecidedForValue):
      (JSC::JSObject::convertInt32ForValue):
      (JSC::JSObject::setIndexQuicklyToUndecided):
      (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
      (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::rageEnsureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::setPrototypeWithCycleCheck):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::seal):
      (JSC::JSObject::freeze):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::reifyStaticFunctionsForDelete):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::putDirectNativeFunction):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
      (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
      (DefineOwnPropertyScope):
      (JSC::JSObject::defineOwnNonIndexProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::putByIndexInline):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectOffset):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::isSealed):
      (JSC::JSObject::isFrozen):
      (JSC::JSObject::flattenDictionaryObject):
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::rageEnsureContiguous):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSObject::ensureLength):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::createStructure):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSFinalObject::JSFinalObject):
      (JSC::JSFinalObject::create):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      (JSC::JSPropertyNameIterator::setCachedStructure):
      (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
      (JSC::JSPropertyNameIterator::finishCreation):
      (JSC::StructureRareData::setEnumerationCache):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget):
      * runtime/JSProxy.h:
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSC::JSProxy::JSProxy):
      (JSC::JSProxy::finishCreation):
      (JSProxy):
      * runtime/JSScope.cpp:
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      * runtime/JSScope.h:
      (JSScope):
      (JSC::JSScope::JSScope):
      (JSC::JSScope::vm):
      (JSC::ExecState::vm):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSString.cpp:
      (JSC::JSRopeString::RopeBuilder::expand):
      (JSC::StringObject::create):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      (JSC::JSString::JSString):
      (JSC::JSString::finishCreation):
      (JSC::JSString::create):
      (JSC::JSString::createHasOtherOwner):
      (JSC::JSString::createStructure):
      (JSRopeString):
      (JSC::JSRopeString::RopeBuilder::RopeBuilder):
      (JSC::JSRopeString::RopeBuilder::append):
      (RopeBuilder):
      (JSC::JSRopeString::JSRopeString):
      (JSC::JSRopeString::finishCreation):
      (JSC::JSRopeString::append):
      (JSC::JSRopeString::createNull):
      (JSC::JSRopeString::create):
      (JSC::jsEmptyString):
      (JSC::jsSingleCharacterString):
      (JSC::jsSingleCharacterSubstring):
      (JSC::jsNontrivialString):
      (JSC::jsString):
      (JSC::jsSubstring):
      (JSC::jsSubstring8):
      (JSC::jsOwnedString):
      (JSC::jsStringBuilder):
      (JSC::inlineJSValueNotStringtoString):
      * runtime/JSStringJoiner.cpp:
      (JSC::JSStringJoiner::build):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::createStructure):
      (JSC::JSWithScope::JSWithScope):
      * runtime/JSWrapperObject.h:
      (JSWrapperObject):
      (JSC::JSWrapperObject::createStructure):
      (JSC::JSWrapperObject::JSWrapperObject):
      (JSC::JSWrapperObject::setInternalValue):
      * runtime/LiteralParser.cpp:
      (JSC::::tryJSONPParse):
      (JSC::::makeIdentifier):
      (JSC::::parse):
      * runtime/Lookup.cpp:
      (JSC::HashTable::createTable):
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::initializeIfNeeded):
      (JSC::HashTable::entry):
      (JSC::HashTable::begin):
      (JSC::HashTable::end):
      (HashTable):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::MathObject):
      (JSC::MathObject::finishCreation):
      (JSC::mathProtoFuncSin):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/MemoryStatistics.cpp:
      * runtime/MemoryStatistics.h:
      * runtime/NameConstructor.cpp:
      (JSC::NameConstructor::finishCreation):
      (JSC::constructPrivateName):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.cpp:
      (JSC::NameInstance::NameInstance):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::create):
      (NameInstance):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::NamePrototype):
      (JSC::NamePrototype::finishCreation):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NativeErrorPrototype.cpp:
      (JSC::NativeErrorPrototype::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      (JSC::constructWithNumberConstructor):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::NumberObject):
      (JSC::NumberObject::finishCreation):
      (JSC::constructNumber):
      * runtime/NumberObject.h:
      (NumberObject):
      (JSC::NumberObject::create):
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::finishCreation):
      (JSC::integerValueToString):
      (JSC::numberProtoFuncToString):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      (JSC::constructEmptyObject):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::objectProtoFuncToString):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      * runtime/Operations.h:
      (JSC):
      (JSC::jsString):
      (JSC::jsStringFromArguments):
      (JSC::normalizePrototypeChainForChainAccess):
      (JSC::normalizePrototypeChain):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      (JSC::PropertyTable::createStructure):
      (PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyNameArray.h:
      (JSC::PropertyNameArray::PropertyNameArray):
      (JSC::PropertyNameArray::vm):
      (JSC::PropertyNameArray::addKnownUnique):
      (PropertyNameArray):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      * runtime/RegExp.cpp:
      (JSC::RegExp::RegExp):
      (JSC::RegExp::finishCreation):
      (JSC::RegExp::createWithoutCaching):
      (JSC::RegExp::create):
      (JSC::RegExp::compile):
      (JSC::RegExp::compileIfNecessary):
      (JSC::RegExp::match):
      (JSC::RegExp::compileMatchOnly):
      (JSC::RegExp::compileIfNecessaryMatchOnly):
      * runtime/RegExp.h:
      (JSC):
      (RegExp):
      (JSC::RegExp::createStructure):
      * runtime/RegExpCache.cpp:
      (JSC::RegExpCache::lookupOrCreate):
      (JSC::RegExpCache::RegExpCache):
      (JSC::RegExpCache::addToStrongCache):
      * runtime/RegExpCache.h:
      (RegExpCache):
      * runtime/RegExpCachedResult.cpp:
      (JSC::RegExpCachedResult::lastResult):
      (JSC::RegExpCachedResult::setInput):
      * runtime/RegExpCachedResult.h:
      (JSC::RegExpCachedResult::RegExpCachedResult):
      (JSC::RegExpCachedResult::record):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::RegExpConstructor):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (RegExpConstructor):
      (JSC::RegExpConstructor::performMatch):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      (JSC::RegExpMatchesArray::reifyAllProperties):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::RegExpObject):
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::match):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::create):
      (JSC::RegExpObject::setRegExp):
      (JSC::RegExpObject::setLastIndex):
      (JSC::RegExpObject::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SmallStrings.cpp:
      (JSC::SmallStrings::initializeCommonStrings):
      (JSC::SmallStrings::createEmptyString):
      (JSC::SmallStrings::createSingleCharacterString):
      (JSC::SmallStrings::initialize):
      * runtime/SmallStrings.h:
      (JSC):
      (JSC::SmallStrings::singleCharacterString):
      (SmallStrings):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::put):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation):
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::create):
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::StringObject):
      (JSC::StringObject::finishCreation):
      (JSC::constructString):
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      (JSC::StringObject::createStructure):
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::StringPrototype):
      (JSC::StringPrototype::finishCreation):
      (JSC::removeUsingRegExpSearch):
      (JSC::replaceUsingRegExpSearch):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      (JSC::StringRecursionChecker::~StringRecursionChecker):
      * runtime/Structure.cpp:
      (JSC::StructureTransitionTable::add):
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::toCacheableDictionaryTransition):
      (JSC::Structure::toUncacheableDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::allocateRareData):
      (JSC::Structure::cloneRareDataFrom):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::finishCreation):
      (JSC::Structure::setPrototypeWithoutTransition):
      (JSC::Structure::setGlobalObject):
      (JSC::Structure::setObjectToStringValue):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::setPreviousID):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::StructureChain):
      * runtime/StructureChain.h:
      (JSC::StructureChain::create):
      (JSC::StructureChain::createStructure):
      (JSC::StructureChain::finishCreation):
      (StructureChain):
      * runtime/StructureInlines.h:
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      (JSC::Structure::get):
      (JSC::Structure::setEnumerationCache):
      (JSC::Structure::prototypeChain):
      (JSC::Structure::propertyTable):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::create):
      (JSC::StructureRareData::clone):
      (JSC::StructureRareData::StructureRareData):
      * runtime/StructureRareData.h:
      (StructureRareData):
      * runtime/StructureRareDataInlines.h:
      (JSC::StructureRareData::setPreviousID):
      (JSC::StructureRareData::setObjectToStringValue):
      * runtime/StructureTransitionTable.h:
      (StructureTransitionTable):
      (JSC::StructureTransitionTable::setSingleTransition):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::create):
      (JSC::SharedSymbolTable::createStructure):
      (JSC::SharedSymbolTable::SharedSymbolTable):
      * runtime/VM.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalData.cpp.
      (JSC::VM::VM):
      (JSC::VM::~VM):
      (JSC::VM::createContextGroup):
      (JSC::VM::create):
      (JSC::VM::createLeaked):
      (JSC::VM::sharedInstanceExists):
      (JSC::VM::sharedInstance):
      (JSC::VM::sharedInstanceInternal):
      (JSC::VM::getHostFunction):
      (JSC::VM::ClientData::~ClientData):
      (JSC::VM::resetDateCache):
      (JSC::VM::startSampling):
      (JSC::VM::stopSampling):
      (JSC::VM::discardAllCode):
      (JSC::VM::dumpSampleData):
      (JSC::VM::addSourceProviderCache):
      (JSC::VM::clearSourceProviderCaches):
      (JSC::VM::releaseExecutableMemory):
      (JSC::releaseExecutableMemory):
      (JSC::VM::gatherConservativeRoots):
      (JSC::VM::addRegExpToTrace):
      (JSC::VM::dumpRegExpTrace):
      * runtime/VM.h: Copied from Source/JavaScriptCore/runtime/JSGlobalData.h.
      (VM):
      (JSC::VM::isSharedInstance):
      (JSC::VM::usingAPI):
      (JSC::VM::isInitializingObject):
      (JSC::VM::setInitializingObjectClass):
      (JSC::WeakSet::heap):
      * runtime/WriteBarrier.h:
      (JSC):
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::setMayBeNull):
      (JSC::WriteBarrierBase::setEarlyValue):
      (JSC::WriteBarrier::WriteBarrier):
      * testRegExp.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (main):
      (testOneRegExp):
      (parseRegExpLine):
      (runFromFiles):
      (realMain):
      * yarr/YarrInterpreter.h:
      (BytecodePattern):
      * yarr/YarrJIT.cpp:
      (YarrGenerator):
      (JSC::Yarr::YarrGenerator::compile):
      (JSC::Yarr::jitCompile):
      * yarr/YarrJIT.h:
      (JSC):
      
      ../WebCore: 
      
      * ForwardingHeaders/runtime/JSGlobalData.h: Removed.
      * ForwardingHeaders/runtime/VM.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalData.h.
      * WebCore.exp.in:
      * WebCore.order:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * bindings/js/DOMObjectHashTableMap.cpp:
      (WebCore::DOMObjectHashTableMap::mapFor):
      * bindings/js/DOMObjectHashTableMap.h:
      (JSC):
      (DOMObjectHashTableMap):
      * bindings/js/DOMWrapperWorld.cpp:
      (WebCore::DOMWrapperWorld::DOMWrapperWorld):
      (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
      (WebCore::normalWorld):
      (WebCore::mainThreadNormalWorld):
      * bindings/js/DOMWrapperWorld.h:
      (WebCore::DOMWrapperWorld::create):
      (WebCore::DOMWrapperWorld::vm):
      (DOMWrapperWorld):
      (WebCore):
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::get):
      (WebCore::set):
      (WebCore::deserializeIDBValue):
      (WebCore::deserializeIDBValueBuffer):
      (WebCore::idbKeyToScriptValue):
      * bindings/js/JSCallbackData.h:
      (WebCore::JSCallbackData::JSCallbackData):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver):
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::getHashTableForGlobalData):
      (WebCore::reportException):
      (WebCore::cacheDOMStructure):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::DOMConstructorWithDocument::finishCreation):
      (WebCore::getDOMStructure):
      (WebCore::setInlineCachedWrapper):
      (WebCore):
      (WebCore::jsStringWithCache):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::finishCreation):
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::JSDOMWindowBase::updateDocument):
      (WebCore::JSDOMWindowBase::commonVM):
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::setLocation):
      (WebCore::DialogHandler::dialogCreated):
      (WebCore::DialogHandler::returnValue):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::finishCreation):
      (WebCore::JSDOMWindowShell::setWindow):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::create):
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSDOMWrapper.h:
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::createAccelerationObject):
      (WebCore::createRotationRateObject):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDictionary.h:
      (WebCore::JSDictionary::JSDictionary):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::setWrapper):
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::all):
      (WebCore::JSHTMLDocument::setAll):
      * bindings/js/JSHTMLTemplateElementCustom.cpp:
      (WebCore::JSHTMLTemplateElement::content):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::state):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::functionDetails):
      (WebCore::getJSListenerFunctions):
      (WebCore::JSInjectedScriptHost::getEventListeners):
      (WebCore::JSInjectedScriptHost::inspect):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::JSMessageEvent::data):
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSMutationCallback.cpp:
      (WebCore::JSMutationCallback::call):
      * bindings/js/JSMutationObserverCustom.cpp:
      (WebCore::JSMutationObserverConstructor::constructJSMutationObserver):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCondition.h:
      (WebCore::JSNodeFilterCondition::create):
      (JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::toNodeFilter):
      * bindings/js/JSPopStateEventCustom.cpp:
      (WebCore::cacheState):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JSSQLResultSetRowListCustom.cpp:
      (WebCore::JSSQLResultSetRowList::item):
      * bindings/js/JSWorkerContextBase.cpp:
      (WebCore::JSWorkerContextBase::JSWorkerContextBase):
      (WebCore::JSWorkerContextBase::finishCreation):
      * bindings/js/JSWorkerContextBase.h:
      (WebCore::JSWorkerContextBase::createStructure):
      (JSWorkerContextBase):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::ScheduledAction):
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScheduledAction.h:
      (WebCore::ScheduledAction::ScheduledAction):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      (WebCore::createScriptArguments):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::createWindowShell):
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::createWorld):
      (WebCore::ScriptController::getAllWorlds):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::clearScriptObjects):
      (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandler):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptGCEvent.cpp:
      (WebCore::ScriptGCEvent::getHeapSize):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptObject::ScriptObject):
      (WebCore::ScriptGlobalObject::set):
      * bindings/js/ScriptState.h:
      (WebCore):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::deserialize):
      * bindings/js/ScriptValue.h:
      (WebCore::ScriptValue::ScriptValue):
      * bindings/js/ScriptWrappable.h:
      (JSC):
      (ScriptWrappable):
      * bindings/js/ScriptWrappableInlines.h:
      (WebCore::ScriptWrappable::setWrapper):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::readTerminal):
      (WebCore::SerializedScriptValue::deserializeForInspector):
      (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
      * bindings/js/WebCoreJSClientData.h:
      (WebCoreJSClientData):
      (WebCore::initNormalWorldClientData):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::WorkerScriptController):
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::scheduleExecutionTermination):
      (WebCore::WorkerScriptController::isExecutionTerminating):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/js/WorkerScriptController.h:
      (JSC):
      (WebCore::WorkerScriptController::vm):
      (WorkerScriptController):
      * bindings/js/WorkerScriptDebugServer.cpp:
      (WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateCallbackImplementation):
      (JSValueToNative):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::getJSFloat64ArrayConstructorTable):
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::getJSFloat64ArrayPrototypeTable):
      (WebCore::getJSFloat64ArrayTable):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::createPrototype):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::create):
      (WebCore::JSFloat64Array::createStructure):
      (JSFloat64Array):
      (WebCore::JSFloat64ArrayPrototype::create):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayPrototype::JSFloat64ArrayPrototype):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::createPrototype):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::create):
      (WebCore::JSTestActiveDOMObject::createStructure):
      (JSTestActiveDOMObject):
      (WebCore::JSTestActiveDOMObjectPrototype::create):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::createPrototype):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::create):
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (JSTestCustomNamedGetter):
      (WebCore::JSTestCustomNamedGetterPrototype::create):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::create):
      (WebCore::JSTestEventConstructor::createStructure):
      (JSTestEventConstructor):
      (WebCore::JSTestEventConstructorPrototype::create):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::createPrototype):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      (WebCore::JSTestEventTarget::createStructure):
      (JSTestEventTarget):
      (WebCore::JSTestEventTargetPrototype::create):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::createPrototype):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::create):
      (WebCore::JSTestException::createStructure):
      (JSTestException):
      (WebCore::JSTestExceptionPrototype::create):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::createPrototype):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::create):
      (WebCore::JSTestInterface::createStructure):
      (JSTestInterface):
      (WebCore::JSTestInterfacePrototype::create):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::createPrototype):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::create):
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (JSTestMediaQueryListListener):
      (WebCore::JSTestMediaQueryListListenerPrototype::create):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::create):
      (WebCore::JSTestNamedConstructor::createStructure):
      (JSTestNamedConstructor):
      (WebCore::JSTestNamedConstructorPrototype::create):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::createPrototype):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::create):
      (WebCore::JSTestNode::createStructure):
      (JSTestNode):
      (WebCore::JSTestNodePrototype::create):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodePrototype::JSTestNodePrototype):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::createPrototype):
      (WebCore::jsTestObjCachedAttribute1):
      (WebCore::jsTestObjCachedAttribute2):
      (WebCore::setJSTestObjConditionalAttr4Constructor):
      (WebCore::setJSTestObjConditionalAttr5Constructor):
      (WebCore::setJSTestObjConditionalAttr6Constructor):
      (WebCore::setJSTestObjAnyAttribute):
      (WebCore::setJSTestObjReplaceableAttribute):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::create):
      (WebCore::JSTestObj::createStructure):
      (JSTestObj):
      (WebCore::JSTestObjPrototype::create):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjPrototype::JSTestObjPrototype):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::createPrototype):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::create):
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (JSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsPrototype::create):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::createPrototype):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::create):
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (JSTestSerializedScriptValueInterface):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::create):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::createPrototype):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::create):
      (WebCore::JSTestTypedefs::createStructure):
      (JSTestTypedefs):
      (WebCore::JSTestTypedefsPrototype::create):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::createStructure):
      (ObjCRuntimeMethod::finishCreation):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (JSC::RuntimeMethod::createStructure):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      (JSC::Bindings::RuntimeObject::finishCreation):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::RootObject):
      (JSC::Bindings::RootObject::gcProtect):
      (JSC::Bindings::RootObject::gcUnprotect):
      (JSC::Bindings::RootObject::updateGlobalObject):
      (JSC::Bindings::RootObject::addRuntimeObject):
      * bridge/runtime_root.h:
      (RootObject):
      * dom/Node.cpp:
      * dom/Node.h:
      (JSC):
      * dom/ScriptExecutionContext.cpp:
      (WebCore::ScriptExecutionContext::vm):
      * dom/ScriptExecutionContext.h:
      (JSC):
      (ScriptExecutionContext):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * inspector/ScriptArguments.cpp:
      (WebCore::ScriptArguments::ScriptArguments):
      * loader/icon/IconDatabaseBase.cpp:
      (WebCore):
      (WebCore::iconDatabase):
      (WebCore::setGlobalIconDatabase):
      * platform/qt/MemoryUsageSupportQt.cpp:
      (WebCore::memoryUsageKB):
      (WebCore::actualMemoryUsageKB):
      * platform/win/ClipboardUtilitiesWin.cpp:
      (WebCore::createGlobalData):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::platformStart):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      ../WebKit/blackberry: 
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebKitSupport/AboutData.cpp:
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::javaScriptObjectsCount):
      
      ../WebKit/efl: 
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::javaScriptObjectsCount):
      
      ../WebKit/gtk: 
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      ../WebKit/mac: 
      
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.h:
      (LocalObjectMap):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::LocalObjectMap::idForObject):
      (WebKit::NetscapePluginInstanceProxy::getWindowNPObject):
      (WebKit::NetscapePluginInstanceProxy::getPluginElementNPObject):
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::createStructure):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::create):
      (WebKit::ProxyRuntimeObject::createStructure):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebKit.order:
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.mm:
      (WebScriptDebugger::WebScriptDebugger):
      
      ../WebKit/qt: 
      
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::javaScriptObjectsCount):
      * WebCoreSupport/QWebFrameAdapter.cpp:
      (QWebFrameAdapter::addToJavaScriptWindowObject):
      
      ../WebKit/win: 
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      
      ../WebKit2: 
      
      * Shared/linux/WebMemorySamplerLinux.cpp:
      (WebKit::WebMemorySampler::sampleWebKit):
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      (WebKit::JSNPMethod::createStructure):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::JSNPObject):
      (WebKit::JSNPObject::finishCreation):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (WebKit::JSNPObject::create):
      (WebKit::JSNPObject::createStructure):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::create):
      (WebKit::NPJSObject::initialize):
      * WebProcess/Plugins/Netscape/NPJSObject.h:
      (JSC):
      (NPJSObject):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
      (JSC):
      (NPRuntimeObjectMap):
      * WebProcess/Plugins/PluginView.cpp:
      (WebKit::PluginView::windowScriptNPObject):
      (WebKit::PluginView::pluginElementNPObject):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148696 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a9a4b52
  8. 19 Feb, 2013 2 commits
  9. 13 Feb, 2013 1 commit
    • oliver@apple.com's avatar
      Remove unnecessary indirection to non-local variable access operations · 951c7f58
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=109724
      
      Reviewed by Filip Pizlo.
      
      Linked bytecode now stores a direct pointer to the resolve operation
      vectors, so the interpreter no longer needs a bunch of indirection to
      to perform non-local lookup.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/Instruction.h:
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canInlineOpcode):
      * dfg/DFGGraph.h:
      (ResolveGlobalData):
      (ResolveOperationData):
      (PutToBaseOperationData):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_put_to_base):
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emitSlow_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emitSlow_op_resolve_base):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emitSlow_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_put_to_base):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_put_to_base):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142769 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      951c7f58
  10. 29 Jan, 2013 1 commit
    • ggaren@apple.com's avatar
      Static size inference for JavaScript objects · c862eacf
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=108093
      
      Reviewed by Phil Pizlo.
      
      ../JavaScriptCore: 
      
      * API/JSObjectRef.cpp:
      * JavaScriptCore.order:
      * JavaScriptCore.xcodeproj/project.pbxproj: Pay the tax man.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode): op_new_object and op_create_this now
      have an extra inferredInlineCapacity argument. This is the statically
      inferred inline capacity, just from analyzing source text. op_new_object
      also gets a pointer to an allocation profile. (For op_create_this, the
      profile is in the construtor function.)
      
      (JSC::CodeBlock::CodeBlock): Link op_new_object.
      
      (JSC::CodeBlock::stronglyVisitStrongReferences): Mark our profiles.
      
      * bytecode/CodeBlock.h:
      (CodeBlock): Removed some dead code. Added object allocation profiles.
      
      * bytecode/Instruction.h:
      (JSC): New union type, since an instruction operand may point to an
      object allocation profile now.
      
      * bytecode/ObjectAllocationProfile.h: Added.
      (JSC):
      (ObjectAllocationProfile):
      (JSC::ObjectAllocationProfile::offsetOfAllocator):
      (JSC::ObjectAllocationProfile::offsetOfStructure):
      (JSC::ObjectAllocationProfile::ObjectAllocationProfile):
      (JSC::ObjectAllocationProfile::isNull):
      (JSC::ObjectAllocationProfile::initialize):
      (JSC::ObjectAllocationProfile::structure):
      (JSC::ObjectAllocationProfile::inlineCapacity):
      (JSC::ObjectAllocationProfile::clear):
      (JSC::ObjectAllocationProfile::visitAggregate):
      (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount): New class
      for tracking a prediction about object allocation: structure, inline
      capacity, allocator to use.
      
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName): Updated instruction sizes.
      
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC):
      (JSC::UnlinkedCodeBlock::addObjectAllocationProfile):
      (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles):
      (UnlinkedCodeBlock): Unlinked support for allocation profiles.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::generate): Kill all remaining analyses at the
      end of codegen, since this is our last opportunity.
      
      (JSC::BytecodeGenerator::BytecodeGenerator): Added a static property
      analyzer to bytecode generation. It tracks initializing assignments and
      makes a guess about how many will happen.
      
      (JSC::BytecodeGenerator::newObjectAllocationProfile):
      (JSC):
      (JSC::BytecodeGenerator::emitProfiledOpcode):
      (JSC::BytecodeGenerator::emitMove):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitPutGetterSetter):
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::emitGetByVal): Added hooks to the static property
      analyzer, so it can observe allocations and stores.
      
      (JSC::BytecodeGenerator::emitCreateThis): Factored this into a helper
      function because it was a significant amount of logic, and I wanted to
      add to it.
      
      (JSC::BytecodeGenerator::emitNewObject):
      (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitCallVarargs):
      (JSC::BytecodeGenerator::emitConstruct): Added a hook to profiled opcodes
      to track their stores, in case a store kills a profiled allocation. Since
      profiled opcodes are basically the only interesting stores we do, this
      is a convenient place to notice any store that might kill an allocation.
      
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator): As above.
      
      * bytecompiler/StaticPropertyAnalysis.h: Added.
      (JSC):
      (StaticPropertyAnalysis):
      (JSC::StaticPropertyAnalysis::create):
      (JSC::StaticPropertyAnalysis::addPropertyIndex):
      (JSC::StaticPropertyAnalysis::record):
      (JSC::StaticPropertyAnalysis::propertyIndexCount):
      (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis): Simple helper
      class for tracking allocations and stores.
      
      * bytecompiler/StaticPropertyAnalyzer.h: Added.
      (StaticPropertyAnalyzer):
      (JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):
      (JSC::StaticPropertyAnalyzer::createThis):
      (JSC::StaticPropertyAnalyzer::newObject):
      (JSC::StaticPropertyAnalyzer::putById):
      (JSC::StaticPropertyAnalyzer::mov):
      (JSC::StaticPropertyAnalyzer::kill): Helper class for observing allocations
      and stores and making an inline capacity guess. The heuristics here are
      intentionally minimal because we don't want this one class to try to
      re-create something like a DFG or a runtime analysis. If we discover that
      we need those kinds of analyses, we should just replace this class with
      something else.
      
      This class tracks multiple registers that alias the same object -- that
      happens a lot, when moving locals into temporary registers -- but it
      doesn't track control flow or multiple objects that alias the same register.
      
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute): Updated for rename.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock): Updated for inline capacity and
      allocation profile.
      
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasInlineCapacity):
      (Node):
      (JSC::DFG::Node::inlineCapacity):
      (JSC::DFG::Node::hasFunction): Give the graph a good way to represent
      inline capacity for an allocation.
      
      * dfg/DFGNodeType.h:
      (DFG): Updated for rename.
      
      * dfg/DFGOperations.cpp: Updated for interface change.
      
      * dfg/DFGOperations.h: We pass the inline capacity to the slow case as
      an argument. This is the simplest way, since it's stored as a bytecode operand.
      
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate): Updated for rename.
      
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID): Fixed a horrible off-by-one-half bug that only
      appears when doing an inline cached load for property number 64 on a 32-bit
      system. In JSVALUE32_64 land, "offsetRelativeToPatchedStorage" is the
      offset of the 64bit JSValue -- but we'll actually issue two loads, one for
      the payload at that offset, and one for the tag at that offset + 4. We need
      to ensure that both loads have a compact representation, or we'll corrupt
      the instruction stream.
      
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): Lots of refactoring to support
      passing an allocator to our allocation function, and/or passing a Structure
      as a register instead of an immediate.
      
      * heap/MarkedAllocator.h:
      (DFG):
      (MarkedAllocator):
      (JSC::MarkedAllocator::offsetOfFreeListHead): Added an accessor to simplify
      JIT code generation of allocation from an arbitrary allocator.
      
      * jit/JIT.h:
      (JSC):
      * jit/JITInlines.h:
      (JSC):
      (JSC::JIT::emitAllocateJSObject):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emitSlow_op_new_object):
      (JSC::JIT::emit_op_create_this):
      (JSC::JIT::emitSlow_op_create_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emitSlow_op_new_object):
      (JSC::JIT::emit_op_create_this):
      (JSC::JIT::emitSlow_op_create_this): Same refactoring as done for the DFG.
      
      * jit/JITStubs.cpp:
      (JSC::tryCacheGetByID): Fixed the same bug mentioned above.
      
      (JSC::DEFINE_STUB_FUNCTION): Updated for interface changes.
      
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions): Updated for interface changes.
      
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Same refactoring as for the JITs.
      
      * profiler/ProfilerBytecode.cpp:
      * profiler/ProfilerBytecodes.cpp:
      * profiler/ProfilerCompilation.cpp:
      * profiler/ProfilerCompiledBytecode.cpp:
      * profiler/ProfilerDatabase.cpp:
      * profiler/ProfilerOSRExit.cpp:
      * profiler/ProfilerOrigin.cpp:
      * profiler/ProfilerProfiledBytecodes.cpp: Include ObjectConstructor.h
      because that's where createEmptyObject() lives now.
      
      * runtime/Executable.h:
      (JSC::JSFunction::JSFunction): Updated for rename.
      
      * runtime/JSCellInlines.h:
      (JSC::allocateCell): Updated to match the allocator selection code in
      the JIT, so it's clearer that both are correct.
      
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::createAllocationProfile):
      (JSC::JSFunction::visitChildren):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::put):
      (JSC::JSFunction::defineOwnProperty):
      (JSC::JSFunction::getConstructData):
      * runtime/JSFunction.h:
      (JSC::JSFunction::offsetOfScopeChain):
      (JSC::JSFunction::offsetOfExecutable):
      (JSC::JSFunction::offsetOfAllocationProfile):
      (JSC::JSFunction::allocationProfile):
      (JSFunction):
      (JSC::JSFunction::tryGetAllocationProfile):
      (JSC::JSFunction::addAllocationProfileWatchpoint): Changed inheritorID
      data member to be an ObjectAllocationProfile, which includes a pointer
      to the desired allocator. This simplifies JIT code, since we don't have
      to compute the allocator on the fly. I verified by code inspection that
      JSFunction is still only 64 bytes.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::dateStructure): No direct pointer to the empty
      object structure anymore, because now clients need to specify how much
      inline capacity they want.
      
      * runtime/JSONObject.cpp:
      * runtime/JSObject.h:
      (JSC):
      (JSFinalObject):
      (JSC::JSFinalObject::defaultInlineCapacity):
      (JSC::JSFinalObject::maxInlineCapacity):
      (JSC::JSFinalObject::createStructure): A little refactoring to try to 
      clarify where some of these constants derive from.
      
      (JSC::maxOffsetRelativeToPatchedStorage): Used for bug fix, above.
      
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget): Ugly, but effective.
      
      * runtime/LiteralParser.cpp:
      * runtime/ObjectConstructor.cpp:
      (JSC::constructObject):
      (JSC::constructWithObjectConstructor):
      (JSC::callObjectConstructor):
      (JSC::objectConstructorCreate): Updated for interface changes.
      
      * runtime/ObjectConstructor.h:
      (JSC::constructEmptyObject): Clarified your options for how to allocate
      an empty object, to emphasize what things can actually vary.
      
      * runtime/PropertyOffset.h: These constants have moved because they're
      really higher level concepts to do with the layout of objects and the
      collector. PropertyOffset is just an abstract number line, independent
      of those things.
      
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
      * runtime/PrototypeMap.h:
      (PrototypeMap): The map key is now a pair of prototype and inline capacity,
      since Structure encodes inline capacity.
      
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::copyPropertyTableForPinning):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::totalStorageSize):
      (JSC::Structure::transitionCount):
      (JSC::Structure::create): Fixed a nasty refactoring bug that only shows
      up after enabling variable-sized inline capacities: we were passing our
      type info where our inline capacity was expected. The compiler didn't
      notice because both have type int :(.
      
      ../WebCore: 
      
      * ForwardingHeaders/runtime/ObjectConstructor.h: Added.
      
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      * bindings/js/JSSQLResultSetRowListCustom.cpp: Include ObjectConstructor.h because
      that's where createEmptyObject() is located now.
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::deserialize): Updated for interface change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141050 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c862eacf
  11. 08 Nov, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should infer when indexed storage contains only integers or doubles · 75c91a79
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98606
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      This adds two new indexing types: int32 and double. It also adds array allocation profiling,
      which allows array allocations to converge to allocating arrays using those types to which
      those arrays would have been converted.
              
      20% speed-up on navier-stokes. 40% speed-up on various Kraken DSP tests. Some slow-downs too,
      but a performance win overall on all benchmarks we track.
      
      * API/JSObjectRef.cpp:
      (JSObjectMakeArray):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/AbstractMacroAssembler.h:
      (JumpList):
      (JSC::AbstractMacroAssembler::JumpList::JumpList):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::branchDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::jnp):
      (X86Assembler):
      (JSC::X86Assembler::X86InstructionFormatter::emitRex):
      * bytecode/ArrayAllocationProfile.cpp: Added.
      (JSC):
      (JSC::ArrayAllocationProfile::updateIndexingType):
      * bytecode/ArrayAllocationProfile.h: Added.
      (JSC):
      (ArrayAllocationProfile):
      (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
      (JSC::ArrayAllocationProfile::selectIndexingType):
      (JSC::ArrayAllocationProfile::updateLastAllocation):
      (JSC::ArrayAllocationProfile::selectIndexingTypeFor):
      (JSC::ArrayAllocationProfile::updateLastAllocationFor):
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::updatedObservedArrayModes):
      (JSC):
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModesInclude):
      (JSC::shouldUseSlowPutArrayStorage):
      (JSC::shouldUseFastArrayStorage):
      (JSC::shouldUseContiguous):
      (JSC::shouldUseDouble):
      (JSC::shouldUseInt32):
      (ArrayProfile):
      * bytecode/ByValInfo.h:
      (JSC::isOptimizableIndexingType):
      (JSC::jitArrayModeForIndexingType):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC):
      (JSC::CodeBlock::updateAllValueProfilePredictions):
      (JSC::CodeBlock::updateAllArrayPredictions):
      (JSC::CodeBlock::updateAllPredictions):
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::numberOfArrayAllocationProfiles):
      (JSC::CodeBlock::addArrayAllocationProfile):
      (JSC::CodeBlock::updateAllValueProfilePredictions):
      (JSC::CodeBlock::updateAllArrayPredictions):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/SpeculatedType.h:
      (JSC):
      (JSC::isRealNumberSpeculation):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC):
      (JSC::UnlinkedCodeBlock::addArrayAllocationProfile):
      (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles):
      (UnlinkedCodeBlock):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::newArrayAllocationProfile):
      (JSC):
      (JSC::BytecodeGenerator::emitNewArray):
      (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::fromObserved):
      (JSC::DFG::ArrayMode::refine):
      (DFG):
      (JSC::DFG::ArrayMode::alreadyChecked):
      (JSC::DFG::arrayTypeToString):
      * dfg/DFGArrayMode.h:
      (JSC::DFG::ArrayMode::withType):
      (ArrayMode):
      (JSC::DFG::ArrayMode::withTypeAndConversion):
      (JSC::DFG::ArrayMode::usesButterfly):
      (JSC::DFG::ArrayMode::isSpecific):
      (JSC::DFG::ArrayMode::supportsLength):
      (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getArrayMode):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
      (JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal):
      (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (NewArrayBufferData):
      (JSC::DFG::Node::hasIndexingType):
      (Node):
      (JSC::DFG::Node::indexingType):
      (JSC::DFG::Node::setIndexingType):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
      (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
      (DFG):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (SpeculateIntegerOperand):
      (JSC::DFG::SpeculateIntegerOperand::use):
      (SpeculateDoubleOperand):
      (JSC::DFG::SpeculateDoubleOperand::use):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.h:
      (JSC::JIT::emitInt32GetByVal):
      (JIT):
      (JSC::JIT::emitInt32PutByVal):
      (JSC::JIT::emitDoublePutByVal):
      (JSC::JIT::emitContiguousPutByVal):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      * jit/JITInlineMethods.h:
      (JSC::arrayProfileSaw):
      (JSC::JIT::chooseArrayMode):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emit_op_new_array_with_size):
      (JSC::JIT::emit_op_new_array_buffer):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitDoubleGetByVal):
      (JSC):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitGenericContiguousPutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitDoubleGetByVal):
      (JSC):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitGenericContiguousPutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h:
      (JSC):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/x86.rb:
      * runtime/ArrayConstructor.cpp:
      (JSC::constructArrayWithSizeQuirk):
      * runtime/ArrayConstructor.h:
      (JSC):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      * runtime/Butterfly.h:
      (JSC::Butterfly::contiguousInt32):
      (JSC::Butterfly::contiguousDouble):
      (JSC::Butterfly::fromContiguous):
      * runtime/ButterflyInlineMethods.h:
      (JSC::Butterfly::createUninitializedDuringCollection):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/IndexingHeaderInlineMethods.h:
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypes):
      (JSC):
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      (JSC::leastUpperBoundOfIndexingTypeAndValue):
      (JSC::indexingTypeToString):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasUndecided):
      (JSC::hasInt32):
      (JSC::hasDouble):
      * runtime/JSArray.cpp:
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::compareNumbersForQSortWithInt32):
      (JSC):
      (JSC::compareNumbersForQSortWithDouble):
      (JSC::JSArray::sortNumericVector):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sort):
      (JSC::JSArray::sortVector):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSArray):
      (JSC::createContiguousArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::originalArrayStructureForIndexingType):
      (JSC::JSGlobalObject::arrayStructureForIndexingTypeDuringAllocation):
      (JSC::JSGlobalObject::arrayStructureForProfileDuringAllocation):
      (JSC::JSGlobalObject::isOriginalArrayStructure):
      (JSC::constructEmptyArray):
      (JSC::constructArray):
      * runtime/JSObject.cpp:
      (JSC::JSObject::copyButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::convertUndecidedForValue):
      (JSC::JSObject::convertInt32ForValue):
      (JSC::JSObject::setIndexQuicklyToUndecided):
      (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
      (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::countElements):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::canSetIndexQuicklyForPutDirect):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::hasSparseMap):
      (JSC::JSObject::inSparseIndexingMode):
      (JSObject):
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureLength):
      (JSC::JSObject::indexingData):
      (JSC::JSObject::currentIndexingData):
      (JSC::JSObject::getHolyIndexQuickly):
      (JSC::JSObject::relevantLength):
      (JSC::JSObject::currentRelevantLength):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetOwnPropertyNames):
      (JSC::objectConstructorKeys):
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSplit):
      * runtime/Structure.cpp:
      (JSC::Structure::nonPropertyTransition):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      Source/WebCore: 
      
      Just refactoring WebCore to pass 0 for the ArrayAllocationProfile*.
      
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::webkitLineDash):
      * bindings/js/JSClipboardCustom.cpp:
      (WebCore::JSClipboard::types):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::jsArray):
      * bindings/js/JSDOMBinding.h:
      (WebCore::jsArray):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::getJSListenerFunctions):
      * bindings/js/JSJavaScriptCallFrameCustom.cpp:
      (WebCore::JSJavaScriptCallFrame::scopeChain):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::JSMessageEvent::ports):
      * bindings/js/JSMutationCallbackCustom.cpp:
      (WebCore::JSMutationCallback::handleEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::toJS):
      (WebCore::JSWebGLRenderingContext::getAttachedShaders):
      (WebCore::JSWebGLRenderingContext::getSupportedExtensions):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::deserialize):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      75c91a79
  12. 27 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      jneq_ptr shouldn't have a pointer · 1271fa3a
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97739
      
      Reviewed by Oliver Hunt.
      
      Slamming pointers directly into bytecode is sometimes cool, but in this case it's
      unwieldy and confusing. Switched the instruction to use an enum instead. This has
      zero effect on code gen behavior in the JITs. In the LLInt, there is now more
      indirection, but that doesn't affect benchmarks.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/SpecialPointer.cpp: Added.
      (JSC):
      (JSC::actualPointerFor):
      * bytecode/SpecialPointer.h: Added.
      (JSC):
      (JSC::pointerIsFunction):
      (JSC::pointerIsCell):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
      (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_jneq_ptr):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_jneq_ptr):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::actualPointerFor):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129713 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1271fa3a
  13. 25 Sep, 2012 1 commit
    • mark.lam@apple.com's avatar
      Deleting the classic interpreter and cleaning up some build options. · 74a9e837
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96969.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (AbstractPC):
      * interpreter/CallFrame.h:
      (ExecState):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getLineNumberForCallFrame):
      (JSC::getCallerInfo):
      (JSC::getSourceURLFromCallFrame):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      (JSC::Interpreter::retrieveCallerFromVMCode):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC::Interpreter::getOpcodeID):
      (Interpreter):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
      * offlineasm/asm.rb:
      * offlineasm/offsets.rb:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::NativeExecutable::create):
      (NativeExecutable):
      (JSC::NativeExecutable::finishCreation):
      * runtime/JSGlobalData.cpp:
      (JSC):
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::getHostFunction):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      (JSC::JSGlobalData::canUseJIT):
      (JSC::JSGlobalData::canUseRegExpJIT):
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      
      Source/WebKit/blackberry: 
      
      * WebCoreSupport/AboutDataEnableFeatures.in:
      
      Source/WTF: 
      
      * wtf/OSAllocatorPosix.cpp:
      (WTF::OSAllocator::reserveAndCommit):
      * wtf/Platform.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129453 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      74a9e837
  14. 15 Aug, 2012 1 commit
    • fpizlo@apple.com's avatar
      Array checks should use the structure, not the class info · f24804c6
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=93150
      
      Reviewed by Mark Hahnenberg.
      
      This changes all array checks used in array accesses (get, put, get length,
      push, pop) to use the structure, not the class info. Additionally, these
      checks in the LLInt and baseline JIT record the structure in an ArrayProfile,
      so that the DFG can know exactly what structure to check for.
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.cpp: Added.
      (JSC):
      (JSC::ArrayProfile::computeUpdatedPrediction):
      * bytecode/ArrayProfile.h: Added.
      (JSC):
      (JSC::arrayModeFromStructure):
      (ArrayProfile):
      (JSC::ArrayProfile::ArrayProfile):
      (JSC::ArrayProfile::bytecodeOffset):
      (JSC::ArrayProfile::addressOfLastSeenStructure):
      (JSC::ArrayProfile::observeStructure):
      (JSC::ArrayProfile::expectedStructure):
      (JSC::ArrayProfile::structureIsPolymorphic):
      (JSC::ArrayProfile::hasDefiniteStructure):
      (JSC::ArrayProfile::observedArrayModes):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::getArrayProfile):
      (JSC):
      (JSC::CodeBlock::getOrAddArrayProfile):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::executionEntryCount):
      (JSC::CodeBlock::numberOfArrayProfiles):
      (JSC::CodeBlock::arrayProfiles):
      (JSC::CodeBlock::addArrayProfile):
      (CodeBlock):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::emitGetByVal):
      (JSC::BytecodeGenerator::emitPutByVal):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::StructureAbstractValue::hasSingleton):
      (StructureAbstractValue):
      (JSC::DFG::StructureAbstractValue::singleton):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::speculateArray):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::classInfoOffset):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125637 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f24804c6
  15. 09 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      It should be possible to jettison JIT stub routines even if they are currently running · 746b8c5b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90731
      
      Reviewed by Gavin Barraclough.
              
      This gives the GC awareness of all JIT-generated stubs for inline caches. That
      means that if you want to delete a JIT-generated stub, you don't have to worry
      about whether or not it is currently running: if there is a chance that it might
      be, the GC will kindly defer deletion until non-running-ness is proved.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/Instruction.h:
      (JSC):
      (PolymorphicStubInfo):
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.cpp:
      (JSC::PutByIdAccess::fromStructureStubInfo):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      (JSC::PutByIdAccess::stubRoutine):
      (PutByIdAccess):
      (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::reset):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      * heap/ConservativeRoots.cpp:
      (JSC):
      (DummyMarkHook):
      (JSC::DummyMarkHook::mark):
      (JSC::ConservativeRoots::add):
      (CompositeMarkHook):
      (JSC::CompositeMarkHook::CompositeMarkHook):
      (JSC::CompositeMarkHook::mark):
      * heap/ConservativeRoots.h:
      (JSC):
      (ConservativeRoots):
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      (JSC):
      (Heap):
      * heap/JITStubRoutineSet.cpp: Added.
      (JSC):
      (JSC::JITStubRoutineSet::JITStubRoutineSet):
      (JSC::JITStubRoutineSet::~JITStubRoutineSet):
      (JSC::JITStubRoutineSet::add):
      (JSC::JITStubRoutineSet::clearMarks):
      (JSC::JITStubRoutineSet::markSlow):
      (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
      (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
      * heap/JITStubRoutineSet.h: Added.
      (JSC):
      (JITStubRoutineSet):
      (JSC::JITStubRoutineSet::mark):
      * heap/MachineStackMarker.h:
      (JSC):
      * interpreter/RegisterFile.cpp:
      (JSC::RegisterFile::gatherConservativeRoots):
      * interpreter/RegisterFile.h:
      (JSC):
      * jit/ExecutableAllocator.cpp:
      (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC):
      (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
      * jit/GCAwareJITStubRoutine.cpp: Added.
      (JSC):
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::~GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
      (JSC::GCAwareJITStubRoutine::deleteFromGC):
      (JSC::GCAwareJITStubRoutine::markRequiredObjectsInternal):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::~MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::markRequiredObjectsInternal):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h: Added.
      (JSC):
      (GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::markRequiredObjects):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubRoutine.cpp: Added.
      (JSC):
      (JSC::JITStubRoutine::~JITStubRoutine):
      (JSC::JITStubRoutine::observeZeroRefCount):
      * jit/JITStubRoutine.h: Added.
      (JSC):
      (JITStubRoutine):
      (JSC::JITStubRoutine::JITStubRoutine):
      (JSC::JITStubRoutine::createSelfManagedRoutine):
      (JSC::JITStubRoutine::code):
      (JSC::JITStubRoutine::asCodePtr):
      (JSC::JITStubRoutine::ref):
      (JSC::JITStubRoutine::deref):
      (JSC::JITStubRoutine::startAddress):
      (JSC::JITStubRoutine::endAddress):
      (JSC::JITStubRoutine::addressStep):
      (JSC::JITStubRoutine::canPerformRangeFilter):
      (JSC::JITStubRoutine::filteringStartAddress):
      (JSC::JITStubRoutine::filteringExtentSize):
      (JSC::JITStubRoutine::passesFilter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@122166 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      746b8c5b
  16. 13 Jun, 2012 3 commits
    • fpizlo@apple.com's avatar
      DFG should be able to set watchpoints on global variables · b75911b2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88692
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Rolling back in after fixing Windows build issues, and implementing
      branchTest8 for the Qt port's strange assemblers.
              
      This implements global variable constant folding by allowing the optimizing
      compiler to set a "watchpoint" on globals that it wishes to constant fold.
      If the watchpoint fires, then an OSR exit is forced by overwriting the
      machine code that the optimizing compiler generated with a jump.
              
      As such, this patch is adding quite a bit of stuff:
              
      - Jump replacement on those hardware targets supported by the optimizing
        JIT. It is now possible to patch in a jump instruction over any recorded
        watchpoint label. The jump must be "local" in the sense that it must be
        within the range of the largest jump distance supported by a one
        instruction jump.
                
      - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
        that records the location where a jump must be inserted and the
        destination to which it should jump. Watchpoints can be added to a
        WatchpointSet. The WatchpointSet can be fired all at once, which plants
        all jumps. WatchpointSet also remembers if it had ever been invalidated,
        which allows for monotonicity: we typically don't want to optimize using
        watchpoints on something for which watchpoints had previously fired. The
        act of notifying a WatchpointSet has a trivial fast path in case no
        Watchpoints are registered (one-byte load+branch).
              
      - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
        except that you don't have to emit branches. But, you need to know what
        WatchpointSet to add the resulting Watchpoint to. Not everything that
        you could write a speculationCheck() for will have a WatchpointSet that
        would get notified if the condition you were speculating against became
        invalid.
                
      - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
        do so without incurring any space overhead for those entries that don't
        have WatchpointSets.
                
      - The bytecode generator infers all global function variables to be
        watchable, and makes all stores perform the WatchpointSet's write check,
        and marks all loads as being potentially watchable (i.e. you can compile
        them to a watchpoint and a constant).
              
      Put together, this allows for fully sleazy inlining of calls to globally
      declared functions. The inline prologue will no longer contain the load of
      the function, or any checks of the function you're calling. I.e. it's
      pretty much like the kind of inlining you would see in Java or C++.
      Furthermore, the watchpointing functionality is built to be fairly general,
      and should allow setting watchpoints on all sorts of interesting things
      in the future.
              
      The sleazy inlining means that we will now sometimes inline in code paths
      that have never executed. Previously, to inline we would have either had
      to have executed the call (to read the call's inline cache) or have
      executed the method check (to read the method check's inline cache). Now,
      we might inline when the callee is a watched global variable. This
      revealed some humorous bugs. First, constant folding disagreed with CFA
      over what kinds of operations can clobber (example: code path A is dead
      but stores a String into variable X, all other code paths store 0 into
      X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
      clobbering constant, but constant folding thought it was clobbering
      because it saw the String prediction). Second, inlining would crash if
      the inline callee had not been compiled. This patch fixes both bugs,
      since otherwise run-javascriptcore-tests would report regressions.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::ARMv7Assembler):
      (JSC::ARMv7Assembler::labelForWatchpoint):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::replaceWithJump):
      (JSC::ARMv7Assembler::maxJumpReplacementSize):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      (JSC::AbstractMacroAssembler::watchpointLabel):
      (JSC::AbstractMacroAssembler::readPointer):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::branchTest8):
      (MacroAssemblerARM):
      (JSC::MacroAssemblerARM::replaceWithJump):
      (JSC::MacroAssemblerARM::maxJumpReplacementSize):
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::load8Signed):
      (JSC::MacroAssemblerARMv7::load16Signed):
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::replaceWithJump):
      (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
      (JSC::MacroAssemblerARMv7::branchTest8):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::branchTest8):
      (MacroAssemblerMIPS):
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::branchTest8):
      (MacroAssemblerSH4):
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::branchTest8):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::replaceWithJump):
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::X86Assembler):
      (X86Assembler):
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::testb_im):
      (JSC::X86Assembler::labelForWatchpoint):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::replaceWithJump):
      (JSC::X86Assembler::maxJumpReplacementSize):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (CodeBlock):
      (JSC::CodeBlock::appendWatchpoint):
      (JSC::CodeBlock::numberOfWatchpoints):
      (JSC::CodeBlock::watchpoint):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeForChain):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Added.
      (JSC):
      (JSC::Watchpoint::~Watchpoint):
      (JSC::Watchpoint::correctLabels):
      (JSC::Watchpoint::fire):
      (JSC::WatchpointSet::WatchpointSet):
      (JSC::WatchpointSet::~WatchpointSet):
      (JSC::WatchpointSet::add):
      (JSC::WatchpointSet::notifyWriteSlow):
      (JSC::WatchpointSet::fireAllWatchpoints):
      * bytecode/Watchpoint.h: Added.
      (JSC):
      (Watchpoint):
      (JSC::Watchpoint::Watchpoint):
      (JSC::Watchpoint::setDestination):
      (WatchpointSet):
      (JSC::WatchpointSet::isStillValid):
      (JSC::WatchpointSet::hasBeenInvalidated):
      (JSC::WatchpointSet::startWatching):
      (JSC::WatchpointSet::notifyWrite):
      (JSC::WatchpointSet::addressOfIsWatched):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      (JSC::DFG::AbstractState::didClobber):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (CCallHelpers):
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (CSEPhase):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      (JSC::DFG::CorrectableJumpPoint::isSet):
      (CorrectableJumpPoint):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (Node):
      (JSC::DFG::Node::identifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCall):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (LLInt):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Added.
      (JSC):
      (JSC::SymbolTableEntry::copySlow):
      (JSC::SymbolTableEntry::freeFatEntrySlow):
      (JSC::SymbolTableEntry::couldBeWatched):
      (JSC::SymbolTableEntry::attemptToWatch):
      (JSC::SymbolTableEntry::addressOfIsWatched):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTableEntry::inflateSlow):
      * runtime/SymbolTable.h:
      (JSC):
      (SymbolTableEntry):
      (Fast):
      (JSC::SymbolTableEntry::Fast::Fast):
      (JSC::SymbolTableEntry::Fast::isNull):
      (JSC::SymbolTableEntry::Fast::getIndex):
      (JSC::SymbolTableEntry::Fast::isReadOnly):
      (JSC::SymbolTableEntry::Fast::getAttributes):
      (JSC::SymbolTableEntry::Fast::isFat):
      (JSC::SymbolTableEntry::SymbolTableEntry):
      (JSC::SymbolTableEntry::~SymbolTableEntry):
      (JSC::SymbolTableEntry::operator=):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (JSC::SymbolTableEntry::getFast):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      (FatEntry):
      (JSC::SymbolTableEntry::FatEntry::FatEntry):
      (JSC::SymbolTableEntry::isFat):
      (JSC::SymbolTableEntry::fatEntry):
      (JSC::SymbolTableEntry::inflate):
      (JSC::SymbolTableEntry::bits):
      (JSC::SymbolTableEntry::freeFatEntry):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
              
      Added ability to set the inline capacity of segmented vectors.
              
      Also added the ability ot ASSERT_NOT_REACHED() without having to
      propagate NO_RETURN macros, which would be a show-stopper for code
      that is conditionally unreachable.
      
      * wtf/Assertions.h:
      (UNREACHABLE_FOR_PLATFORM):
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
              
      Added a test for watchpoints. Also updated the jsc-test-list to include the latest
      tests.
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Added.
      * fast/js/dfg-call-function-hit-watchpoint.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Added.
      (foo):
      (bar):
      (.foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120244 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b75911b2
    • zandobersek@gmail.com's avatar
      Unreviewed, rolling out r120172. · 88d53735
      zandobersek@gmail.com authored
      http://trac.webkit.org/changeset/120172
      https://bugs.webkit.org/show_bug.cgi?id=88976
      
      The patch causes compilation failures on Gtk, Qt and Apple Win
      bots (Requested by zdobersek on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-06-13
      
      Source/JavaScriptCore: 
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::nop):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::readPointer):
      (ARMv7Assembler):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::nop):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      * assembler/MacroAssemblerSH4.h:
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::moveWithPatch):
      * assembler/MacroAssemblerX86Common.h:
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::codeSize):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Removed.
      * bytecode/Watchpoint.h: Removed.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCallSetResult):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      * jit/JITPropertyAccess32_64.cpp:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Removed.
      * runtime/SymbolTable.h:
      (JSC):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (SymbolTableEntry):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Removed.
      * fast/js/dfg-call-function-hit-watchpoint.html: Removed.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120175 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      88d53735
    • fpizlo@apple.com's avatar
      DFG should be able to set watchpoints on global variables · b6c5eeb7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88692
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      This implements global variable constant folding by allowing the optimizing
      compiler to set a "watchpoint" on globals that it wishes to constant fold.
      If the watchpoint fires, then an OSR exit is forced by overwriting the
      machine code that the optimizing compiler generated with a jump.
              
      As such, this patch is adding quite a bit of stuff:
              
      - Jump replacement on those hardware targets supported by the optimizing
        JIT. It is now possible to patch in a jump instruction over any recorded
        watchpoint label. The jump must be "local" in the sense that it must be
        within the range of the largest jump distance supported by a one
        instruction jump.
                
      - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
        that records the location where a jump must be inserted and the
        destination to which it should jump. Watchpoints can be added to a
        WatchpointSet. The WatchpointSet can be fired all at once, which plants
        all jumps. WatchpointSet also remembers if it had ever been invalidated,
        which allows for monotonicity: we typically don't want to optimize using
        watchpoints on something for which watchpoints had previously fired. The
        act of notifying a WatchpointSet has a trivial fast path in case no
        Watchpoints are registered (one-byte load+branch).
              
      - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
        except that you don't have to emit branches. But, you need to know what
        WatchpointSet to add the resulting Watchpoint to. Not everything that
        you could write a speculationCheck() for will have a WatchpointSet that
        would get notified if the condition you were speculating against became
        invalid.
                
      - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
        do so without incurring any space overhead for those entries that don't
        have WatchpointSets.
                
      - The bytecode generator infers all global function variables to be
        watchable, and makes all stores perform the WatchpointSet's write check,
        and marks all loads as being potentially watchable (i.e. you can compile
        them to a watchpoint and a constant).
              
      Put together, this allows for fully sleazy inlining of calls to globally
      declared functions. The inline prologue will no longer contain the load of
      the function, or any checks of the function you're calling. I.e. it's
      pretty much like the kind of inlining you would see in Java or C++.
      Furthermore, the watchpointing functionality is built to be fairly general,
      and should allow setting watchpoints on all sorts of interesting things
      in the future.
              
      The sleazy inlining means that we will now sometimes inline in code paths
      that have never executed. Previously, to inline we would have either had
      to have executed the call (to read the call's inline cache) or have
      executed the method check (to read the method check's inline cache). Now,
      we might inline when the callee is a watched global variable. This
      revealed some humorous bugs. First, constant folding disagreed with CFA
      over what kinds of operations can clobber (example: code path A is dead
      but stores a String into variable X, all other code paths store 0 into
      X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
      clobbering constant, but constant folding thought it was clobbering
      because it saw the String prediction). Second, inlining would crash if
      the inline callee had not been compiled. This patch fixes both bugs,
      since otherwise run-javascriptcore-tests would report regressions.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::ARMv7Assembler):
      (JSC::ARMv7Assembler::labelForWatchpoint):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::replaceWithJump):
      (JSC::ARMv7Assembler::maxJumpReplacementSize):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      (JSC::AbstractMacroAssembler::watchpointLabel):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::replaceWithJump):
      (MacroAssemblerARM):
      (JSC::MacroAssemblerARM::maxJumpReplacementSize):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::replaceWithJump):
      (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
      (JSC::MacroAssemblerARMv7::branchTest8):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (MacroAssemblerMIPS):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (MacroAssemblerSH4):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::branchTest8):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::replaceWithJump):
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::X86Assembler):
      (X86Assembler):
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::testb_im):
      (JSC::X86Assembler::labelForWatchpoint):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::replaceWithJump):
      (JSC::X86Assembler::maxJumpReplacementSize):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (CodeBlock):
      (JSC::CodeBlock::appendWatchpoint):
      (JSC::CodeBlock::numberOfWatchpoints):
      (JSC::CodeBlock::watchpoint):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Added.
      (JSC):
      (JSC::Watchpoint::~Watchpoint):
      (JSC::Watchpoint::correctLabels):
      (JSC::Watchpoint::fire):
      (JSC::WatchpointSet::WatchpointSet):
      (JSC::WatchpointSet::~WatchpointSet):
      (JSC::WatchpointSet::add):
      (JSC::WatchpointSet::notifyWriteSlow):
      (JSC::WatchpointSet::fireAllWatchpoints):
      * bytecode/Watchpoint.h: Added.
      (JSC):
      (Watchpoint):
      (JSC::Watchpoint::Watchpoint):
      (JSC::Watchpoint::setDestination):
      (WatchpointSet):
      (JSC::WatchpointSet::isStillValid):
      (JSC::WatchpointSet::hasBeenInvalidated):
      (JSC::WatchpointSet::startWatching):
      (JSC::WatchpointSet::notifyWrite):
      (JSC::WatchpointSet::addressOfIsWatched):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      (JSC::DFG::AbstractState::didClobber):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (CCallHelpers):
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (CSEPhase):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      (JSC::DFG::CorrectableJumpPoint::isSet):
      (CorrectableJumpPoint):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (Node):
      (JSC::DFG::Node::identifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCall):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::JITThunks):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (LLInt):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Added.
      (JSC):
      (JSC::SymbolTableEntry::copySlow):
      (JSC::SymbolTableEntry::freeFatEntrySlow):
      (JSC::SymbolTableEntry::couldBeWatched):
      (JSC::SymbolTableEntry::attemptToWatch):
      (JSC::SymbolTableEntry::addressOfIsWatched):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTableEntry::inflateSlow):
      * runtime/SymbolTable.h:
      (JSC):
      (SymbolTableEntry):
      (Fast):
      (JSC::SymbolTableEntry::Fast::Fast):
      (JSC::SymbolTableEntry::Fast::isNull):
      (JSC::SymbolTableEntry::Fast::getIndex):
      (JSC::SymbolTableEntry::Fast::isReadOnly):
      (JSC::SymbolTableEntry::Fast::getAttributes):
      (JSC::SymbolTableEntry::Fast::isFat):
      (JSC::SymbolTableEntry::SymbolTableEntry):
      (JSC::SymbolTableEntry::~SymbolTableEntry):
      (JSC::SymbolTableEntry::operator=):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (JSC::SymbolTableEntry::getFast):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      (FatEntry):
      (JSC::SymbolTableEntry::FatEntry::FatEntry):
      (JSC::SymbolTableEntry::isFat):
      (JSC::SymbolTableEntry::fatEntry):
      (JSC::SymbolTableEntry::inflate):
      (JSC::SymbolTableEntry::bits):
      (JSC::SymbolTableEntry::freeFatEntry):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
              
      Added ability to set the inline capacity of segmented vectors.
      
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
              
      Added a test for watchpoints. Also updated the jsc-test-list to include the latest
      tests.
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Added.
      * fast/js/dfg-call-function-hit-watchpoint.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Added.
      (foo):
      (bar):
      (.foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120172 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b6c5eeb7
  17. 07 Jun, 2012 1 commit
    • fpizlo@apple.com's avatar
      Global object variable accesses should not require an extra load · 26af9b61
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88385
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
              
      Previously, if you wanted to access a global variable, you'd first have
      to load the register array from the appropriate global object and then
      either load or store at an offset to the register array. This is because
      JSGlobalObject inherited from JSVariableObject, and JSVariableObject is
      designed with the pessimistic assumption that its register array may
      point into the call stack. This is never the case for global objects.
      Hence, even though the global object may add more registers at any time,
      it does not need to store them in a contiguous array. It can use a
      SegmentedVector or similar.
              
      This patch refactors global objects and variable objects as follows:
              
      - The functionality to track variables in an indexable array using a
        SymbolTable to map names to indices is moved into JSSymbolTableObject,
        which is now a supertype of JSVariableObject. JSVariableObject is now
        just a holder for a registers array and implements the registerAt()
        method that is left abstract in JSSymbolTableObject. Because all users
        of JSVariableObject know whether they are a JSStaticScopeObject,
        JSActivation, or JSGlobalObject, this "abstract" method is not virtual;
        instead the utility methods that would call registerAt() are now
        template functions that require you to know statically what subtype of
        JSSymbolTableObject you're using (JSVariableObject or something else),
        so that registerAt() can be statically bound.
              
      - A new class is added called JSSegmentedVariableObject, which only
        differs from JSVariableObject in how it allocates registers. It uses a
        SegmentedVector instead of manually managing a pointer to a contiguous
        slab of registers. This changes the interface somewhat; for example
        with JSVariableObject if you wanted to add a register you had to do
        it yourself since the JSVariableObject didn't know how the registers
        array ought to be allocated. With JSSegmentedVariableObject you can
        just call addRegisters(). JSSegmentedVariableObject preserves the
        invariant that once you get a pointer into a register, that pointer
        will continue to be valid so long as the JSSegmentedVariableObject is
        alive. This allows the JITs and interpreters to skip the extra load.
              
      - JSGlobalObject now inherits from JSSegmentedVariableObject. For now
        (and possibly forever) it is the only subtype of this new class.
              
      - The bytecode format is changed so that get_global_var and
        put_global_var have a pointer to the register directly rather than
        having an index. A convenience method is provided in
        JSSegmentedVariableObject to get the index given a a pointer, which is
        used for assertions and debug dumps.
              
      This appears to be a 1% across the board win.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::registerPointer):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::retrieveLastUnaryOp):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (ResolveResult):
      (BytecodeGenerator):
      * dfg/DFGAssemblyHelpers.h:
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::globalObjectFor):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasVarNumber):
      (Node):
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::registerPointer):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::isWriteBarrierEnabled):
      (JSC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC):
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::visitChildren):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      * runtime/JSSegmentedVariableObject.cpp: Added.
      (JSC):
      (JSC::JSSegmentedVariableObject::findRegisterIndex):
      (JSC::JSSegmentedVariableObject::addRegisters):
      (JSC::JSSegmentedVariableObject::visitChildren):
      * runtime/JSSegmentedVariableObject.h: Added.
      (JSC):
      (JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::registerAt):
      (JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject):
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSSymbolTableObject.cpp: Added.
      (JSC):
      (JSC::JSSymbolTableObject::destroy):
      (JSC::JSSymbolTableObject::deleteProperty):
      (JSC::JSSymbolTableObject::getOwnPropertyNames):
      (JSC::JSSymbolTableObject::putDirectVirtual):
      (JSC::JSSymbolTableObject::isDynamicScope):
      * runtime/JSSymbolTableObject.h: Added.
      (JSC):
      (JSSymbolTableObject):
      (JSC::JSSymbolTableObject::symbolTable):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::JSVariableObject):
      (JSC::JSVariableObject::finishCreation):
      (JSC):
      * runtime/WriteBarrier.h:
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
      
      Updated JSDOMWindowBase.cpp to use the new symbol table API. this->symbolTableFoo(...)
      becomes symbolTableFoo(this, ...).
                      
      No new tests because no change in behavior.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::updateDocument):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119655 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      26af9b61
  18. 22 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 7bbcaab7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108444 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7bbcaab7
  19. 21 Feb, 2012 2 commits
    • aroben@apple.com's avatar
      Roll out r108309, r108323, and r108326 · e089d623
      aroben@apple.com authored
      They broke the 32-bit Lion build.
      
      Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      * bytecode/BytecodeConventions.h: Removed.
      * bytecode/CallLinkStatus.cpp:
      * bytecode/CallLinkStatus.h:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/GetByIdStatus.cpp:
      * bytecode/GetByIdStatus.h:
      * bytecode/Instruction.h:
      * bytecode/LLIntCallLinkInfo.h: Removed.
      * bytecode/MethodCallLinkStatus.cpp:
      * bytecode/Opcode.cpp:
      * bytecode/Opcode.h:
      * bytecode/PutByIdStatus.cpp:
      * bytecode/PutByIdStatus.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCapabilities.h:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      * heap/MarkStack.cpp:
      * heap/MarkedAllocator.h:
      * heap/MarkedSpace.h:
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * interpreter/Interpreter.h:
      * interpreter/RegisterFile.h:
      * jit/ExecutableAllocator.h:
      * jit/HostCallReturnValue.cpp: Removed.
      * jit/HostCallReturnValue.h: Removed.
      * jit/JIT.cpp:
      * jit/JITCode.h:
      * jit/JITDriver.h:
      * jit/JITExceptions.cpp:
      * jit/JITInlineMethods.h:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/JSInterfaceJIT.h:
      * llint/LLIntCommon.h: Removed.
      * llint/LLIntData.cpp: Removed.
      * llint/LLIntData.h: Removed.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntExceptions.cpp: Removed.
      * llint/LLIntExceptions.h: Removed.
      * llint/LLIntOfflineAsmConfig.h: Removed.
      * llint/LLIntOffsetsExtractor.cpp: Removed.
      * llint/LLIntSlowPaths.cpp: Removed.
      * llint/LLIntSlowPaths.h: Removed.
      * llint/LLIntThunks.cpp: Removed.
      * llint/LLIntThunks.h: Removed.
      * llint/LowLevelInterpreter.asm: Removed.
      * llint/LowLevelInterpreter.cpp: Removed.
      * llint/LowLevelInterpreter.h: Removed.
      * offlineasm/armv7.rb: Removed.
      * offlineasm/asm.rb: Removed.
      * offlineasm/ast.rb: Removed.
      * offlineasm/backends.rb: Removed.
      * offlineasm/generate_offset_extractor.rb: Removed.
      * offlineasm/instructions.rb: Removed.
      * offlineasm/offset_extractor_constants.rb: Removed.
      * offlineasm/offsets.rb: Removed.
      * offlineasm/opt.rb: Removed.
      * offlineasm/parser.rb: Removed.
      * offlineasm/registers.rb: Removed.
      * offlineasm/self_hash.rb: Removed.
      * offlineasm/settings.rb: Removed.
      * offlineasm/transform.rb: Removed.
      * offlineasm/x86.rb: Removed.
      * runtime/CodeSpecializationKind.h: Removed.
      * runtime/CommonSlowPaths.h:
      * runtime/Executable.cpp:
      * runtime/Executable.h:
      * runtime/ExecutionHarness.h: Removed.
      * runtime/JSArray.h:
      * runtime/JSCell.h:
      * runtime/JSFunction.h:
      * runtime/JSGlobalData.cpp:
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.h:
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSString.h:
      * runtime/JSTypeInfo.h:
      * runtime/JSValue.cpp:
      * runtime/JSValue.h:
      * runtime/JSVariableObject.h:
      * runtime/Options.cpp:
      * runtime/Options.h:
      * runtime/ScopeChain.h:
      * runtime/Structure.cpp:
      * runtime/Structure.h:
      * runtime/StructureChain.h:
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      * wtf/text/StringImpl.h:
      
      Source/WebCore:
      
      * CMakeLists.txt:
      
      Source/WebKit:
      
      * CMakeLists.txt:
      
      Tools:
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108358 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e089d623
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 091129f4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108309 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      091129f4
  20. 17 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER · 5b966d01
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=78791
      
      Rubber stamped by Oliver Hunt.
              
      Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
      COMPUTED_GOTO_CLASSIC_INTERPRETER.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC::padOpcodeName):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (AbstractPC):
      * interpreter/CallFrame.h:
      (ExecState):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (Interpreter):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (NativeExecutable):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::getHostFunction):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * wtf/OSAllocatorPosix.cpp:
      (WTF::OSAllocator::reserveAndCommit):
      * wtf/Platform.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108020 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5b966d01
  21. 20 Jan, 2012 1 commit
    • fpizlo@apple.com's avatar
      Bytecode instructions that may have value profiling should have a direct inline · afcf9040
      fpizlo@apple.com authored
      link to the ValueProfile instance
      https://bugs.webkit.org/show_bug.cgi?id=76682
      <rdar://problem/10727689>
      
      Reviewed by Sam Weinig.
              
      Each opcode that gets value profiled now has a link to its ValueProfile. This
      required rationalizing the emission of value profiles for opcode combos, like
      op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
      sense for one of them to have a value profile link, and it makes most sense
      for it to be the one that actually sets the result. The previous behavior was
      to have op_method_check profile for op_get_by_id when they were used together,
      but otherwise for op_get_by_id to have its own profiles. op_call already did
      the right thing; all profiling was done by op_call_put_result.
              
      But rationalizing this code required breaking some of the natural boundaries
      that the code had; for instance the code in DFG that emits a GetById in place
      of both op_method_check and op_get_by_id must now know that it's the latter of
      those that has the value profile, while the first of those constitutes the OSR
      target. Hence each CodeOrigin must now have two bytecode indices - one for
      OSR exit and one for profiling.
              
      Finally this change required some refiddling of our optimization heuristics,
      because now all code blocks have "more instructions" due to the value profile
      slots.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::valueProfileForBytecodeOffset):
      * bytecode/CodeOrigin.h:
      (JSC::CodeOrigin::CodeOrigin):
      (JSC::CodeOrigin::bytecodeIndexForValueProfile):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitProfiledOpcode):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitGetScopedVar):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitGetByVal):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitCallVarargs):
      (JSC::BytecodeGenerator::emitConstruct):
      * bytecompiler/BytecodeGenerator.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::currentCodeOrigin):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getPrediction):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueProfileFor):
      * jit/JIT.h:
      (JSC::JIT::emitValueProfilingSite):
      * jit/JITCall.cpp:
      (JSC::JIT::emit_op_call_put_result):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emit_op_call_put_result):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitValueProfilingSite):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_global_dynamic):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_method_check):
      (JSC::JIT::emitSlow_op_method_check):
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC::JIT::emit_op_get_global_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_method_check):
      (JSC::JIT::emitSlow_op_method_check):
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC::JIT::emit_op_get_global_var):
      * jit/JITStubCall.h:
      (JSC::JITStubCall::callWithValueProfiling):
      * runtime/Options.cpp:
      (JSC::Options::initializeOptions):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105533 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      afcf9040
  22. 17 Jan, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should be able to do JS and custom getter caching · dc03dc54
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=76361
      <rdar://problem/10698060>
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoff Garen.
              
      Added the ability to cache JS getter calls and custom getter calls in the DFG.
      Most of this is pretty mundane, since the old JIT supported this functionality
      as well. But a couple interesting things had to happen:
              
      - There are now two variants of GetById: GetById, which works as before, and
        GetByIdFlush, which flushes registers prior to doing the GetById. Only
        GetByIdFlush can be used for caching getters. We detect which GetById style
        to use by looking at the inline caches of the old JIT.
              
      - Exception handling for getter calls planted in stubs uses a separate lookup
        handler routine, which uses the CodeOrigin stored in the StructureStubInfo.
                
      This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of
      the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and
      Kraken.
      
      * bytecode/StructureStubInfo.h:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::willNeedFlush):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupResults):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
      (JSC::DFG::JITCompiler::addExceptionCheck):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifier):
      (JSC::DFG::Node::hasHeapPrediction):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::compile):
      
      LayoutTests: 
      
      Reviewed by Geoff Garen.
              
      * fast/js/dfg-custom-getter-expected.txt: Added.
      * fast/js/dfg-custom-getter-throw-expected.txt: Added.
      * fast/js/dfg-custom-getter-throw-inlined-expected.txt: Added.
      * fast/js/dfg-custom-getter-throw-inlined.html: Added.
      * fast/js/dfg-custom-getter-throw.html: Added.
      * fast/js/dfg-custom-getter.html: Added.
      * fast/js/dfg-getter-expected.txt: Added.
      * fast/js/dfg-getter-throw-expected.txt: Added.
      * fast/js/dfg-getter-throw.html: Added.
      * fast/js/dfg-getter.html: Added.
      * fast/js/script-tests/dfg-custom-getter-throw-inlined.js: Added.
      (foo):
      (baz):
      (bar):
      * fast/js/script-tests/dfg-custom-getter-throw.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-custom-getter.js: Added.
      (foo):
      * fast/js/script-tests/dfg-getter-throw.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-getter.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105107 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dc03dc54
  23. 21 Nov, 2011 1 commit
    • fpizlo@apple.com's avatar
      Inline caches that refer to otherwise dead objects should be cleared · a147a4d3
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=72311
      
      Reviewed by Geoff Garen.
      
      DFG code blocks now participate in the weak reference harvester fixpoint
      so that they only consider themselves to be live if either they are
      currently executing, or their owner is live and all of their weak references
      are live. If not, the relevant code blocks are jettisoned.
      
      Inline caches in both the old JIT and the DFG are now cleared if any of
      their references are not marked at the end of a GC.
      
      This is performance-neutral on SunSpider, V8, and Kraken. With the clear-
      all-code-on-GC policy that we currently have, it shows a slight reduction
      in memory usage. If we turn that policy off, it's pretty easy to come up
      with an example program that will cause ToT to experience linear heap
      growth, while with this patch, the heap stays small and remains at a
      constant size.
      
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::readCallTarget):
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::readCallTarget):
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::readCallTarget):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::readCallTarget):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::performTracingFixpointIteration):
      (JSC::CodeBlock::visitWeakReferences):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC::MethodCallLinkInfo::reset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::reoptimize):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      * bytecode/Instruction.h:
      (JSC::PolymorphicAccessStructureList::visitWeak):
      * bytecode/StructureStubInfo.cpp:
      (JSC::StructureStubInfo::visitWeakReferences):
      * bytecode/StructureStubInfo.h:
      (JSC::isGetByIdAccess):
      (JSC::isPutByIdAccess):
      (JSC::StructureStubInfo::reset):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGOperations.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::dfgRepatchByIdSelfAccess):
      (JSC::DFG::dfgResetGetByID):
      (JSC::DFG::dfgResetPutByID):
      * dfg/DFGRepatch.h:
      (JSC::DFG::dfgResetGetByID):
      (JSC::DFG::dfgResetPutByID):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::resetPatchGetById):
      (JSC::JIT::resetPatchPutById):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::resetPatchGetById):
      (JSC::JIT::resetPatchPutById):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITWriteBarrier.h:
      (JSC::JITWriteBarrierBase::clearToMaxUnsigned):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100880 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a147a4d3
  24. 03 Oct, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG should speculate more aggressively on obvious cases on · 752f7d98
      fpizlo@apple.com authored
      polymorphic get_by_id
      https://bugs.webkit.org/show_bug.cgi?id=69235
      
      Reviewed by Oliver Hunt.
              
      This implements trivial polymorphic get_by_id. It also fixes
      problems in the CSE for CheckStructure in the put_by_id
      transition case.
              
      Doing this required knowing whether a polymorphic get_by_id stub
      was doing a direct access rather than a call of some kind.
              
      Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
      scaled mean of all benchmarks.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Instruction.h:
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::cellConstant):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addStructureSet):
      (JSC::DFG::Graph::addStructureTransitionData):
      * dfg/DFGNode.h:
      (JSC::DFG::StructureTransitionData::StructureTransitionData):
      (JSC::DFG::Node::hasStructureTransitionData):
      (JSC::DFG::Node::structureTransitionData):
      (JSC::DFG::Node::hasStructureSet):
      (JSC::DFG::Node::structureSet):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::checkStructureLoadElimination):
      (JSC::DFG::Propagator::performNodeCSE):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureSet.h: Added.
      (JSC::DFG::StructureSet::StructureSet):
      (JSC::DFG::StructureSet::add):
      (JSC::DFG::StructureSet::addAll):
      (JSC::DFG::StructureSet::remove):
      (JSC::DFG::StructureSet::contains):
      (JSC::DFG::StructureSet::isSubsetOf):
      (JSC::DFG::StructureSet::isSupersetOf):
      (JSC::DFG::StructureSet::size):
      (JSC::DFG::StructureSet::at):
      (JSC::DFG::StructureSet::operator[]):
      (JSC::DFG::StructureSet::last):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96527 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      752f7d98
  25. 11 Sep, 2011 1 commit
    • fpizlo@apple.com's avatar
      The executable allocator makes it difficult to free individual · e6a7f5fb
      fpizlo@apple.com authored
      chunks of executable memory
      https://bugs.webkit.org/show_bug.cgi?id=66363
      
      Reviewed by Oliver Hunt.
              
      Introduced a best-fit, balanced-tree based allocator. The allocator
      required a balanced tree that does not allocate memory and that
      permits the removal of individual nodes directly (as opposed to by
      key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
      Changed all references to executable code to use a reference counted
      handle.
      
      Source/JavaScriptCore: 
      
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/WTF/WTF.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/LinkBuffer.h:
      (JSC::LinkBuffer::LinkBuffer):
      (JSC::LinkBuffer::finalizeCode):
      (JSC::LinkBuffer::linkCode):
      * assembler/MacroAssemblerCodeRef.h:
      (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
      (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
      (JSC::MacroAssemblerCodeRef::executableMemory):
      (JSC::MacroAssemblerCodeRef::code):
      (JSC::MacroAssemblerCodeRef::size):
      (JSC::MacroAssemblerCodeRef::operator!):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * bytecode/CodeBlock.h:
      * bytecode/Instruction.h:
      * bytecode/StructureStubInfo.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::tryCachePutByID):
      * jit/ExecutableAllocator.cpp:
      (JSC::ExecutableAllocator::initializeAllocator):
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      (JSC::ExecutableAllocator::committedByteCount):
      (JSC::ExecutableAllocator::dumpProfile):
      * jit/ExecutableAllocator.h:
      (JSC::ExecutableAllocator::dumpProfile):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::initializeAllocator):
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::isValid):
      (JSC::ExecutableAllocator::underMemoryPressure):
      (JSC::ExecutableAllocator::allocate):
      (JSC::ExecutableAllocator::committedByteCount):
      (JSC::ExecutableAllocator::dumpProfile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compileCTIMachineTrampolines):
      (JSC::JIT::compileCTINativeCall):
      * jit/JITCode.h:
      (JSC::JITCode::operator !):
      (JSC::JITCode::addressForCall):
      (JSC::JITCode::offsetOf):
      (JSC::JITCode::execute):
      (JSC::JITCode::start):
      (JSC::JITCode::size):
      (JSC::JITCode::getExecutableMemory):
      (JSC::JITCode::HostFunction):
      (JSC::JITCode::JITCode):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::JITThunks):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::JITThunks::ctiStub):
      (JSC::JITThunks::hostFunctionStub):
      * jit/JITStubs.h:
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * jit/ThunkGenerators.h:
      * runtime/Executable.h:
      (JSC::NativeExecutable::create):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::dumpSampleData):
      * runtime/JSGlobalData.h:
      (JSC::JSGlobalData::getCTIStub):
      * wtf/CMakeLists.txt:
      * wtf/MetaAllocator.cpp: Added.
      (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
      (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
      (WTF::MetaAllocatorHandle::shrink):
      (WTF::MetaAllocator::MetaAllocator):
      (WTF::MetaAllocator::allocate):
      (WTF::MetaAllocator::currentStatistics):
      (WTF::MetaAllocator::findAndRemoveFreeSpace):
      (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
      (WTF::MetaAllocator::addFreshFreeSpace):
      (WTF::MetaAllocator::debugFreeSpaceSize):
      (WTF::MetaAllocator::addFreeSpace):
      (WTF::MetaAllocator::incrementPageOccupancy):
      (WTF::MetaAllocator::decrementPageOccupancy):
      (WTF::MetaAllocator::roundUp):
      (WTF::MetaAllocator::allocFreeSpaceNode):
      (WTF::MetaAllocator::freeFreeSpaceNode):
      (WTF::MetaAllocator::dumpProfile):
      * wtf/MetaAllocator.h: Added.
      (WTF::MetaAllocator::bytesAllocated):
      (WTF::MetaAllocator::bytesReserved):
      (WTF::MetaAllocator::bytesCommitted):
      (WTF::MetaAllocator::dumpProfile):
      (WTF::MetaAllocator::~MetaAllocator):
      * wtf/MetaAllocatorHandle.h: Added.
      * wtf/RedBlackTree.h: Added.
      (WTF::RedBlackTree::Node::Node):
      (WTF::RedBlackTree::Node::successor):
      (WTF::RedBlackTree::Node::predecessor):
      (WTF::RedBlackTree::Node::reset):
      (WTF::RedBlackTree::Node::parent):
      (WTF::RedBlackTree::Node::setParent):
      (WTF::RedBlackTree::Node::left):
      (WTF::RedBlackTree::Node::setLeft):
      (WTF::RedBlackTree::Node::right):
      (WTF::RedBlackTree::Node::setRight):
      (WTF::RedBlackTree::Node::color):
      (WTF::RedBlackTree::Node::setColor):
      (WTF::RedBlackTree::RedBlackTree):
      (WTF::RedBlackTree::insert):
      (WTF::RedBlackTree::remove):
      (WTF::RedBlackTree::findExact):
      (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
      (WTF::RedBlackTree::findGreatestLessThanOrEqual):
      (WTF::RedBlackTree::first):
      (WTF::RedBlackTree::last):
      (WTF::RedBlackTree::size):
      (WTF::RedBlackTree::isEmpty):
      (WTF::RedBlackTree::treeMinimum):
      (WTF::RedBlackTree::treeMaximum):
      (WTF::RedBlackTree::treeInsert):
      (WTF::RedBlackTree::leftRotate):
      (WTF::RedBlackTree::rightRotate):
      (WTF::RedBlackTree::removeFixup):
      * wtf/wtf.pri:
      * yarr/YarrJIT.cpp:
      (JSC::Yarr::YarrGenerator::compile):
      * yarr/YarrJIT.h:
      (JSC::Yarr::YarrCodeBlock::execute):
      (JSC::Yarr::YarrCodeBlock::getAddr):
      
      Source/JavaScriptGlue: 
      
      * ForwardingHeaders/wtf/MetaAllocatorHandle.h: Added.
      
      Source/WebCore: 
      
      No new layout tests because behavior is not changed.  New API unit
      tests:
      Tests/WTF/RedBlackTree.cpp
      Tests/WTF/MetaAllocator.cpp
      
      * ForwardingHeaders/wtf/MetaAllocatorHandle.h: Added.
      
      Tools: 
      
      * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
      * TestWebKitAPI/Tests/WTF/MetaAllocator.cpp: Added.
      (TestWebKitAPI::TEST_F):
      * TestWebKitAPI/Tests/WTF/RedBlackTree.cpp: Added.
      (TestWebKitAPI::Pair::findExact):
      (TestWebKitAPI::Pair::remove):
      (TestWebKitAPI::Pair::findLeastGreaterThanOrEqual):
      (TestWebKitAPI::Pair::assertFoundAndRemove):
      (TestWebKitAPI::Pair::assertEqual):
      (TestWebKitAPI::Pair::assertSameValuesForKey):
      (TestWebKitAPI::Pair::testDriver):
      (TestWebKitAPI::TEST_F):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94920 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e6a7f5fb
  26. 28 Jul, 2011 1 commit
  27. 11 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-10 Oliver Hunt <oliver@apple.com> · d5b6cfa4
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Add some aggressive GC validation to debug builds.
              https://bugs.webkit.org/show_bug.cgi?id=60601
      
              When assertions are enabled we now do some validity checking
              of objects being added to the mark stack.
      
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
              (JSC::PolymorphicAccessStructureList::visitAggregate):
              * heap/MarkStack.cpp:
              (JSC::MarkStack::validateSet):
              (JSC::MarkStack::validateValue):
              * heap/MarkStack.h:
              (JSC::MarkStack::appendValues):
              (JSC::MarkStack::append):
              (JSC::MarkStack::internalAppend):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d5b6cfa4
  28. 21 Apr, 2011 1 commit
    • oliver@apple.com's avatar
      2011-04-21 Oliver Hunt <oliver@apple.com> · 433d02f9
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObjectData::visitChildren):
              (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
              (JSC::JSCallbackObject::visitChildren):
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::visitStructures):
              (JSC::EvalCodeCache::visitAggregate):
              (JSC::CodeBlock::visitAggregate):
              * bytecode/CodeBlock.h:
              * bytecode/EvalCodeCache.h:
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::visitAggregate):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::visitAggregate):
              * bytecode/StructureStubInfo.h:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * debugger/DebuggerActivation.h:
              * heap/HandleHeap.cpp:
              (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
              (JSC::HandleHeap::markStrongHandles):
              (JSC::HandleHeap::markWeakHandles):
              * heap/HandleHeap.h:
              * heap/HandleStack.cpp:
              (JSC::HandleStack::mark):
              * heap/HandleStack.h:
              * heap/Heap.cpp:
              (JSC::Heap::markProtectedObjects):
              (JSC::Heap::markTempSortVectors):
              (JSC::Heap::markRoots):
              * heap/Heap.h:
              * heap/MarkStack.cpp:
              (JSC::MarkStack::visitChildren):
              (JSC::MarkStack::drain):
              * heap/MarkStack.h:
              (JSC::HeapRootVisitor::HeapRootVisitor):
              (JSC::HeapRootVisitor::mark):
              (JSC::HeapRootVisitor::visitor):
              * heap/MarkedSpace.h:
              * runtime/ArgList.cpp:
              (JSC::MarkedArgumentBuffer::markLists):
              * runtime/ArgList.h:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Arguments.h:
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::createStructure):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSActivation.h:
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSArray.h:
              (JSC::JSArray::visitDirect):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::visitChildren):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSFunction.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::visitIfNeeded):
              (JSC::JSGlobalObject::visitChildren):
              * runtime/JSGlobalObject.h:
              * runtime/JSONObject.cpp:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSObject.h:
              (JSC::JSObject::visitDirect):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::createStructure):
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSStaticScopeObject.h:
              * runtime/JSTypeInfo.h:
              (JSC::TypeInfo::TypeInfo):
              (JSC::TypeInfo::overridesVisitChildren):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/JSWrapperObject.h:
              * runtime/JSZombie.h:
              (JSC::JSZombie::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/NativeErrorConstructor.h:
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/RegExpObject.h:
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              * runtime/SmallStrings.cpp:
              (JSC::SmallStrings::visitChildren):
              * runtime/SmallStrings.h:
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::createStructure):
      2011-04-21  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * UserObjectImp.cpp:
              (UserObjectImp::visitChildren):
      2011-04-21  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Start moving to a general visitor pattern for GC traversal
              https://bugs.webkit.org/show_bug.cgi?id=59141
      
              This is just a rename:
                  markChildren -> visitChildren
                  markAggregate -> visitAggregate
                  markStack -> visitor
                  MarkStack -> typedef'd to SlotVisitor
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioConstructor.cpp:
              (WebCore::constructAudio):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSDOMBinding.cpp:
              (WebCore::visitActiveObjectsForContext):
              (WebCore::markDOMObjectWrapper):
              * bindings/js/JSDOMBinding.h:
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              * bindings/js/JSDOMGlobalObject.h:
              * bindings/js/JSDOMImplementationCustom.cpp:
              (WebCore::JSDOMImplementation::visitChildren):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSDOMWindowShell.h:
              * bindings/js/JSDocumentCustom.cpp:
              (WebCore::JSDocument::visitChildren):
              * bindings/js/JSElementCustom.cpp:
              (WebCore::JSElement::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::markJSFunction):
              * bindings/js/JSEventListener.h:
              * bindings/js/JSHTMLCanvasElementCustom.cpp:
              (WebCore::JSHTMLCanvasElement::visitChildren):
              * bindings/js/JSHTMLLinkElementCustom.cpp:
              (WebCore::JSHTMLLinkElement::visitChildren):
              * bindings/js/JSHTMLStyleElementCustom.cpp:
              (WebCore::JSHTMLStyleElement::visitChildren):
              * bindings/js/JSImageConstructor.cpp:
              (WebCore::constructImage):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMapOwner::isReachableFromOpaqueRoots):
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNavigatorCustom.cpp:
              (WebCore::JSNavigator::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::isObservable):
              (WebCore::isReachableFromDOM):
              (WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeCustom.h:
              * bindings/js/JSNodeFilterCondition.cpp:
              (WebCore::JSNodeFilterCondition::WeakOwner::isReachableFromOpaqueRoots):
              * bindings/js/JSNodeFilterCondition.h:
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSNodeListCustom.cpp:
              (WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
              * bindings/js/JSProcessingInstructionCustom.cpp:
              (WebCore::JSProcessingInstruction::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWebKitAnimationListCustom.cpp:
              (WebCore::JSWebKitAnimationList::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
              (WebCore::JSXMLHttpRequestUpload::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/qt/qt_instance.cpp:
              (JSC::Bindings::QtRuntimeObject::visitChildren):
              (JSC::Bindings::QtInstance::markAggregate):
              * bridge/qt/qt_instance.h:
              * bridge/qt/qt_pixmapruntime.cpp:
              * bridge/qt/qt_runtime.cpp:
              (JSC::Bindings::QtRuntimeMetaMethod::visitChildren):
              * bridge/qt/qt_runtime.h:
              * dom/EventListener.h:
              (WebCore::EventListener::visitJSFunction):
              * dom/EventTarget.h:
              (WebCore::EventTarget::visitJSEventListeners):
              * dom/Node.h:
              * dom/NodeFilterCondition.h:
              (WebCore::NodeFilterCondition::visitAggregate):
              * page/DOMWindow.h:
              * workers/WorkerContext.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@84556 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      433d02f9
  29. 15 Apr, 2011 2 commits
  30. 14 Apr, 2011 1 commit
    • oliver@apple.com's avatar
      2011-04-13 Oliver Hunt <oliver@apple.com> · bb8da910
      oliver@apple.com authored
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Additional structures are allocated beyond the expected threshold
              so we preflight the test to get them allocated.
      
              * fast/dom/gc-10.html:
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Turn Structure into a GC allocated object.  Most of this patch
              is the mechanical change of replacing variations on RefPtr<Structure>
              with either Structure* (for arguments and locals), WriteBarrier<Structure>
              for the few cases where Structures are held by GC allocated objects
              and Strong<Structure> for the root structure objects in GlobalData.
      
              * API/JSCallbackConstructor.cpp:
              (JSC::JSCallbackConstructor::JSCallbackConstructor):
              * API/JSCallbackConstructor.h:
              (JSC::JSCallbackConstructor::createStructure):
              * API/JSCallbackFunction.h:
              (JSC::JSCallbackFunction::createStructure):
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObject::createStructure):
              * API/JSCallbackObjectFunctions.h:
              (JSC::::JSCallbackObject):
              * API/JSContextRef.cpp:
              * JavaScriptCore.JSVALUE32_64only.exp:
              * JavaScriptCore.JSVALUE64only.exp:
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::~CodeBlock):
              (JSC::CodeBlock::markStructures):
              (JSC::CodeBlock::markAggregate):
              * bytecode/CodeBlock.h:
              (JSC::MethodCallLinkInfo::setSeen):
              (JSC::GlobalResolveInfo::GlobalResolveInfo):
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
              (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
              (JSC::PolymorphicAccessStructureList::markAggregate):
              (JSC::Instruction::Instruction):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::deref):
              (JSC::StructureStubInfo::markAggregate):
              * bytecode/StructureStubInfo.h:
              (JSC::StructureStubInfo::initGetByIdSelf):
              (JSC::StructureStubInfo::initGetByIdProto):
              (JSC::StructureStubInfo::initGetByIdChain):
              (JSC::StructureStubInfo::initPutByIdTransition):
              (JSC::StructureStubInfo::initPutByIdReplace):
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::DebuggerActivation):
              * debugger/DebuggerActivation.h:
              (JSC::DebuggerActivation::createStructure):
              * heap/Handle.h:
              * heap/MarkStack.cpp:
              (JSC::MarkStack::markChildren):
              (JSC::MarkStack::drain):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep):
              * heap/Strong.h:
              (JSC::Strong::Strong):
              (JSC::Strong::set):
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::resolveGlobal):
              (JSC::Interpreter::resolveGlobalDynamic):
              (JSC::Interpreter::tryCachePutByID):
              (JSC::Interpreter::uncachePutByID):
              (JSC::Interpreter::tryCacheGetByID):
              (JSC::Interpreter::uncacheGetByID):
              (JSC::Interpreter::privateExecute):
              * jit/JIT.h:
              * jit/JITPropertyAccess.cpp:
              (JSC::JIT::privateCompilePutByIdTransition):
              (JSC::JIT::patchMethodCallProto):
              (JSC::JIT::privateCompileGetByIdProto):
              (JSC::JIT::privateCompileGetByIdSelfList):
              (JSC::JIT::privateCompileGetByIdProtoList):
              (JSC::JIT::privateCompileGetByIdChainList):
              (JSC::JIT::privateCompileGetByIdChain):
              * jit/JITPropertyAccess32_64.cpp:
              (JSC::JIT::privateCompilePutByIdTransition):
              (JSC::JIT::patchMethodCallProto):
              (JSC::JIT::privateCompileGetByIdProto):
              (JSC::JIT::privateCompileGetByIdSelfList):
              (JSC::JIT::privateCompileGetByIdProtoList):
              (JSC::JIT::privateCompileGetByIdChainList):
              (JSC::JIT::privateCompileGetByIdChain):
              * jit/JITStubs.cpp:
              (JSC::JITThunks::tryCachePutByID):
              (JSC::JITThunks::tryCacheGetByID):
              (JSC::DEFINE_STUB_FUNCTION):
              (JSC::getPolymorphicAccessStructureListSlot):
              * jit/JSInterfaceJIT.h:
              (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
              * jsc.cpp:
              (cleanupGlobalData):
              * runtime/Arguments.h:
              (JSC::Arguments::createStructure):
              (JSC::Arguments::Arguments):
              (JSC::JSActivation::copyRegisters):
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              (JSC::constructArrayWithSizeQuirk):
              * runtime/ArrayConstructor.h:
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::ArrayPrototype):
              (JSC::arrayProtoFuncSplice):
              * runtime/ArrayPrototype.h:
              (JSC::ArrayPrototype::createStructure):
              * runtime/BatchedTransitionOptimizer.h:
              (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
              * runtime/BooleanConstructor.cpp:
              (JSC::BooleanConstructor::BooleanConstructor):
              * runtime/BooleanConstructor.h:
              * runtime/BooleanObject.cpp:
              (JSC::BooleanObject::BooleanObject):
              * runtime/BooleanObject.h:
              (JSC::BooleanObject::createStructure):
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              * runtime/BooleanPrototype.h:
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              * runtime/DateConstructor.h:
              * runtime/DateInstance.cpp:
              (JSC::DateInstance::DateInstance):
              * runtime/DateInstance.h:
              (JSC::DateInstance::createStructure):
              * runtime/DatePrototype.cpp:
              (JSC::DatePrototype::DatePrototype):
              * runtime/DatePrototype.h:
              (JSC::DatePrototype::createStructure):
              * runtime/Error.cpp:
              (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
              * runtime/ErrorConstructor.cpp:
              (JSC::ErrorConstructor::ErrorConstructor):
              * runtime/ErrorConstructor.h:
              * runtime/ErrorInstance.cpp:
              (JSC::ErrorInstance::ErrorInstance):
              (JSC::ErrorInstance::create):
              * runtime/ErrorInstance.h:
              (JSC::ErrorInstance::createStructure):
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              * runtime/ErrorPrototype.h:
              * runtime/ExceptionHelpers.cpp:
              (JSC::InterruptedExecutionError::InterruptedExecutionError):
              (JSC::TerminatedExecutionError::TerminatedExecutionError):
              * runtime/Executable.cpp:
              * runtime/Executable.h:
              (JSC::ExecutableBase::ExecutableBase):
              (JSC::ExecutableBase::createStructure):
              (JSC::NativeExecutable::createStructure):
              (JSC::NativeExecutable::NativeExecutable):
              (JSC::ScriptExecutable::ScriptExecutable):
              (JSC::EvalExecutable::createStructure):
              (JSC::ProgramExecutable::createStructure):
              (JSC::FunctionExecutable::createStructure):
              * runtime/FunctionConstructor.cpp:
              (JSC::FunctionConstructor::FunctionConstructor):
              * runtime/FunctionConstructor.h:
              * runtime/FunctionPrototype.cpp:
              (JSC::FunctionPrototype::FunctionPrototype):
              * runtime/FunctionPrototype.h:
              (JSC::FunctionPrototype::createStructure):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::GetterSetter):
              (JSC::GetterSetter::createStructure):
              * runtime/InitializeThreading.cpp:
              (JSC::initializeThreadingOnce):
              * runtime/InternalFunction.cpp:
              (JSC::InternalFunction::InternalFunction):
              * runtime/InternalFunction.h:
              (JSC::InternalFunction::createStructure):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::JSActivation):
              * runtime/JSActivation.h:
              (JSC::JSActivation::createStructure):
              * runtime/JSArray.cpp:
              (JSC::JSArray::JSArray):
              * runtime/JSArray.h:
              (JSC::JSArray::createStructure):
              * runtime/JSByteArray.cpp:
              (JSC::JSByteArray::JSByteArray):
              (JSC::JSByteArray::createStructure):
              * runtime/JSByteArray.h:
              (JSC::JSByteArray::JSByteArray):
              * runtime/JSCell.cpp:
              (JSC::isZombie):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::JSCell):
              (JSC::JSCell::JSCell::addressOfStructure):
              (JSC::JSCell::JSCell::structure):
              (JSC::JSCell::JSCell::markChildren):
              (JSC::JSCell::JSValue::isZombie):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::JSFunction):
              * runtime/JSFunction.h:
              (JSC::JSFunction::createStructure):
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::storeVPtrs):
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::clearBuiltinStructures):
              (JSC::JSGlobalData::createLeaked):
              * runtime/JSGlobalData.h:
              (JSC::allocateGlobalHandle):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              (JSC::JSGlobalObject::markChildren):
              (JSC::JSGlobalObject::copyGlobalsFrom):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::JSGlobalObject):
              (JSC::JSGlobalObject::createStructure):
              (JSC::Structure::prototypeChain):
              (JSC::Structure::isValid):
              (JSC::constructEmptyArray):
              * runtime/JSNotAnObject.h:
              (JSC::JSNotAnObject::JSNotAnObject):
              (JSC::JSNotAnObject::createStructure):
              * runtime/JSONObject.cpp:
              (JSC::JSONObject::JSONObject):
              * runtime/JSONObject.h:
              (JSC::JSONObject::createStructure):
              * runtime/JSObject.cpp:
              (JSC::JSObject::defineGetter):
              (JSC::JSObject::defineSetter):
              (JSC::JSObject::seal):
              (JSC::JSObject::freeze):
              (JSC::JSObject::preventExtensions):
              (JSC::JSObject::removeDirect):
              (JSC::JSObject::createInheritorID):
              * runtime/JSObject.h:
              (JSC::JSObject::createStructure):
              (JSC::JSObject::JSObject):
              (JSC::JSNonFinalObject::createStructure):
              (JSC::JSNonFinalObject::JSNonFinalObject):
              (JSC::JSFinalObject::create):
              (JSC::JSFinalObject::createStructure):
              (JSC::JSFinalObject::JSFinalObject):
              (JSC::constructEmptyObject):
              (JSC::createEmptyObjectStructure):
              (JSC::JSObject::~JSObject):
              (JSC::JSObject::setPrototype):
              (JSC::JSObject::setStructure):
              (JSC::JSObject::inheritorID):
              (JSC::JSObject::putDirectInternal):
              (JSC::JSObject::transitionTo):
              (JSC::JSObject::markChildrenDirect):
              * runtime/JSObjectWithGlobalObject.cpp:
              (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
              * runtime/JSObjectWithGlobalObject.h:
              (JSC::JSObjectWithGlobalObject::createStructure):
              (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
              (JSC::JSPropertyNameIterator::create):
              (JSC::JSPropertyNameIterator::get):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::createStructure):
              (JSC::JSPropertyNameIterator::setCachedStructure):
              (JSC::Structure::setEnumerationCache):
              * runtime/JSStaticScopeObject.h:
              (JSC::JSStaticScopeObject::JSStaticScopeObject):
              (JSC::JSStaticScopeObject::createStructure):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              (JSC::RopeBuilder::createStructure):
              * runtime/JSType.h:
              * runtime/JSTypeInfo.h:
              (JSC::TypeInfo::TypeInfo):
              * runtime/JSValue.h:
              * runtime/JSVariableObject.h:
              (JSC::JSVariableObject::createStructure):
              (JSC::JSVariableObject::JSVariableObject):
              (JSC::JSVariableObject::copyRegisterArray):
              * runtime/JSWrapperObject.h:
              (JSC::JSWrapperObject::createStructure):
              (JSC::JSWrapperObject::JSWrapperObject):
              * runtime/JSZombie.cpp:
              * runtime/JSZombie.h:
              (JSC::JSZombie::JSZombie):
              (JSC::JSZombie::createStructure):
              * runtime/MathObject.cpp:
              (JSC::MathObject::MathObject):
              * runtime/MathObject.h:
              (JSC::MathObject::createStructure):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::NativeErrorConstructor):
              (JSC::NativeErrorConstructor::markChildren):
              * runtime/NativeErrorConstructor.h:
              (JSC::NativeErrorConstructor::createStructure):
              * runtime/NativeErrorPrototype.cpp:
              (JSC::NativeErrorPrototype::NativeErrorPrototype):
              * runtime/NativeErrorPrototype.h:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::NumberConstructor):
              * runtime/NumberConstructor.h:
              (JSC::NumberConstructor::createStructure):
              * runtime/NumberObject.cpp:
              (JSC::NumberObject::NumberObject):
              * runtime/NumberObject.h:
              (JSC::NumberObject::createStructure):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              * runtime/NumberPrototype.h:
              * runtime/ObjectConstructor.cpp:
              (JSC::ObjectConstructor::ObjectConstructor):
              * runtime/ObjectConstructor.h:
              (JSC::ObjectConstructor::createStructure):
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              * runtime/ObjectPrototype.h:
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyTable::PropertyTable):
              * runtime/RegExpConstructor.cpp:
              (JSC::RegExpConstructor::RegExpConstructor):
              (JSC::RegExpMatchesArray::RegExpMatchesArray):
              * runtime/RegExpConstructor.h:
              (JSC::RegExpConstructor::createStructure):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::RegExpObject):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::createStructure):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              * runtime/RegExpPrototype.h:
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              (JSC::ScopeChainNode::createStructure):
              * runtime/StrictEvalActivation.cpp:
              (JSC::StrictEvalActivation::StrictEvalActivation):
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              * runtime/StringConstructor.h:
              * runtime/StringObject.cpp:
              (JSC::StringObject::StringObject):
              * runtime/StringObject.h:
              (JSC::StringObject::createStructure):
              * runtime/StringObjectThatMasqueradesAsUndefined.h:
              (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
              (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
              * runtime/StringPrototype.cpp:
              (JSC::StringPrototype::StringPrototype):
              * runtime/StringPrototype.h:
              (JSC::StringPrototype::createStructure):
              * runtime/Structure.cpp:
              (JSC::StructureTransitionTable::remove):
              (JSC::StructureTransitionTable::add):
              (JSC::Structure::Structure):
              (JSC::Structure::~Structure):
              (JSC::Structure::materializePropertyMap):
              (JSC::Structure::addPropertyTransitionToExistingStructure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::removePropertyTransition):
              (JSC::Structure::changePrototypeTransition):
              (JSC::Structure::despecifyFunctionTransition):
              (JSC::Structure::getterSetterTransition):
              (JSC::Structure::toDictionaryTransition):
              (JSC::Structure::toCacheableDictionaryTransition):
              (JSC::Structure::toUncacheableDictionaryTransition):
              (JSC::Structure::sealTransition):
              (JSC::Structure::freezeTransition):
              (JSC::Structure::preventExtensionsTransition):
              (JSC::Structure::flattenDictionaryStructure):
              (JSC::Structure::copyPropertyTable):
              (JSC::Structure::put):
              (JSC::Structure::markChildren):
              * runtime/Structure.h:
              (JSC::Structure::create):
              (JSC::Structure::setPrototypeWithoutTransition):
              (JSC::Structure::createStructure):
              (JSC::JSCell::createDummyStructure):
              (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::StructureChain):
              (JSC::StructureChain::markChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::create):
              (JSC::StructureChain::head):
              (JSC::StructureChain::createStructure):
              * runtime/StructureTransitionTable.h:
              (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
              (JSC::StructureTransitionTable::~StructureTransitionTable):
              (JSC::StructureTransitionTable::slot):
              (JSC::StructureTransitionTable::setMap):
              (JSC::StructureTransitionTable::singleTransition):
              (JSC::StructureTransitionTable::clearSingleTransition):
              (JSC::StructureTransitionTable::setSingleTransition):
              * runtime/WeakGCMap.h:
              (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
              (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
              (JSC::WeakGCMap::contains):
              (JSC::WeakGCMap::find):
              (JSC::WeakGCMap::remove):
              (JSC::WeakGCMap::add):
              (JSC::WeakGCMap::set):
              (JSC::WeakGCMap::finalize):
              * runtime/WriteBarrier.h:
              (JSC::writeBarrier):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::setWithoutWriteBarrier):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Fix up JSG to correctly mark Structure, et al.
      
              * JSRun.cpp:
              (JSGlueGlobalObject::JSGlueGlobalObject):
              * JSRun.h:
              * JSUtils.cpp:
              (JSObjectKJSValue):
              * UserObjectImp.cpp:
              (UserObjectImp::UserObjectImp):
              * UserObjectImp.h:
              (UserObjectImp::createStructure):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WebCore for Structure being a GC allocated object
      
              * WebCore.exp.in:
              * bindings/js/JSAudioConstructor.h:
              (WebCore::JSAudioConstructor::createStructure):
              * bindings/js/JSDOMBinding.cpp:
              (WebCore::cacheDOMStructure):
              * bindings/js/JSDOMBinding.h:
              (WebCore::DOMObjectWithGlobalPointer::createStructure):
              (WebCore::DOMObjectWithGlobalPointer::DOMObjectWithGlobalPointer):
              (WebCore::DOMConstructorObject::createStructure):
              (WebCore::DOMConstructorObject::DOMConstructorObject):
              (WebCore::DOMConstructorWithDocument::DOMConstructorWithDocument):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
              (WebCore::JSDOMGlobalObject::markChildren):
              * bindings/js/JSDOMGlobalObject.h:
              (WebCore::JSDOMGlobalObject::createStructure):
              * bindings/js/JSDOMWindowBase.cpp:
              (WebCore::JSDOMWindowBase::JSDOMWindowBase):
              * bindings/js/JSDOMWindowBase.h:
              (WebCore::JSDOMWindowBase::createStructure):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::JSDOMWindowShell):
              (WebCore::JSDOMWindowShell::setWindow):
              * bindings/js/JSDOMWindowShell.h:
              (WebCore::JSDOMWindowShell::createStructure):
              * bindings/js/JSDOMWrapper.h:
              (WebCore::DOMObject::DOMObject):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSImageConstructor.h:
              (WebCore::JSImageConstructor::createStructure):
              * bindings/js/JSImageDataCustom.cpp:
              (WebCore::toJS):
              * bindings/js/JSOptionConstructor.h:
              (WebCore::JSOptionConstructor::createStructure):
              * bindings/js/JSWorkerContextBase.cpp:
              (WebCore::JSWorkerContextBase::JSWorkerContextBase):
              * bindings/js/JSWorkerContextBase.h:
              (WebCore::JSWorkerContextBase::createStructure):
              * bindings/js/ScriptCachedFrameData.h:
              * bindings/js/SerializedScriptValue.h:
              * bindings/js/WorkerScriptController.cpp:
              (WebCore::WorkerScriptController::initScript):
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/c/CRuntimeObject.h:
              (JSC::Bindings::CRuntimeObject::createStructure):
              * bridge/c/c_instance.cpp:
              (JSC::Bindings::CRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaInstanceJSC.cpp:
              (JavaRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaRuntimeObject.h:
              (JSC::Bindings::JavaRuntimeObject::createStructure):
              * bridge/objc/ObjCRuntimeObject.h:
              (JSC::Bindings::ObjCRuntimeObject::createStructure):
              * bridge/objc/objc_instance.mm:
              (ObjCRuntimeMethod::createStructure):
              * bridge/objc/objc_runtime.h:
              (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
              * bridge/runtime_array.cpp:
              (JSC::RuntimeArray::RuntimeArray):
              * bridge/runtime_array.h:
              (JSC::RuntimeArray::createStructure):
              * bridge/runtime_method.cpp:
              (JSC::RuntimeMethod::RuntimeMethod):
              * bridge/runtime_method.h:
              (JSC::RuntimeMethod::createStructure):
              * bridge/runtime_object.cpp:
              (JSC::Bindings::RuntimeObject::RuntimeObject):
              * bridge/runtime_object.h:
              (JSC::Bindings::RuntimeObject::createStructure):
              * history/HistoryItem.h:
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WebKit for the world of GC allocated Structure
      
              * Plugins/Hosted/NetscapePluginInstanceProxy.h:
              * Plugins/Hosted/ProxyInstance.mm:
              (WebKit::ProxyRuntimeMethod::createStructure):
              * Plugins/Hosted/ProxyRuntimeObject.h:
              (WebKit::ProxyRuntimeObject::createStructure):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WK2 for the world of GC allocated Structure
      
              * WebProcess/Plugins/Netscape/JSNPMethod.h:
              (WebKit::JSNPMethod::createStructure):
              * WebProcess/Plugins/Netscape/JSNPObject.h:
              (WebKit::JSNPObject::createStructure):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83808 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bb8da910
  31. 04 Apr, 2011 2 commits
    • oliver@apple.com's avatar
      Fix WinCE build. · 2a16006d
      oliver@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82858 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2a16006d
    • oliver@apple.com's avatar
      2011-04-01 Oliver Hunt <oliver@apple.com> · 59144210
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make StructureChain GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=56695
      
              Make StructureChain GC allocated, and make the various owners
              mark it correctly.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::dump):
              (JSC::CodeBlock::derefStructures):
              (JSC::CodeBlock::refStructures):
              (JSC::CodeBlock::markAggregate):
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
              (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
              (JSC::PolymorphicAccessStructureList::derefStructures):
              (JSC::PolymorphicAccessStructureList::markAggregate):
              (JSC::Instruction::Instruction):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::deref):
              (JSC::StructureStubInfo::markAggregate):
              * bytecode/StructureStubInfo.h:
              (JSC::StructureStubInfo::initGetByIdChain):
              (JSC::StructureStubInfo::initPutByIdTransition):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
              * collector/handles/Handle.h:
              (JSC::HandleConverter::operator->):
              (JSC::HandleConverter::operator*):
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::privateExecute):
              * jit/JITOpcodes.cpp:
              (JSC::JIT::emit_op_jneq_ptr):
              * jit/JITOpcodes32_64.cpp:
              (JSC::JIT::emit_op_jneq_ptr):
              * jit/JITPropertyAccess.cpp:
              (JSC::JIT::privateCompileGetByIdChainList):
              * jit/JITPropertyAccess32_64.cpp:
              (JSC::JIT::privateCompileGetByIdChainList):
              * jit/JITStubs.cpp:
              (JSC::JITThunks::tryCachePutByID):
              (JSC::JITThunks::tryCacheGetByID):
              (JSC::getPolymorphicAccessStructureListSlot):
              (JSC::DEFINE_STUB_FUNCTION):
              * runtime/JSCell.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::markIfNeeded):
              * runtime/JSGlobalObject.h:
              (JSC::Structure::prototypeChain):
              * runtime/JSObject.h:
              (JSC::JSObject::putDirectInternal):
              (JSC::JSObject::markChildrenDirect):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::create):
              (JSC::JSPropertyNameIterator::get):
              (JSC::JSPropertyNameIterator::markChildren):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
              * runtime/JSZombie.cpp:
              (JSC::JSZombie::leakedZombieStructure):
              * runtime/JSZombie.h:
              * runtime/MarkStack.h:
              (JSC::MarkStack::append):
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::sweep):
              * runtime/Structure.cpp:
              (JSC::Structure::addPropertyTransition):
              * runtime/Structure.h:
              (JSC::Structure::markAggregate):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::StructureChain):
              (JSC::StructureChain::~StructureChain):
              (JSC::StructureChain::markChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::create):
              (JSC::StructureChain::createStructure):
              * runtime/WriteBarrier.h:
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
      2011-04-01  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make StructureChain GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=56695
      
              Update for new Structure marking function
      
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::markChildren):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82849 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      59144210
  32. 30 Mar, 2011 1 commit