1. 14 Nov, 2013 1 commit
    • msaboff@apple.com's avatar
      Change callToJavaScript thunk into an offline assembled stub · 4655f790
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124251
      
      Reviewed by Geoffrey Garen.
      
      Changed callToJavaScript and throwNotCaught into stubs generated by the offline assembler.
      Added popCalleeSaves and pushCalleeSaves pseudo ops to the offline assembler to handle
      the saving and restoring of callee save registers.  Fixed callFrameRegister differences
      between arm traditional (r11) and arm Thumb2 (r7) in GPRInfo.h.  Also fixed implementation
      of pop & push in arm.rb.
      
      Since the offline assembler and therefore the LLInt don't work on Windows, the Windows stubs
      are handled as inline assembly in JITStubsX86.h and JITStubsMSVC64.asm.
      
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      * jit/GPRInfo.h:
      (JSC::GPRInfo::toIndex):
      (JSC::GPRInfo::debugName):
      * jit/JITCode.cpp:
      (JSC::JITCode::execute):
      * jit/JITExceptions.cpp:
      (JSC::genericUnwind):
      * jit/JITStubs.h:
      * jit/JITStubsMSVC64.asm:
      * jit/JITStubsX86.h:
      * jit/ThunkGenerators.cpp:
      * jit/ThunkGenerators.h:
      * llint/LLIntThunks.h:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/arm.rb:
      * offlineasm/arm64.rb:
      * offlineasm/instructions.rb:
      * offlineasm/mips.rb:
      * offlineasm/registers.rb:
      * offlineasm/sh4.rb:
      * offlineasm/x86.rb:
      * runtime/VM.cpp:
      (JSC::VM::VM):
      * runtime/VM.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159276 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4655f790
  2. 06 Nov, 2013 1 commit
    • msaboff@apple.com's avatar
      Change ctiTrampoline into a thunk · adc50523
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=123844
      
      Reviewed by Filip Pizlo.
      
      Converted ctiTrampoline and ctiOpThrowNotCaught into thunks named callToJavaScript
      and returnFromJavaScript.  Cleaned up and in some cases removed JITStubsXXX.h files
      after removing ctiTrampoline and ctiOpThrowNotCaught.  Added callJavaScriptJITFunction
      to VM that is a function pointer to the callToJavaScript thunk.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      * jit/JITCode.cpp:
      (JSC::JITCode::execute):
      * jit/JITExceptions.cpp:
      (JSC::genericUnwind):
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/JITStubsARM.h:
      * jit/JITStubsARM64.h: Removed.
      * jit/JITStubsARMv7.h:
      * jit/JITStubsMIPS.h: Removed.
      * jit/JITStubsMSVC64.asm:
      * jit/JITStubsSH4.h: Removed.
      * jit/JITStubsX86.h:
      * jit/JITStubsX86_64.h:
      * jit/JSInterfaceJIT.h:
      * jit/ThunkGenerators.cpp:
      (JSC::returnFromJavaScript):
      (JSC::callToJavaScript):
      * jit/ThunkGenerators.h:
      * runtime/VM.cpp:
      (JSC::VM::VM):
      * runtime/VM.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      adc50523
  3. 03 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      FTL should use LLVM intrinsics for OSR exit, watchpoints, inline caches, and stack layout · 6bf1198d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122318
      
      Reviewed by Geoffrey Garen.
              
      This all now works. This patch just updates our implementation to work with LLVM trunk,
      and removes all of the old code that tried to do OSR exits and heap accesses without
      the benefit of those intrinsics.
              
      In particular:
              
      - StackMaps parsing now uses the new, less compact, but more future-proof, format.
              
      - Remove the ftlUsesStackmaps() option and hard-code ftlUsesStackmaps = true. Remove
        all code for ftlUsesStackmaps = false, since that was only there for back when we
        didn't have the intrinsics.
              
      - Remove the other experimental OSR options (useLLVMOSRExitIntrinsic,
        ftlTrapsOnOSRExit, and FTLOSRExitOmitsMarshalling).
              
      - Remove LowerDFGToLLVM's use of the ExitThunkGenerator since we don't need to generate
        the exit thunks until after we parse the stackmaps.
              
      - Remove all of the exit thunk and compiler code for the no-stackmaps case.
      
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      * ftl/FTLCompile.cpp:
      (JSC::FTL::mmAllocateDataSection):
      * ftl/FTLExitThunkGenerator.cpp:
      (JSC::FTL::ExitThunkGenerator::emitThunk):
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLocation.cpp:
      (JSC::FTL::Location::forStackmaps):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::lower):
      (JSC::FTL::LowerDFGToLLVM::compileGetById):
      (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
      (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::callStackmap):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      * ftl/FTLOSRExitCompilationInfo.h:
      (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      (JSC::FTL::compileFTLOSRExit):
      * ftl/FTLStackMaps.cpp:
      (JSC::FTL::StackMaps::Location::parse):
      (JSC::FTL::StackMaps::parse):
      (WTF::printInternal):
      * ftl/FTLStackMaps.h:
      * ftl/FTLThunks.cpp:
      (JSC::FTL::osrExitGenerationThunkGenerator):
      * ftl/FTLThunks.h:
      (JSC::FTL::Thunks::getOSRExitGenerationThunk):
      * runtime/Options.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158535 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6bf1198d
  4. 10 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      OSR exit using llvm.webkit.stackmap should pass more tests · 50cd41c0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122518
      
      Reviewed by Mark Hahnenberg.
              
      - Make the X86Assembler capable of dealing with all XMM registers.
              
      - Make the StackMaps code on WebKit's side capable of dealing with XMM registers.
              
      - Factor out most of the smarts of StackMaps::Location into a self-contained object.
        Previously you needed both StackMaps::Location and a StackMaps reference to do most
        things since the Location might have referred to a constant. Now you can just get a
        self-contained Location object.
              
      - Fix a bug where OSR exit generation thunk generator was assuming that the call frame
        register is already in argumentGPR0. In the future, the call frame will just be the
        machine FP and we won't have to do anything special. But for now the "call frame" is
        just a normal value in LLVM IR and may end up in any register. Make the OSR exit
        generation thunk generator polymorphic over the call frame argument's Location.
              
      - Move the stuff that depends on the polymorphic OSR exit generation thunk generator
        into the finalizer, since generating and linking one of those thunks requires a cache
        flush and we need to do that on the main thread.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::firstRegister):
      (JSC::ARMv7Assembler::lastRegister):
      (JSC::ARMv7Assembler::firstFPRegister):
      (JSC::ARMv7Assembler::lastFPRegister):
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::firstFPRegister):
      (JSC::AbstractMacroAssembler::lastFPRegister):
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::nextFPRegister):
      * assembler/MacroAssemblerARMv7.h:
      * assembler/MacroAssemblerX86Common.h:
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::firstFPRegister):
      (JSC::X86Assembler::lastFPRegister):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      * ftl/FTLCompile.cpp:
      (JSC::FTL::fixFunctionBasedOnStackMaps):
      * ftl/FTLExitThunkGenerator.cpp:
      (JSC::FTL::ExitThunkGenerator::emitThunk):
      (JSC::FTL::ExitThunkGenerator::emitThunks):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLocation.cpp: Added.
      (JSC::FTL::Location::forStackmaps):
      (JSC::FTL::Location::dump):
      (JSC::FTL::Location::involvesGPR):
      (JSC::FTL::Location::isGPR):
      (JSC::FTL::Location::gpr):
      (JSC::FTL::Location::isFPR):
      (JSC::FTL::Location::fpr):
      (JSC::FTL::Location::restoreInto):
      (WTF::printInternal):
      * ftl/FTLLocation.h: Added.
      (JSC::FTL::Location::Location):
      (JSC::FTL::Location::forRegister):
      (JSC::FTL::Location::forIndirect):
      (JSC::FTL::Location::forConstant):
      (JSC::FTL::Location::kind):
      (JSC::FTL::Location::hasDwarfRegNum):
      (JSC::FTL::Location::dwarfRegNum):
      (JSC::FTL::Location::hasOffset):
      (JSC::FTL::Location::offset):
      (JSC::FTL::Location::hasConstant):
      (JSC::FTL::Location::constant):
      (JSC::FTL::Location::operator!):
      (JSC::FTL::Location::isHashTableDeletedValue):
      (JSC::FTL::Location::operator==):
      (JSC::FTL::Location::hash):
      (JSC::FTL::LocationHash::hash):
      (JSC::FTL::LocationHash::equal):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
      (JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
      * ftl/FTLSaveRestore.cpp:
      (JSC::FTL::bytesForFPRs):
      (JSC::FTL::requiredScratchMemorySizeInBytes):
      (JSC::FTL::offsetOfFPR):
      (JSC::FTL::saveAllRegisters):
      (JSC::FTL::restoreAllRegisters):
      * ftl/FTLSaveRestore.h:
      * ftl/FTLStackMaps.cpp:
      (JSC::FTL::StackMaps::Location::restoreInto):
      * ftl/FTLStackMaps.h:
      * ftl/FTLState.h:
      * ftl/FTLThunks.cpp:
      (JSC::FTL::osrExitGenerationWithoutStackMapThunkGenerator):
      (JSC::FTL::osrExitGenerationWithStackMapThunkGenerator):
      * ftl/FTLThunks.h:
      (JSC::FTL::generateIfNecessary):
      (JSC::FTL::Thunks::getOSRExitGenerationThunk):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157264 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      50cd41c0
  5. 04 Sep, 2013 1 commit
    • fpizlo@apple.com's avatar
      The DFG should be able to tier-up and OSR enter into the FTL · 532f1e51
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112838
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      This adds the ability for the DFG to tier-up into the FTL. This works in both
      of the expected tier-up modes:
              
      Replacement: frequently called functions eventually have their entrypoint
      replaced with one that goes into FTL-compiled code. Note, this will be a
      slow-down for now since we don't yet have LLVM calling convention integration.
              
      OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
              
      This means that if the DFG detects that a function is an FTL candidate, it
      inserts execution counting code similar to the kind that the baseline JIT
      would use. If you trip on a loop count in a loop header that is an OSR
      candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
      OSR almost always also implies future replacement.
              
      OSR entry into the FTL is really cool. It uses a specialized FTL compile of
      the code, where early in the DFG pipeline we replace the original root block
      with an OSR entrypoint block that jumps to the pre-header of the hot loop.
      The OSR entrypoint loads all live state at the loop pre-header using loads
      from a scratch buffer, which gets populated by the runtime's OSR entry
      preparation code (FTL::prepareOSREntry()). This approach appears to work well
      with all of our subsequent optimizations, including prediction propagation,
      CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
      with concurrent compilation: when we hit the tier-up trigger we spawn a
      compilation plan at the bytecode index from which we triggered; once the
      compilation finishes the next trigger will try to enter, at that bytecode
      index. If it can't - for example because the code has moved on to another
      loop - then we just try again. Loops that get hot enough for OSR entry (about
      25,000 iterations) will probably still be running when a concurrent compile
      finishes, so this doesn't appear to be a big problem.
              
      This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
      get a bigger speed-up by adding some more intelligence and tweaking LLVM to
      compile code faster. Those things will happen eventually but this is a good
      start. Probably this code will see more tuning as we get more coverage in the
      FTL JIT, but I'll worry about that in future patches.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::killBlockAndItsContents):
      (JSC::DFG::Graph::killUnreachableBlocks):
      * dfg/DFGGraph.h:
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      (JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
      (JSC::DFG::JITCode::optimizeNextInvocation):
      (JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
      (JSC::DFG::JITCode::optimizeAfterWarmUp):
      (JSC::DFG::JITCode::optimizeSoon):
      (JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
      (JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
      * dfg/DFGJITCode.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGLoopPreHeaderCreationPhase.cpp:
      (JSC::DFG::createPreHeader):
      (JSC::DFG::LoopPreHeaderCreationPhase::run):
      * dfg/DFGLoopPreHeaderCreationPhase.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasUnlinkedLocal):
      (JSC::DFG::Node::unlinkedLocal):
      * dfg/DFGNodeType.h:
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp: Added.
      (JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
      (JSC::DFG::OSREntrypointCreationPhase::run):
      (JSC::DFG::performOSREntrypointCreation):
      * dfg/DFGOSREntrypointCreationPhase.h: Added.
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGPlan.h:
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
      (JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
      (JSC::DFG::TierUpCheckInjectionPhase::run):
      (JSC::DFG::performTierUpCheckInjection):
      * dfg/DFGTierUpCheckInjectionPhase.h: Added.
      * dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLDeferredCompilationCallback.h: Added.
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLCapabilities.h:
      * ftl/FTLForOSREntryJITCode.cpp: Added.
      (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
      (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
      * ftl/FTLForOSREntryJITCode.h: Added.
      (JSC::FTL::ForOSREntryJITCode::entryBuffer):
      (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::countEntryFailure):
      (JSC::FTL::ForOSREntryJITCode::entryFailureCount):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::addWeakReference):
      * ftl/FTLOSREntry.cpp: Added.
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSREntry.h: Added.
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::crashNonTerminal):
      (JSC::FTL::Output::crash):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * interpreter/Register.h:
      (JSC::Register::unboxedDouble):
      * jit/JIT.cpp:
      (JSC::JIT::emitEnterOptimizationCheck):
      * jit/JITCode.cpp:
      (JSC::JITCode::ftlForOSREntry):
      * jit/JITCode.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      * runtime/Options.h:
      * runtime/VM.cpp:
      (JSC::VM::ensureWorklist):
      * runtime/VM.h:
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
              
      Fix marsaglia to check the result instead of printing, and add a second
      version that relies on OSR entry.
      
      * fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
      * fast/js/regress/marsaglia-osr-entry.html: Added.
      * fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
      (marsaglia):
      * fast/js/regress/script-tests/marsaglia.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      532f1e51
  6. 29 Aug, 2013 5 commits
    • fpizlo@apple.com's avatar
      Teach DFG::Worklist and its clients that it may be reused for different kinds of compilations · 6931c476
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120489
      
      Reviewed by Geoffrey Garen.
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we already have a
      DFG compilation but we've also started one or more FTL compilations, then we
      shouldn't get confused. Previously we would have gotten confused because we would
      see an in-process deferred compile (the FTL compile) and also an optimized
      replacement (the DFG code).
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we previously
      did two things in this order: triggered a tier-up compilation from the DFG into
      the FTL, and then jettisoned the DFG code because it exited a bunch, then we
      shouldn't be confused by the presence of an in-process deferred compile (the FTL
      compile). Previously we would have waited for that compile to finish; but the more
      sensible thing to do is to let it complete and then invalidate it, while at the
      same time enqueueing a DFG compile to create a new, more valid, DFG code block.
              
      If the DFG JIT hits a loop OSR entry trigger (into the FTL) and it has already
      triggered an FTL compile for replacement, then it should fire off a second compile
      instead of thinking that it can wait for that one to finish. Or vice-versa. We
      need to allow for two FTL compiles to be enqueued at the same time (one for
      replacement and one for OSR entry in a loop).
              
      Then there's also the problem that DFG::compile() is almost certainly going to be
      the hook for triggering both DFG compiles and the two kinds of FTL compiles, but
      right now there is no way to tell it which one you want.
              
      This fixes these problems and removes a bunch of potential confusion by making the
      key for a compile in the DFG::Worklist be a CompilationMode (one of DFGMode,
      FTLMode, or FTLForOSREntryMode). That mode is also passed to DFG::compile().
              
      Awkwardly, this still leaves us in a no DFG->FTL tier-up situation - so
      DFG::compile() is always passed DFGMode and then it might do an FTL compile if
      possible. Fixing that is a bigger issue for a later changeset.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::checkIfOptimizationThresholdReached):
      * dfg/DFGCompilationKey.cpp: Added.
      (JSC::DFG::CompilationKey::dump):
      * dfg/DFGCompilationKey.h: Added.
      (JSC::DFG::CompilationKey::CompilationKey):
      (JSC::DFG::CompilationKey::operator!):
      (JSC::DFG::CompilationKey::isHashTableDeletedValue):
      (JSC::DFG::CompilationKey::profiledBlock):
      (JSC::DFG::CompilationKey::mode):
      (JSC::DFG::CompilationKey::operator==):
      (JSC::DFG::CompilationKey::hash):
      (JSC::DFG::CompilationKeyHash::hash):
      (JSC::DFG::CompilationKeyHash::equal):
      * dfg/DFGCompilationMode.cpp: Added.
      (WTF::printInternal):
      * dfg/DFGCompilationMode.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::key):
      * dfg/DFGPlan.h:
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::enqueue):
      (JSC::DFG::Worklist::compilationState):
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * dfg/DFGWorklist.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154854 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6931c476
    • fpizlo@apple.com's avatar
      CodeBlock::prepareForExecution() is silly · 1342e7a8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120453
      
      Reviewed by Oliver Hunt.
              
      Instead of saying:
              
          codeBlock->prepareForExecution(stuff, BaselineJIT, more stuff)
              
      we should just say:
              
          JIT::compile(stuff, codeBlock, more stuff);
              
      And similarly for the LLInt and DFG.
              
      This kills a bunch of code, since CodeBlock::prepareForExecution() is just a
      wrapper that uses the JITType argument to call into the appropriate execution
      engine, which is what the user wanted to do in the first place.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntEntrypoint.cpp: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.cpp.
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      (JSC::LLInt::setEntrypoint):
      * llint/LLIntEntrypoint.h: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.h.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154833 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1342e7a8
    • fpizlo@apple.com's avatar
      CodeBlock compilation and installation should be simplified and rationalized · 62b6af85
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120326
      
      Reviewed by Oliver Hunt.
              
      Rolling r154804 back in after fixing no-LLInt build.
              
      Previously Executable owned the code for generating JIT code; you always had
      to go through Executable. But often you also had to go through CodeBlock,
      because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
      So you'd ask CodeBlock to do something, which would dispatch through a
      virtual method that would select the appropriate Executable subtype's method.
      This all meant that the same code would often be duplicated, because most of
      the work needed to compile something was identical regardless of code type.
      But then we tried to fix this, by having templatized helpers in
      ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
      out what happened when you asked for something to be compiled, you'd go on a
      wild ride that started with CodeBlock, touched upon Executable, and then
      ricocheted into either ExecutionHarness or JITDriver (likely both).
              
      Another awkwardness was that for concurrent compiles, the DFG::Worklist had
      super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
      done once the compilation finished.
              
      Also, most of the DFG JIT drivers assumed that they couldn't install the
      JITCode into the CodeBlock directly - instead they would return it via a
      reference, which happened to be a reference to the JITCode pointer in
      Executable. This was super weird.
              
      Finally, there was no notion of compiling code into a special CodeBlock that
      wasn't used for handling calls into an Executable. I'd like this for FTL OSR
      entry.
              
      This patch solves these problems by reducing all of that complexity into just
      three primitives:
              
      - Executable::newCodeBlock(). This gives you a new code block, either for call
        or for construct, and either to serve as the baseline code or the optimized
        code. The new code block is then owned by the caller; Executable doesn't
        register it anywhere. The new code block has no JITCode and isn't callable,
        but it has all of the bytecode.
              
      - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
        produces a JITCode, and then installs the JITCode into the CodeBlock. This
        method takes a JITType, and always compiles with that JIT. If you ask for
        JITCode::InterpreterThunk then you'll get JITCode that just points to the
        LLInt entrypoints. Once this returns, it is possible to call into the
        CodeBlock if you do so manually - but the Executable still won't know about
        it so JS calls to that Executable will still be routed to whatever CodeBlock
        is associated with the Executable.
              
      - Executable::installCode(). This takes a CodeBlock and makes it the code-for-
        entry for that Executable. This involves unlinking the Executable's last
        CodeBlock, if there was one. This also tells the GC about any effect on
        memory usage and does a bunch of weird data structure rewiring, since
        Executable caches some of CodeBlock's fields for the benefit of virtual call
        fast paths.
              
      This functionality is then wrapped around three convenience methods:
              
      - Executable::prepareForExecution(). If there is no code block for that
        Executable, then one is created (newCodeBlock()), compiled
        (CodeBlock::prepareForExecution()) and installed (installCode()).
              
      - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
        can serve as an optimized replacement of the current one.
              
      - CodeBlock::install(). Asks the Executable to install this code block.
              
      This patch allows me to kill *a lot* of code and to remove a lot of
      specializations for functions vs. not-functions, and a lot of places where we
      pass around JITCode references and such. ExecutionHarness and JITDriver are
      both gone. Overall this patch has more red than green.
              
      It also allows me to work on FTL OSR entry and tier-up:
              
      - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
        to do some compilation, but it will require the DFG::Worklist to do
        something different than what JITStubs.cpp would want, once the compilation
        finishes. This patch introduces a callback mechanism for that purpose.
              
      - FTL OSR entry: this will involve creating a special auto-jettisoned
        CodeBlock that is used only for FTL OSR entry. The new set of primitives
        allows for this: Executable can vend you a fresh new CodeBlock, and you can
        ask that CodeBlock to compile itself with any JIT of your choosing. Or you
        can take that CodeBlock and compile it yourself. Previously the act of
        producing a CodeBlock-for-optimization and the act of compiling code for it
        were tightly coupled; now you can separate them and you can create such
        auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::prepareForExecutionImpl):
      (JSC::CodeBlock::prepareForExecution):
      (JSC::CodeBlock::prepareForExecutionAsynchronously):
      (JSC::CodeBlock::install):
      (JSC::CodeBlock::newReplacement):
      (JSC::FunctionCodeBlock::jettisonImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasBaselineJITProfiling):
      * bytecode/DeferredCompilationCallback.cpp: Added.
      (JSC::DeferredCompilationCallback::DeferredCompilationCallback):
      (JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
      * bytecode/DeferredCompilationCallback.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::tryCompile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::notifyReady):
      (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
      (JSC::DFG::Plan::finalizeAndNotifyCallback):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      (JSC::Heap::isDeferred):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Removed.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Added.
      (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::create):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
      * jit/JITToDFGDeferredCompilationCallback.h: Added.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      (JSC::ScriptExecutable::newCodeBlockFor):
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ScriptExecutable::prepareForExecution):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * runtime/ExecutionHarness.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154824 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      62b6af85
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r154804. · ea1f9022
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/154804
      https://bugs.webkit.org/show_bug.cgi?id=120477
      
      Broke Windows build (assumes LLInt features not enabled on
      this build) (Requested by bfulgham on #webkit).
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::reoptimize):
      (JSC::ProgramCodeBlock::replacement):
      (JSC::EvalCodeBlock::replacement):
      (JSC::FunctionCodeBlock::replacement):
      (JSC::ProgramCodeBlock::compileOptimized):
      (JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::EvalCodeBlock::compileOptimized):
      (JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::FunctionCodeBlock::compileOptimized):
      (JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::jitType):
      (JSC::CodeBlock::jitCompile):
      * bytecode/DeferredCompilationCallback.cpp: Removed.
      * bytecode/DeferredCompilationCallback.h: Removed.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::finalize):
      * dfg/DFGPlan.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Added.
      (JSC::jitCompileIfAppropriateImpl):
      (JSC::jitCompileFunctionIfAppropriateImpl):
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Removed.
      * jit/JITToDFGDeferredCompilationCallback.h: Removed.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::jitCompile):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
      * runtime/Executable.h:
      (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
      (JSC::ExecutableBase::offsetOfNumParametersFor):
      (JSC::ExecutableBase::catchRoutineFor):
      (JSC::EvalExecutable::compile):
      (JSC::ProgramExecutable::compile):
      (JSC::FunctionExecutable::compileForCall):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC::prepareForExecutionImpl):
      (JSC::prepareFunctionForExecutionImpl):
      (JSC::installOptimizedCode):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      (JSC::replaceWithDeferredOptimizedCode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154814 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea1f9022
    • fpizlo@apple.com's avatar
      CodeBlock compilation and installation should be simplified and rationalized · 4ea262e2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120326
      
      Reviewed by Oliver Hunt.
              
      Previously Executable owned the code for generating JIT code; you always had
      to go through Executable. But often you also had to go through CodeBlock,
      because ScriptExecutable couldn't have virtual methods, but CodeBlock could.
      So you'd ask CodeBlock to do something, which would dispatch through a
      virtual method that would select the appropriate Executable subtype's method.
      This all meant that the same code would often be duplicated, because most of
      the work needed to compile something was identical regardless of code type.
      But then we tried to fix this, by having templatized helpers in
      ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find
      out what happened when you asked for something to be compiled, you'd go on a
      wild ride that started with CodeBlock, touched upon Executable, and then
      ricocheted into either ExecutionHarness or JITDriver (likely both).
              
      Another awkwardness was that for concurrent compiles, the DFG::Worklist had
      super-special inside knowledge of what JITStubs.cpp's cti_optimize would have
      done once the compilation finished.
              
      Also, most of the DFG JIT drivers assumed that they couldn't install the
      JITCode into the CodeBlock directly - instead they would return it via a
      reference, which happened to be a reference to the JITCode pointer in
      Executable. This was super weird.
              
      Finally, there was no notion of compiling code into a special CodeBlock that
      wasn't used for handling calls into an Executable. I'd like this for FTL OSR
      entry.
              
      This patch solves these problems by reducing all of that complexity into just
      three primitives:
              
      - Executable::newCodeBlock(). This gives you a new code block, either for call
        or for construct, and either to serve as the baseline code or the optimized
        code. The new code block is then owned by the caller; Executable doesn't
        register it anywhere. The new code block has no JITCode and isn't callable,
        but it has all of the bytecode.
              
      - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and
        produces a JITCode, and then installs the JITCode into the CodeBlock. This
        method takes a JITType, and always compiles with that JIT. If you ask for
        JITCode::InterpreterThunk then you'll get JITCode that just points to the
        LLInt entrypoints. Once this returns, it is possible to call into the
        CodeBlock if you do so manually - but the Executable still won't know about
        it so JS calls to that Executable will still be routed to whatever CodeBlock
        is associated with the Executable.
              
      - Executable::installCode(). This takes a CodeBlock and makes it the code-for-
        entry for that Executable. This involves unlinking the Executable's last
        CodeBlock, if there was one. This also tells the GC about any effect on
        memory usage and does a bunch of weird data structure rewiring, since
        Executable caches some of CodeBlock's fields for the benefit of virtual call
        fast paths.
              
      This functionality is then wrapped around three convenience methods:
              
      - Executable::prepareForExecution(). If there is no code block for that
        Executable, then one is created (newCodeBlock()), compiled
        (CodeBlock::prepareForExecution()) and installed (installCode()).
              
      - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that
        can serve as an optimized replacement of the current one.
              
      - CodeBlock::install(). Asks the Executable to install this code block.
              
      This patch allows me to kill *a lot* of code and to remove a lot of
      specializations for functions vs. not-functions, and a lot of places where we
      pass around JITCode references and such. ExecutionHarness and JITDriver are
      both gone. Overall this patch has more red than green.
              
      It also allows me to work on FTL OSR entry and tier-up:
              
      - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist
        to do some compilation, but it will require the DFG::Worklist to do
        something different than what JITStubs.cpp would want, once the compilation
        finishes. This patch introduces a callback mechanism for that purpose.
              
      - FTL OSR entry: this will involve creating a special auto-jettisoned
        CodeBlock that is used only for FTL OSR entry. The new set of primitives
        allows for this: Executable can vend you a fresh new CodeBlock, and you can
        ask that CodeBlock to compile itself with any JIT of your choosing. Or you
        can take that CodeBlock and compile it yourself. Previously the act of
        producing a CodeBlock-for-optimization and the act of compiling code for it
        were tightly coupled; now you can separate them and you can create such
        auto-jettisoned CodeBlocks that are used for a one-shot OSR entry.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::prepareForExecution):
      (JSC::CodeBlock::install):
      (JSC::CodeBlock::newReplacement):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasBaselineJITProfiling):
      * bytecode/DeferredCompilationCallback.cpp: Added.
      (JSC::DeferredCompilationCallback::DeferredCompilationCallback):
      (JSC::DeferredCompilationCallback::~DeferredCompilationCallback):
      * bytecode/DeferredCompilationCallback.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::tryCompile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGFailedFinalizer.cpp:
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      * dfg/DFGJITFinalizer.h:
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
      (JSC::DFG::Plan::finalizeAndNotifyCallback):
      * dfg/DFGPlan.h:
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h:
      * heap/Heap.h:
      (JSC::Heap::isDeferred):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JITDriver.h: Removed.
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * jit/JITToDFGDeferredCompilationCallback.cpp: Added.
      (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback):
      (JSC::JITToDFGDeferredCompilationCallback::create):
      (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
      * jit/JITToDFGDeferredCompilationCallback.h: Added.
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::setUpCall):
      * runtime/ArrayPrototype.cpp:
      (JSC::isNumericCompareFunction):
      * runtime/CommonSlowPaths.cpp:
      * runtime/CompilationResult.cpp:
      (WTF::printInternal):
      * runtime/CompilationResult.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      (JSC::ScriptExecutable::newCodeBlockFor):
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      * runtime/Executable.h:
      (JSC::ScriptExecutable::prepareForExecution):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      * runtime/ExecutionHarness.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154804 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4ea262e2
  7. 07 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG FixupPhase should insert Int32ToDouble nodes for number uses in NewArray,... · ed63054a
      fpizlo@apple.com authored
      DFG FixupPhase should insert Int32ToDouble nodes for number uses in NewArray, and SpeculativeJIT 64-bit should not try to coerce integer constants to double constants
      https://bugs.webkit.org/show_bug.cgi?id=119528
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Either of the two fixes would solve the crash I saw. Basically, for best performance, we want the DFG register allocator to track double uses and non-double
      uses of a node separately, and we accomplish this by inserting Int32ToDouble nodes in the FixupPhase. But even if FixupPhase fails to do this, we still want
      the DFG register allocator to do the right thing: if it encounters a double use of an integer, it should perform a conversion and preserve the original
      format of the value (namely, that it was an integer). For constants, the best format to preserve is None, so that future integer uses rematerialize the int
      from scratch. This only affects the 64-bit backend; the 32-bit backend was already doing the right thing.
      
      This also fixes some more debug dumping code, and adds some stronger assertions for integer arrays.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::finalizeUnconditionally):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      * runtime/JSObject.h:
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      
      LayoutTests: 
      
      * fast/js/dfg-new-array-double-const-then-int-const.html: Added.
      * fast/js/dfg-new-array-double-const-then-int-const-expected.txt: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-new-array-double-const-then-int-const.js: Added.
      (bar):
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153778 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ed63054a
  8. 30 Jul, 2013 1 commit
    • carlosgc@webkit.org's avatar
      Unreviewed. Fix make distcheck. · 13f6daf2
      carlosgc@webkit.org authored
      Source/JavaScriptCore:
      
      * GNUmakefile.list.am: Add missing files to compilation.
      * bytecode/CodeBlock.cpp: Add a ENABLE(FTL_JIT) #if block to
      include FTL header files not included in the compilation.
      * dfg/DFGDriver.cpp: Ditto.
      * dfg/DFGPlan.cpp: Ditto.
      
      Source/ThirdParty/ANGLE:
      
      * GNUmakefile.am: Add missing header files to compilation.
      
      Source/WebCore:
      
      * GNUmakefile.list.am: Add missing header file to compilation.
      
      Source/WebKit2:
      
      * GNUmakefile.list.am: Add missing header file to compilation.
      
      Source/WTF:
      
      * GNUmakefile.list.am: Add missing files to compilation.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153460 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      13f6daf2
  9. 25 Jul, 2013 13 commits
    • oliver@apple.com's avatar
      fourthTier: DFG should have switch_char · 9e1c8098
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117710
      
      Source/JavaScriptCore:
      
      Reviewed by Michael Saboff.
      
      Add op_switch_char. Most of this is fairly simple, except for the whole
      LazyJSValue thing.
      
      It's long been the case that anytime you wanted the DFG to speak of a string
      that didn't appear in the constant pool, you would have a hard time since
      the DFG isn't allowed to allocate in the GC heap. For example, if you know
      that you want to speak of a single character string, you might find that
      the one you wanted to speak of had been GC'd. Another example is if you
      wanted to add constant folding for string concatenation - something we don't
      have yet but will want eventually.
      
      I solve this by finally adding the notion of LazyJSValue. In the future I
      anticipate using this for a variety of string-related things. The idea here
      is that the DFG can either say that it already knows what the value is, or
      it can describe the value. For example, in this patch I needed to be able to
      describe single-character strings.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::CodeBlock):
      * bytecode/JumpTable.h:
      * dfg/DFGBackwardsPropagationPhase.cpp:
      (JSC::DFG::BackwardsPropagationPhase::propagate):
      * dfg/DFGByteCodeParser.cpp:
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::capabilityLevel):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGPRInfo.h:
      (JSC::DFG::JSValueRegs::payloadGPR):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::jumpTable):
      (DFG):
      (JSC::DFG::JITCompiler::numberOfJumpTables):
      (JSC::DFG::JITCompiler::linkSwitches):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      * dfg/DFGLazyJSValue.cpp: Added.
      (DFG):
      (JSC::DFG::LazyJSValue::getValue):
      (JSC::DFG::equalToSingleCharacter):
      (JSC::DFG::LazyJSValue::strictEqual):
      (JSC::DFG::LazyJSValue::dump):
      * dfg/DFGLazyJSValue.h: Added.
      (DFG):
      (LazyJSValue):
      (JSC::DFG::LazyJSValue::LazyJSValue):
      (JSC::DFG::LazyJSValue::singleCharacterString):
      (JSC::DFG::LazyJSValue::tryGetValue):
      (JSC::DFG::LazyJSValue::value):
      (JSC::DFG::LazyJSValue::character):
      (JSC::DFG::LazyJSValue::switchLookupValue):
      * dfg/DFGNode.h:
      (JSC::DFG::SwitchCase::SwitchCase):
      (SwitchCase):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
      (JSC::DFG::SpeculativeJIT::emitSwitchImmIntJump):
      (DFG):
      (JSC::DFG::SpeculativeJIT::emitSwitchImm):
      (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
      (JSC::DFG::SpeculativeJIT::emitSwitchChar):
      (JSC::DFG::SpeculativeJIT::emitSwitch):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      
      Source/WTF:
      
      Reviewed by Michael Saboff.
      
      I wanted to be able to say stringImpl->at(index), and now I can!
      
      Also made it possible to convert a UChar to a utf8 CString without
      allocating a StringImpl.
      
      * wtf/text/StringImpl.cpp:
      (WTF::StringImpl::utf8Impl):
      (WTF):
      (WTF::StringImpl::utf8ForCharacters):
      (WTF::StringImpl::utf8ForRange):
      * wtf/text/StringImpl.h:
      (StringImpl):
      (WTF::StringImpl::at):
      (WTF::StringImpl::operator[]):
      
      LayoutTests:
      
      Rubber stamped by Mark Hahnenberg.
      
      * fast/js/regress/script-tests/switch-char-constant.js: Added.
      (foo):
      (bar):
      * fast/js/regress/script-tests/switch-char.js: Added.
      (foo):
      (bar):
      * fast/js/regress/switch-char-constant-expected.txt: Added.
      * fast/js/regress/switch-char-constant.html: Added.
      * fast/js/regress/switch-char-expected.txt: Added.
      * fast/js/regress/switch-char.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153234 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9e1c8098
    • oliver@apple.com's avatar
      fourthTier: Concurrent JIT shouldn't try to recompute the CodeBlockHash as... · acdde49f
      oliver@apple.com authored
      fourthTier: Concurrent JIT shouldn't try to recompute the CodeBlockHash as part of debug dumps, since doing so may fail if dealing with a CachedScript that doesn't have its script string handy
      https://bugs.webkit.org/show_bug.cgi?id=117676
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore:
      
      CodeBlock now caches m_hash, and the DFG Driver will force its computation if we're doing debug dumps of any kind.
      
      Also made sure that CodeBlock::CodeBlock initializes all of its fields; it was previously missing the
      initialization of m_capabilityLevelState.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::hash):
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/CodeBlockHash.cpp:
      (JSC::CodeBlockHash::CodeBlockHash):
      * bytecode/CodeBlockHash.h:
      (CodeBlockHash):
      (JSC::CodeBlockHash::isSet):
      (JSC::CodeBlockHash::operator!):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      
      Source/WebCore:
      
      Remove the broken hack for the concurrent JIT, since now the concurrent JIT won't use this code anymore.
      
      No new tests because no new behavior.
      
      * loader/cache/CachedScript.cpp:
      (WebCore::CachedScript::script):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153227 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      acdde49f
    • oliver@apple.com's avatar
      fourthTier: rationalize DFG::CapabilityLevel and DFGCapabilities.[h|cpp] · 07f66d4a
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=116696
      
      Reviewed by Sam Weinig.
      
      Make it so that all capability calculation is funneled through one function, which tells
      you everything you wanted to know: can it be inlined, and can it be compiled.
      
      This work will help with https://bugs.webkit.org/show_bug.cgi?id=116557, since now the
      JIT has a fairly authoritative answer to the "can it be inlined" question.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::ProgramCodeBlock::capabilityLevelInternal):
      (JSC::EvalCodeBlock::capabilityLevelInternal):
      (JSC::FunctionCodeBlock::capabilityLevelInternal):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::capabilityLevel):
      (JSC::CodeBlock::capabilityLevelState):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::debugFail):
      (DFG):
      (JSC::DFG::canInlineResolveOperations):
      (JSC::DFG::capabilityLevel):
      * dfg/DFGCapabilities.h:
      (DFG):
      (JSC::DFG::capabilityLevel):
      (JSC::DFG::evalCapabilityLevel):
      (JSC::DFG::programCapabilityLevel):
      (JSC::DFG::functionForCallCapabilityLevel):
      (JSC::DFG::functionForConstructCapabilityLevel):
      (JSC::DFG::canInlineFunctionForCall):
      (JSC::DFG::canInlineFunctionForClosureCall):
      (JSC::DFG::canInlineFunctionForConstruct):
      * dfg/DFGCommon.h:
      (JSC::DFG::canCompile):
      (DFG):
      (JSC::DFG::canInline):
      (JSC::DFG::leastUpperBound):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::sample):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153179 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      07f66d4a
    • oliver@apple.com's avatar
      fourthTier: Rename getJITCode and getJITType to jitCode and jitType. · 5a24fdda
      oliver@apple.com authored
      Rubber stampted by Mark Hahnenberg.
      
      * assembler/RepatchBuffer.h:
      (JSC::RepatchBuffer::RepatchBuffer):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::resetStubInternal):
      (JSC::CodeBlock::stronglyVisitWeakReferences):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::codeOriginForReturn):
      (JSC::ProgramCodeBlock::compileOptimized):
      (JSC::EvalCodeBlock::compileOptimized):
      (JSC::FunctionCodeBlock::compileOptimized):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      (JSC::CodeBlock::adjustedExitCountThreshold):
      (JSC::CodeBlock::tallyFrequentExitSites):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::getCallLinkInfo):
      (JSC::CodeBlock::jitCode):
      (JSC::CodeBlock::jitCodeWithArityCheck):
      (JSC::CodeBlock::jitType):
      (JSC::CodeBlock::hasBaselineJITProfiling):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      (JSC::ExecState::isInlineCallFrame):
      * dfg/DFGAssemblyHelpers.cpp:
      (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::codeLocationForRepatch):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::reifyInlinedCallFrames):
      (JSC::DFG::adjustAndJumpToTarget):
      * dfg/DFGOperations.cpp:
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * ftl/FTLOSRExit.cpp:
      (JSC::FTL::OSRExit::codeLocationForRepatch):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileFTLOSRExit):
      * heap/DFGCodeBlocks.cpp:
      (JSC::DFGCodeBlocks::~DFGCodeBlocks):
      (JSC::DFGCodeBlocks::jettison):
      (JSC::DFGCodeBlocks::clearMarks):
      (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
      (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
      * interpreter/Interpreter.cpp:
      (JSC::getLineNumberForCallFrame):
      (JSC::getCallerInfo):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriateImpl):
      (JSC::jitCompileFunctionIfAppropriateImpl):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jettisonOptimizedCode):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::sample):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153177 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5a24fdda
    • oliver@apple.com's avatar
      fourthTier: DFG should be able to run on a separate thread · 284cc3d6
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112839
      
      Source/JavaScriptCore:
      
      Reviewed by Geoffrey Garen.
      
      This is the final bit of concurrent JITing. The idea is that there is a
      single global worklist, and a single global thread, that does all
      optimizing compilation. This is the DFG::Worklist. It contains a queue of
      DFG::Plans, and a map from CodeBlock* (the baseline code block we're
      trying to optimize) to DFG::Plan. If the DFGDriver tries to concurrently
      compile something, it puts the Plan on the Worklist. The Worklist's
      thread will compile that Plan eventually, and when it's done, it will
      signal its completion by (1) notifying anyone waiting for the Worklist to
      be done, and (2) forcing the CodeBlock::m_jitExecuteCounter to take slow
      path. The next Baseline JIT cti_optimize call will then install all ready
      (i.e. compiled) Plans for that VM. Note that (1) is only for the GC and
      VM shutdown, which will want to ensure that there aren't any outstanding
      async compilations before proceeding. They do so by simply waiting for
      all of the plans for the current VM to complete. (2) is the actual way
      that code typically gets installed.
      
      This is all very racy by design. For example, just as we try to force the
      execute counter to take slow path, the main thread may be setting the
      execute counter to some other value. The main thread must set it to
      another value because (a) JIT code is constantly incrementing the counter
      in a racy way, (b) the cti_optimize slow path will set it to some
      large-ish negative value to ensure that cti_optimize isn't called
      repeatedly, and (c) OSR exits from previously jettisoned code blocks may
      still want to reset the counter values. This "race" is made benign, by
      ensuring that while there is an asynchronous compilation, we at worse set
      the counter to optimizeAfterWarmUp and never to deferIndefinitely. Hence
      if the race happens then the worst case is that we wait another ~1000
      counts before installing the optimized code. Another defense is that if
      any CodeBlock calls into cti_optimize, then it will check for all ready
      plans for the VM - so even if a code block has to wait another ~1000
      executions before it calls cti_optimize to do the installation, it may
      actually end up being installed sooner because a different code block had
      called cti_optimize, potentially for an unrelated reason.
      
      Special care is taken to ensure that installing plans informs the GC
      about the increased memory usage, but also ensures that we don't recurse
      infinitely - since at start of GC we try to install outstanding plans.
      This is done by introducing a new GC deferral mechanism (the DeferGC
      block-scoped thingy), which will ensure that GCs don't happen in the
      scope but are allowed to happen after. This still leaves the strange
      corner case that cti_optimize may install outstanding plans, then GC, and
      that GC may jettison the code block that was installed. This, and the
      fact that the plan that we took slow path to install could have been a
      failed or invalid compile, mean that we have to take special precautions
      in cti_optimize.
      
      This patch also fixes a number of small concurrency bugs that I found
      when things started running. There are probably more of those bugs still
      left to fix. This patch just fixes the ones I know about.
      
      Concurrent compilation is right now only enabled on X86_64 Mac. We need
      platforms that are sufficiently CAStastic so that we can do the various
      memory fence and CAS tricks that make this safe. We also need a platform
      that uses JSVALUE64. And we need pthread_once. So, that pretty much means
      just X64_64 for now. Enabling Linux-64_64 should be a breeze, but I'll
      leave that up to the Qt and GTK+ ports to do at their discretion.
      
      This is a solid speed-up on SunSpider (8-9%) and V8Spider (16%), our two
      main compile-time benchmarks. Most peculiarly, this also appears to
      reduce measurement noise, rather than increasing it as you would have
      expected. I don't understand that result but I like it anyway. On the
      other hand, this is a slight (1%) slow-down on V8v7. I will continue to
      investigate this but I think that the results are already good enough
      that we should land this as-is. So far, it appears that the slow-down is
      due to this breaking the don't-compile-inlineables heuristics. See
      investigation in https://bugs.webkit.org/show_bug.cgi?id=116556 and the
      bug https://bugs.webkit.org/show_bug.cgi?id=116557.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::resetStubInternal):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::optimizationThresholdScalingFactor):
      (JSC::CodeBlock::checkIfOptimizationThresholdReached):
      (JSC::CodeBlock::optimizeNextInvocation):
      (JSC::CodeBlock::dontOptimizeAnytimeSoon):
      (JSC::CodeBlock::optimizeAfterWarmUp):
      (JSC::CodeBlock::optimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeSoon):
      (JSC::CodeBlock::forceOptimizationSlowPathConcurrently):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      (JSC::CodeBlock::updateAllArrayPredictions):
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::jitCompile):
      * bytecode/CodeBlockLock.h:
      (JSC):
      * bytecode/ExecutionCounter.cpp:
      (JSC::ExecutionCounter::forceSlowPathConcurrently):
      (JSC):
      (JSC::ExecutionCounter::setThreshold):
      * bytecode/ExecutionCounter.h:
      (ExecutionCounter):
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getArrayMode):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      * dfg/DFGCommon.h:
      (JSC::DFG::enableConcurrentJIT):
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::key):
      (DFG):
      * dfg/DFGPlan.h:
      (DFG):
      (Plan):
      * dfg/DFGWorklist.cpp: Added.
      (DFG):
      (JSC::DFG::Worklist::Worklist):
      (JSC::DFG::Worklist::~Worklist):
      (JSC::DFG::Worklist::finishCreation):
      (JSC::DFG::Worklist::create):
      (JSC::DFG::Worklist::enqueue):
      (JSC::DFG::Worklist::compilationState):
      (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
      (JSC::DFG::Worklist::removeAllReadyPlansForVM):
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::completeAllPlansForVM):
      (JSC::DFG::Worklist::queueLength):
      (JSC::DFG::Worklist::dump):
      (JSC::DFG::Worklist::runThread):
      (JSC::DFG::Worklist::threadFunction):
      (JSC::DFG::initializeGlobalWorklistOnce):
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h: Added.
      (DFG):
      (Worklist):
      * heap/CopiedSpaceInlines.h:
      (JSC::CopiedSpace::allocateBlock):
      * heap/DeferGC.h: Added.
      (JSC):
      (DeferGC):
      (JSC::DeferGC::DeferGC):
      (JSC::DeferGC::~DeferGC):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::reportExtraMemoryCostSlowCase):
      (JSC::Heap::collectAllGarbage):
      (JSC::Heap::collect):
      (JSC::Heap::collectIfNecessaryOrDefer):
      (JSC):
      (JSC::Heap::incrementDeferralDepth):
      (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::isCollecting):
      (JSC):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * profiler/ProfilerBytecodes.h:
      * runtime/ConcurrentJITLock.h: Added.
      (JSC):
      * runtime/ExecutionHarness.h:
      (JSC::replaceWithDeferredOptimizedCode):
      * runtime/JSSegmentedVariableObject.cpp:
      (JSC::JSSegmentedVariableObject::findRegisterIndex):
      (JSC::JSSegmentedVariableObject::addRegisters):
      * runtime/JSSegmentedVariableObject.h:
      (JSSegmentedVariableObject):
      * runtime/Options.h:
      (JSC):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureInlines.h:
      (JSC::Structure::propertyTable):
      * runtime/SymbolTable.h:
      (SymbolTable):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::VM::~VM):
      (JSC::VM::prepareToDiscardCode):
      (JSC):
      (JSC::VM::discardAllCode):
      (JSC::VM::releaseExecutableMemory):
      * runtime/VM.h:
      (DFG):
      (VM):
      
      Source/WTF:
      
      Reviewed by Geoffrey Garen.
      
      * wtf/ByteSpinLock.h:
      Make it non-copyable. We previously had bugs where we used ByteSpinLock as a locker.
      Clearly that's bad.
      
      * wtf/MetaAllocatorHandle.h:
      Make it thread-safe ref-counted, since we may now be passing them between the
      concurrent JIT thread and the main thread.
      
      * wtf/Vector.h:
      (WTF::Vector::takeLast):
      I've wanted this method for ages, and now I finally added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153169 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      284cc3d6
    • oliver@apple.com's avatar
      fourthTier: Executable and CodeBlock should be aware of DFG::Plans that complete asynchronously · 75afc4f8
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=116350
      
      Reviewed by Oliver Hunt.
      
      This refactors compilation so that:
      
      - JITStubs knows exactly what the result of compilation was. For example, if
        compilation was deferred, it will now know this.
      
      - The set of things that has to happen to install compiled code is now factored
        out into JSC::installOptimizedCode().
      
      - A bunch of the code in Executable.cpp is now made more common to reduce code
        duplication. For example, the heap heuristics stuff is now in one place.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::ProgramCodeBlock::compileOptimized):
      (JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC):
      (JSC::EvalCodeBlock::compileOptimized):
      (JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::FunctionCodeBlock::compileOptimized):
      (JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::jitCompile):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * dfg/DFGDesiredIdentifiers.cpp:
      (JSC::DFG::DesiredIdentifiers::numberOfIdentifiers):
      (DFG):
      (JSC::DFG::DesiredIdentifiers::at):
      * dfg/DFGDesiredIdentifiers.h:
      (JSC):
      (DesiredIdentifiers):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      (DFG):
      * dfg/DFGDriver.h:
      (DFG):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      (JSC::DFG::tryFinalizePlan):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::reallyAdd):
      * dfg/DFGPlan.h:
      (JSC):
      (Plan):
      (DFG):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriateImpl):
      (JSC::jitCompileFunctionIfAppropriateImpl):
      (JSC):
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * runtime/CompilationResult.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * runtime/CompilationResult.h: Added.
      (JSC):
      (WTF):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::jitCompile):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
      (JSC):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
      * runtime/Executable.h:
      (ScriptExecutable):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecutionImpl):
      (JSC::prepareFunctionForExecutionImpl):
      (JSC):
      (JSC::installOptimizedCode):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      (JSC::replaceWithDeferredOptimizedCode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153165 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      75afc4f8
    • oliver@apple.com's avatar
      fourthTier: DFG should separate link phase into things that must be done... · 90fce824
      oliver@apple.com authored
      fourthTier: DFG should separate link phase into things that must be done concurrently and things that must be done synchronously, and have a way of passing data from one to the other
      https://bugs.webkit.org/show_bug.cgi?id=116060
      
      Reviewed by Gavin Barraclough.
      
      This introduces the concept of a DFG::Plan, which corresponds to:
      
      - The data that the concurrent DFG or FTL need to start compiling a CodeBlock.
        This mostly includes basic things like CodeBlock*, but also a list of
        must-handle values for OSR entry.
      
      - The data that the synchronous linker need to link in code compiled by a
        concurrent compilation thread. This is further encapsulated by DFG::Finalizer,
        since the data, and the actions that need to be taken, are different in DFG
        versus FTL. This patch also institutes the policy that the concurrent
        compilation thread shall not use LinkBuffer::performFinalization(), since that
        code assumes that it's running on the same thread that will actually run the
        code.
      
      - The actions that need to be taken to compile code. In other words, most of the
        code that previously lived in DFGDriver.cpp now lives in
        DFG::Plan::compileInThread().
      
      - The actions that need to be taken when synchronously linking the code. This
        includes "really" adding watchpoints and identifiers, checking watchpoint and
        chain validity, and running the DFG::Finalizer.
      
      Currently, DFGDriver just creates a Plan and runs it synchronously. But in the
      future, we will be able to malloc some Plans and enqueue them, and have the
      concurrent thread dequeue them and call Plan::compileInThread().
      
      For now, this has no behavior or performance change.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::performFinalization):
      * assembler/LinkBuffer.h:
      (LinkBuffer):
      (JSC::LinkBuffer::LinkBuffer):
      (JSC::LinkBuffer::~LinkBuffer):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::setFuturePossibleStructure):
      (JSC::DFG::AbstractValue::filterFuturePossibleStructure):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
      * dfg/DFGDriver.cpp:
      (DFG):
      (JSC::DFG::compile):
      * dfg/DFGFailedFinalizer.cpp: Added.
      (DFG):
      (JSC::DFG::FailedFinalizer::FailedFinalizer):
      (JSC::DFG::FailedFinalizer::~FailedFinalizer):
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h: Added.
      (DFG):
      (FailedFinalizer):
      * dfg/DFGFinalizer.cpp: Added.
      (DFG):
      (JSC::DFG::Finalizer::Finalizer):
      (JSC::DFG::Finalizer::~Finalizer):
      * dfg/DFGFinalizer.h: Added.
      (DFG):
      (Finalizer):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      (DFG):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::masqueradesAsUndefinedWatchpointIsStillValid):
      (JSC::DFG::Graph::compilation):
      (JSC::DFG::Graph::identifiers):
      (JSC::DFG::Graph::watchpoints):
      (JSC::DFG::Graph::chains):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      (JSC::DFG::JITCompiler::linkFunction):
      (DFG):
      (JSC::DFG::JITCompiler::disassemble):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      (JSC::DFG::JITCompiler::addLazily):
      * dfg/DFGJITFinalizer.cpp: Added.
      (DFG):
      (JSC::DFG::JITFinalizer::JITFinalizer):
      (JSC::DFG::JITFinalizer::~JITFinalizer):
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGJITFinalizer.h: Added.
      (DFG):
      (JITFinalizer):
      * dfg/DFGPlan.cpp: Added.
      (DFG):
      (JSC::DFG::dumpAndVerifyGraph):
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::~Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::isStillValid):
      (JSC::DFG::Plan::reallyAdd):
      (JSC::DFG::Plan::finalize):
      * dfg/DFGPlan.h: Added.
      (DFG):
      (Plan):
      (JSC::DFG::Plan::vm):
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::identifierUID):
      (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
      * dfg/DFGTypeCheckHoistingPhase.cpp:
      (JSC::DFG::TypeCheckHoistingPhase::run):
      * ftl/FTLGeneratedFunction.h: Added.
      (FTL):
      * ftl/FTLJITFinalizer.cpp: Added.
      (FTL):
      (JSC::FTL::JITFinalizer::JITFinalizer):
      (JSC::FTL::JITFinalizer::~JITFinalizer):
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h: Added.
      (FTL):
      (JITFinalizer):
      (JSC::FTL::JITFinalizer::initializeExitThunksLinkBuffer):
      (JSC::FTL::JITFinalizer::initializeEntrypointLinkBuffer):
      (JSC::FTL::JITFinalizer::initializeCode):
      (JSC::FTL::JITFinalizer::initializeFunction):
      (JSC::FTL::JITFinalizer::initializeArityCheck):
      (JSC::FTL::JITFinalizer::initializeJITCode):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLink.h:
      (FTL):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * ftl/FTLState.h:
      (FTL):
      (State):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153161 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      90fce824
    • oliver@apple.com's avatar
      fourthTier: DFG::ByteCodeParser doesn't need ExecState* · e571c18d
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=115582
      
      Reviewed by Geoffrey Garen.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (ByteCodeParser):
      (JSC::DFG::parse):
      * dfg/DFGByteCodeParser.h:
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153144 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e571c18d
    • oliver@apple.com's avatar
      fourthTier: ASSERT that commonly used not-thread-safe methods in the runtime... · 634a76a2
      oliver@apple.com authored
      fourthTier: ASSERT that commonly used not-thread-safe methods in the runtime are not being called during compilation
      https://bugs.webkit.org/show_bug.cgi?id=115297
      
      Source/JavaScriptCore:
      
      Reviewed by Geoffrey Garen.
      
      Put in assertions that we're not doing bad things in compilation threads. Also
      factored compilation into compile+link so that even though we don't yet have
      concurrent compilation, we can be explicit about which parts of DFG work are
      meant to be concurrent, and which aren't.
      
      Also fix a handful of bugs found by these assertions.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      * bytecode/Watchpoint.cpp:
      (JSC::WatchpointSet::add):
      (JSC::InlineWatchpointSet::inflateSlow):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::~JITCompiler):
      (DFG):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compileFunction):
      (JSC::DFG::JITCompiler::linkFunction):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      * ftl/FTLCompile.cpp:
      (JSC::FTL::compile):
      * ftl/FTLCompile.h:
      (FTL):
      * ftl/FTLLink.cpp: Added.
      (FTL):
      (JSC::FTL::compileEntry):
      (JSC::FTL::link):
      * ftl/FTLLink.h: Added.
      (FTL):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * ftl/FTLState.h:
      (FTL):
      (State):
      * runtime/Structure.cpp:
      (JSC::Structure::get):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      
      Source/WTF:
      
      Reviewed by Geoffrey Garen.
      
      Taught WTF the notion of compilation threads. This allows all parts of our stack
      to assert that we're not being called from a JSC compilation thread. This is in
      WTF because it will probably end up being used in StringImpl and WTFString.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/CompilationThread.cpp: Added.
      (WTF):
      (WTF::initializeCompilationThreadsOnce):
      (WTF::initializeCompilationThreads):
      (WTF::isCompilationThread):
      (WTF::exchangeIsCompilationThread):
      * wtf/CompilationThread.h: Added.
      (WTF):
      (CompilationScope):
      (WTF::CompilationScope::CompilationScope):
      (WTF::CompilationScope::~CompilationScope):
      (WTF::CompilationScope::leaveEarly):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153134 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      634a76a2
    • oliver@apple.com's avatar
      fourthTier: It should be possible to query WatchpointSets, and add... · 9397e00c
      oliver@apple.com authored
      fourthTier: It should be possible to query WatchpointSets, and add Watchpoints, even if the compiler is running in another thread
      https://bugs.webkit.org/show_bug.cgi?id=114909
      
      Source/JavaScriptCore:
      
      Reviewed by Oliver Hunt.
      
      The idea here is that a concurrent compiler will use watchpoint sets as follows:
      
      During concurrent compilation: It will create Watchpoints, and query WatchpointSets only
      for the purpose of profiling. That is, it will use decide whether it is profitable to
      compile the code "as if" the watchpoint sets are valid.
      
      During synchronous linking: By "linking" I don't necessarily mean the LinkBuffer stuff,
      but just the very bitter end of compilation where we make the JIT code callable. This
      can happen after LinkBuffer stuff. Anyway, this will have to happen synchronously, and
      at that point we can (a) check that all WatchpointSets that we assumed were valid are
      still valid and (b) if they are then we add the watchpoints to those sets. If any of the
      sets are invalid, we give up on this compilation and try again later.
      
      The querying of WatchpointSets is engineered to say that the set is still valid if it
      is so *right now*, but this is done in a racy way and so it may say so spuriously: we
      may, with hopefully low probability, have a set that says it is valid even though it was
      just invalidated. The goal is only to ensure that (i) a set never claims to be invalid
      if it is actually valid, (ii) a set doesn't claim to be valid if it was invalidated
      before compilation even began, and (iii) querying the validity of a set doesn't cause us
      to crash.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Watchpoint.cpp:
      (JSC::InlineWatchpointSet::inflateSlow):
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      (InlineWatchpointSet):
      (JSC::InlineWatchpointSet::hasBeenInvalidated):
      (JSC::InlineWatchpointSet::isThin):
      (JSC::InlineWatchpointSet::isFat):
      (JSC::InlineWatchpointSet::fat):
      * dfg/DFGDesiredWatchpoints.cpp: Added.
      (DFG):
      (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
      (JSC::DFG::DesiredWatchpoints::~DesiredWatchpoints):
      (JSC::DFG::DesiredWatchpoints::addLazily):
      (JSC::DFG::DesiredWatchpoints::reallyAdd):
      (JSC::DFG::DesiredWatchpoints::areStillValid):
      * dfg/DFGDesiredWatchpoints.h: Added.
      (DFG):
      (JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet):
      (WatchpointForGenericWatchpointSet):
      (GenericDesiredWatchpoints):
      (JSC::DFG::GenericDesiredWatchpoints::GenericDesiredWatchpoints):
      (JSC::DFG::GenericDesiredWatchpoints::addLazily):
      (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
      (JSC::DFG::GenericDesiredWatchpoints::areStillValid):
      (DesiredWatchpoints):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addLazily):
      (JITCompiler):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * ftl/FTLCompile.cpp:
      (JSC::FTL::compile):
      * ftl/FTLCompile.h:
      (FTL):
      * ftl/FTLState.h:
      (State):
      * runtime/JSFunction.h:
      (JSFunction):
      (JSC::JSFunction::allocationProfileWatchpointSet):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::transitionWatchpointSet):
      
      Source/WTF:
      
      Reviewed by Oliver Hunt.
      
      Harden our notions of memory fences, now that we're doing racy algorithms.
      
      * wtf/Atomics.h:
      (WTF):
      (WTF::compilerFence):
      (WTF::armV7_dmb):
      (WTF::armV7_dmb_st):
      (WTF::loadLoadFence):
      (WTF::loadStoreFence):
      (WTF::storeLoadFence):
      (WTF::storeStoreFence):
      (WTF::memoryBarrierAfterLock):
      (WTF::memoryBarrierBeforeUnlock):
      (WTF::x86_mfence):
      
      
      Conflicts:
      	Source/WTF/wtf/Atomics.h
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153124 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9397e00c
    • oliver@apple.com's avatar
      fourthTier: Landing the initial FTL logic in a single commit to avoid spurious · ea77149c
      oliver@apple.com authored
      broken builds.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153121 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea77149c
    • oliver@apple.com's avatar
      fourthTier: put DFG data into a DFG::JITCode, and put common DFG and FTL data... · 02b179b1
      oliver@apple.com authored
      fourthTier: put DFG data into a DFG::JITCode, and put common DFG and FTL data into something accessible from both DFG::JITCode and FTL::JITCode
      https://bugs.webkit.org/show_bug.cgi?id=113905
      
      Reviewed by Geoffrey Garen.
      
      This removes one pointer from CodeBlock.
      
      It also gives us a framework for having JITType-specific data in CodeBlock, by
      putting it into the appropriate JITCode class (either DFG::JITCode or
      FTL::JITCode). And it allows us to have DFG and FTL share some common data,
      via DFG::CommonData, which is stored in both DFG::JITCode and FTL::JITCode and
      always accessible via JITCode::dfgCommon().
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::dumpBytecode):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::performTracingFixpointIteration):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitWeakReferences):
      (JSC::CodeBlock::shrinkToFit):
      (JSC::CodeBlock::tallyFrequentExitSites):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      (JSC::DFGCodeBlocks::mark):
      * dfg/DFGAssemblyHelpers.h:
      * dfg/DFGCommonData.cpp: Added.
      (DFG):
      (JSC::DFG::CommonData::notifyCompilingStructureTransition):
      (JSC::DFG::CommonData::shrinkToFit):
      * dfg/DFGCommonData.h: Added.
      (JSC):
      (DFG):
      (JSC::DFG::WeakReferenceTransition::WeakReferenceTransition):
      (WeakReferenceTransition):
      (CommonData):
      (JSC::DFG::CommonData::CommonData):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGDriver.h:
      (DFG):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCode.cpp: Added.
      (DFG):
      (JSC::DFG::JITCode::JITCode):
      (JSC::DFG::JITCode::~JITCode):
      (JSC::DFG::JITCode::dfgCommon):
      (JSC::DFG::JITCode::dfg):
      (JSC::DFG::JITCode::shrinkToFit):
      * dfg/DFGJITCode.h: Added.
      (DFG):
      (JITCode):
      (JSC::DFG::JITCode::appendOSREntryData):
      (JSC::DFG::JITCode::osrEntryDataForBytecodeIndex):
      (JSC::DFG::JITCode::appendOSRExit):
      (JSC::DFG::JITCode::lastOSRExit):
      (JSC::DFG::JITCode::appendSpeculationRecovery):
      (JSC::DFG::JITCode::appendWatchpoint):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      (JSC::DFG::JITCompiler::addWeakReference):
      (JSC::DFG::JITCompiler::noticeOSREntry):
      (JSC::DFG::JITCompiler::jitCode):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::backwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGVariableEventStream.cpp:
      * ftl/FTLCompile.cpp:
      (JSC::FTL::compile):
      * ftl/FTLJITCode.cpp:
      (JSC::FTL::JITCode::JITCode):
      (JSC::FTL::JITCode::~JITCode):
      (FTL):
      (JSC::FTL::JITCode::initializeCode):
      (JSC::FTL::JITCode::addressForCall):
      (JSC::FTL::JITCode::executableAddressAtOffset):
      (JSC::FTL::JITCode::dataAddressAtOffset):
      (JSC::FTL::JITCode::offsetOf):
      (JSC::FTL::JITCode::size):
      (JSC::FTL::JITCode::contains):
      (JSC::FTL::JITCode::ftl):
      (JSC::FTL::JITCode::dfgCommon):
      * ftl/FTLJITCode.h:
      (JITCode):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
      (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
      (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
      (JSC::FTL::LowerDFGToLLVM::addWeakReference):
      (LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::weakPointer):
      * ftl/FTLState.cpp:
      (FTL):
      (JSC::FTL::State::State):
      (JSC::FTL::State::dumpState):
      * ftl/FTLState.h:
      (State):
      * heap/DFGCodeBlocks.cpp:
      (JSC::DFGCodeBlocks::~DFGCodeBlocks):
      (JSC::DFGCodeBlocks::jettison):
      (JSC::DFGCodeBlocks::clearMarks):
      (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
      (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
      * jit/JITCode.cpp:
      (JSC::JITCode::dfgCommon):
      (JSC):
      (JSC::JITCode::dfg):
      (JSC::JITCode::ftl):
      (JSC::DirectJITCode::DirectJITCode):
      (JSC::DirectJITCode::initializeCodeRef):
      (JSC::DirectJITCode::addressForCall):
      (JSC::DirectJITCode::executableAddressAtOffset):
      (JSC::DirectJITCode::dataAddressAtOffset):
      (JSC::DirectJITCode::offsetOf):
      (JSC::DirectJITCode::size):
      (JSC::DirectJITCode::contains):
      * jit/JITCode.h:
      (DFG):
      (FTL):
      (JSC):
      (JITCode):
      (DirectJITCode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153116 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02b179b1
    • oliver@apple.com's avatar
      fourthTier: JITCode should abstract exactly how the JIT code is structured and... · 9a1ae938
      oliver@apple.com authored
      fourthTier: JITCode should abstract exactly how the JIT code is structured and where it was allocated
      https://bugs.webkit.org/show_bug.cgi?id=113437
      
      Reviewed by Mark Hahnenberg.
      
      JITCode is now a virtual base class, which will allow different JITs to have radically
      different memory allocation and management conventions in the future. It will also
      make it easier to store JIT-specific meta-data in CodeBlock just by putting it into
      an appropriate JITCode subclass.
      
      For now there is one subclass, DirectJITCode, which just behaves like JITCode used to
      behave.
      
      * assembler/RepatchBuffer.h:
      (JSC::RepatchBuffer::RepatchBuffer):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::resetStubInternal):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::codeOriginForReturn):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::getJITCode):
      (JSC::CodeBlock::getJITType):
      (CodeBlock):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGDriver.h:
      (DFG):
      (JSC::DFG::tryCompile):
      (JSC::DFG::tryCompileFunction):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::codeLocationForRepatch):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compile):
      (JIT):
      * jit/JITCode.cpp:
      (JSC):
      (JSC::JITCode::JITCode):
      (JSC::JITCode::~JITCode):
      (JSC::JITCode::execute):
      (JSC::JITCode::hostFunction):
      (JSC::DirectJITCode::DirectJITCode):
      (JSC::DirectJITCode::~DirectJITCode):
      (JSC::DirectJITCode::addressForCall):
      (JSC::DirectJITCode::executableAddressAtOffset):
      (JSC::DirectJITCode::dataAddressAtOffset):
      (JSC::DirectJITCode::offsetOf):
      (JSC::DirectJITCode::size):
      (JSC::DirectJITCode::contains):
      * jit/JITCode.h:
      (JSC):
      (JITCode):
      (JSC::JITCode::bottomTierJIT):
      (JSC::JITCode::topTierJIT):
      (JSC::JITCode::nextTierJIT):
      (JSC::JITCode::isOptimizingJIT):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::jitType):
      (JSC::JITCode::jitTypeFor):
      (JSC::JITCode::executableAddress):
      (JSC::JITCode::start):
      (JSC::JITCode::end):
      (DirectJITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITStubs.cpp:
      (JSC::lazyLinkFor):
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/ThunkGenerators.cpp:
      (JSC::virtualForGenerator):
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::ExecutableBase::generatedJITCodeForCall):
      (JSC::ExecutableBase::generatedJITCodeForConstruct):
      (JSC::ExecutableBase::generatedJITCodeFor):
      (ExecutableBase):
      (JSC::ExecutableBase::hostCodeEntryFor):
      (JSC::ExecutableBase::jsCodeEntryFor):
      (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
      (JSC::NativeExecutable::create):
      (JSC::NativeExecutable::finishCreation):
      (JSC::EvalExecutable::generatedJITCode):
      (JSC::ProgramExecutable::generatedJITCode):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153113 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a1ae938
  10. 10 May, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase · f94b583f
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=115938
      
      We're going to add some more types of check hoisting soon, so let's have the right name here.
      
      Rubber stamped by Filip Pizlo.
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
      * dfg/DFGStructureCheckHoistingPhase.h: Removed.
      * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp.
      (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
      (JSC::DFG::performTypeCheckHoisting):
      * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@149911 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f94b583f
  11. 04 May, 2013 1 commit
    • msaboff@apple.com's avatar
      There should be a runtime option to constrain what functions get DFG compiled · 7b4d2076
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=115576
      
      Reviewed by Mark Hahnenberg.
      
      Added OptionRange to Options to allow checking that something is within an option
      or not.  The new OptionClass supports range strings in the form of [!]<low>[:<high>].
      If only one value is given, then it will be used for both low and high.  A leading
      '!' inverts the check.  If no range is given, then checking for a value within a range
      will always return true.  Added the option "bytecodeRangeToDFGCompile" that takes an
      OptionRange string to select the bytecode range of code blocks to DFG compile.
      
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile
      range.
      * runtime/Options.cpp:
      (JSC::parse): Added overloaded parse() for OptionRange.
      (JSC::OptionRange::init): Parse range string and then initialize the range.
      (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within
      the specified range.
      (JSC::Options::dumpOption): Added code to dump OptionRange options.
      * runtime/Options.h:
      (OptionRange): New class.
      (JSC::OptionRange::operator= ): This is really used as a default ctor for use within
      the Option static array initialization.
      (JSC::OptionRange::rangeString): This is used for debug.  It assumes that the char*
      passed into OptionRange::init is valid when this function is called.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@149552 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7b4d2076
  12. 18 Apr, 2013 1 commit
    • ggaren@apple.com's avatar
      Renamed JSGlobalData to VM · 9a9a4b52
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114777
      
      Reviewed by Phil Pizlo.
      
      ../JavaScriptCore: 
      
      * API/APICast.h:
      (JSC):
      (toJS):
      (toRef):
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APICallbackShim::APICallbackShim):
      (JSC::APICallbackShim::~APICallbackShim):
      (APICallbackShim):
      * API/JSAPIWrapperObject.h:
      (JSAPIWrapperObject):
      * API/JSAPIWrapperObject.mm:
      (JSC::::createStructure):
      (JSC::JSAPIWrapperObject::JSAPIWrapperObject):
      (JSC::JSAPIWrapperObject::finishCreation):
      (JSC::JSAPIWrapperObject::visitChildren):
      * API/JSBase.cpp:
      (JSGarbageCollect):
      (JSReportExtraMemoryCost):
      (JSSynchronousGarbageCollectForDebugging):
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::create):
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObjectData::setPrivateProperty):
      (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
      (JSCallbackObject):
      (JSC::JSCallbackObject::setPrivateProperty):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::JSCallbackObject):
      (JSC::::finishCreation):
      (JSC::::put):
      (JSC::::staticFunctionGetter):
      * API/JSClassRef.cpp:
      (OpaqueJSClassContextData::OpaqueJSClassContextData):
      (OpaqueJSClass::contextData):
      (OpaqueJSClass::prototype):
      * API/JSClassRef.h:
      (OpaqueJSClassContextData):
      * API/JSContext.mm:
      (-[JSContext setException:]):
      (-[JSContext initWithGlobalContextRef:]):
      (+[JSContext contextWithGlobalContextRef:]):
      * API/JSContextRef.cpp:
      (JSContextGroupCreate):
      (JSContextGroupRelease):
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRetain):
      (JSGlobalContextRelease):
      (JSContextGetGroup):
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMake):
      (JSObjectMakeConstructor):
      (JSObjectMakeFunction):
      (JSObjectSetPrototype):
      (JSObjectHasProperty):
      (JSObjectGetProperty):
      (JSObjectSetProperty):
      (JSObjectDeleteProperty):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
      (OpaqueJSPropertyNameArray):
      (JSObjectCopyPropertyNames):
      (JSPropertyNameArrayRelease):
      (JSPropertyNameAccumulatorAddName):
      * API/JSScriptRef.cpp:
      (OpaqueJSScript::create):
      (OpaqueJSScript::vm):
      (OpaqueJSScript::OpaqueJSScript):
      (OpaqueJSScript):
      (parseScript):
      * API/JSVirtualMachine.mm:
      (scanExternalObjectGraph):
      * API/JSVirtualMachineInternal.h:
      (JSC):
      * API/JSWrapperMap.mm:
      (makeWrapper):
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * API/ObjCCallbackFunction.mm:
      (JSC::ObjCCallbackFunction::create):
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::identifier):
      * API/OpaqueJSString.h:
      (JSC):
      (OpaqueJSString):
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * KeywordLookupGenerator.py:
      (Trie.printSubTreeAsC):
      * Target.pri:
      * assembler/ARMAssembler.cpp:
      (JSC::ARMAssembler::executableCopy):
      * assembler/ARMAssembler.h:
      (ARMAssembler):
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/AssemblerBufferWithConstantPool.h:
      (JSC::AssemblerBufferWithConstantPool::executableCopy):
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::linkCode):
      * assembler/LinkBuffer.h:
      (JSC):
      (JSC::LinkBuffer::LinkBuffer):
      (LinkBuffer):
      * assembler/MIPSAssembler.h:
      (JSC::MIPSAssembler::executableCopy):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CallLinkInfo.h:
      (CallLinkInfo):
      * bytecode/CodeBlock.cpp:
      (JSC::dumpStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::findClosureCallForReturnPC):
      (JSC::ProgramCodeBlock::jettisonImpl):
      (JSC::EvalCodeBlock::jettisonImpl):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::predictedMachineCodeSize):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendWeakReference):
      (JSC::CodeBlock::appendWeakReferenceTransition):
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::setGlobalData):
      (JSC::CodeBlock::vm):
      (JSC::CodeBlock::valueProfileForBytecodeOffset):
      (JSC::CodeBlock::addConstant):
      (JSC::CodeBlock::setConstantRegisters):
      (CodeBlock):
      (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
      * bytecode/EvalCodeCache.h:
      (JSC::EvalCodeCache::getSlow):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC::GetByIdStatus::computeForChain):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/ObjectAllocationProfile.h:
      (JSC::ObjectAllocationProfile::initialize):
      (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
      * bytecode/PolymorphicAccessStructureList.h:
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      * bytecode/PreciseJumpTargets.cpp:
      (JSC::computePreciseJumpTargets):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (JSC):
      (PutByIdStatus):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingTool::notifyOfScope):
      * bytecode/SamplingTool.h:
      (JSC::ScriptSampleRecord::ScriptSampleRecord):
      (SamplingTool):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::initGetByIdSelf):
      (JSC::StructureStubInfo::initGetByIdProto):
      (JSC::StructureStubInfo::initGetByIdChain):
      (JSC::StructureStubInfo::initPutByIdTransition):
      (JSC::StructureStubInfo::initPutByIdReplace):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::link):
      (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::create):
      (UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::finishCreation):
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedCodeBlock::addRegExp):
      (JSC::UnlinkedCodeBlock::addConstant):
      (JSC::UnlinkedCodeBlock::addFunctionDecl):
      (JSC::UnlinkedCodeBlock::addFunctionExpr):
      (JSC::UnlinkedCodeBlock::vm):
      (UnlinkedCodeBlock):
      (JSC::UnlinkedCodeBlock::finishCreation):
      (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::create):
      (JSC::UnlinkedProgramCodeBlock::addFunctionDeclaration):
      (JSC::UnlinkedProgramCodeBlock::UnlinkedProgramCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::create):
      (JSC::UnlinkedEvalCodeBlock::UnlinkedEvalCodeBlock):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::create):
      (JSC::UnlinkedFunctionCodeBlock::UnlinkedFunctionCodeBlock):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::addConstant):
      (JSC::BytecodeGenerator::emitLoad):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::addStringConstant):
      (JSC::BytecodeGenerator::expectedFunctionForIdentifier):
      (JSC::BytecodeGenerator::emitThrowReferenceError):
      (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::vm):
      (JSC::BytecodeGenerator::propertyNames):
      (JSC::BytecodeGenerator::makeFunction):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::ArrayNode::toArgumentList):
      (JSC::ApplyFunctionCallDotNode::emitBytecode):
      (JSC::InstanceOfNode::emitBytecode):
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      (JSC::evaluateInGlobalCallFrame):
      * debugger/Debugger.h:
      (JSC):
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::DebuggerActivation):
      (JSC::DebuggerActivation::finishCreation):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::create):
      (JSC::DebuggerActivation::createStructure):
      (DebuggerActivation):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::evaluate):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::vm):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGByteCodeParser.h:
      (JSC):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::CCallHelpers):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::reportToProfiler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      (JSC::DFG::operationPutByValInternal):
      (JSC::getHostCallReturnValueWithExecState):
      * dfg/DFGPhase.h:
      (JSC::DFG::Phase::vm):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      (JSC::DFG::linkSlowFor):
      (JSC::DFG::dfgLinkFor):
      (JSC::DFG::dfgLinkSlowFor):
      (JSC::DFG::dfgLinkClosureCall):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::compileFromCharCode):
      (JSC::DFG::SpeculativeJIT::compileMakeRope):
      (JSC::DFG::SpeculativeJIT::compileStringEquality):
      (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::linkForThunkGenerator):
      (JSC::DFG::linkCallThunkGenerator):
      (JSC::DFG::linkConstructThunkGenerator):
      (JSC::DFG::linkClosureCallThunkGenerator):
      (JSC::DFG::virtualForThunkGenerator):
      (JSC::DFG::virtualCallThunkGenerator):
      (JSC::DFG::virtualConstructThunkGenerator):
      * dfg/DFGThunks.h:
      (JSC):
      (DFG):
      * heap/BlockAllocator.h:
      (JSC):
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      (JSC::CopiedSpace::tryReallocate):
      * heap/CopiedSpaceInlines.h:
      (JSC::CopiedSpace::tryAllocate):
      * heap/GCThreadSharedData.cpp:
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      * heap/GCThreadSharedData.h:
      (JSC):
      (GCThreadSharedData):
      * heap/HandleSet.cpp:
      (JSC::HandleSet::HandleSet):
      (JSC::HandleSet::~HandleSet):
      (JSC::HandleSet::grow):
      * heap/HandleSet.h:
      (JSC):
      (HandleSet):
      (JSC::HandleSet::vm):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC):
      (JSC::Heap::lastChanceToFinalize):
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::stack):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::collect):
      (JSC::Heap::isValidAllocation):
      * heap/Heap.h:
      (JSC):
      (Heap):
      (JSC::Heap::vm):
      * heap/HeapTimer.cpp:
      (JSC::HeapTimer::HeapTimer):
      (JSC::HeapTimer::timerDidFire):
      (JSC::HeapTimer::timerEvent):
      * heap/HeapTimer.h:
      (JSC):
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/Local.h:
      (Local):
      (JSC::::Local):
      (JSC::LocalStack::LocalStack):
      (JSC::LocalStack::push):
      (LocalStack):
      * heap/LocalScope.h:
      (JSC):
      (LocalScope):
      (JSC::LocalScope::LocalScope):
      * heap/MachineStackMarker.cpp:
      (JSC::MachineThreads::addCurrentThread):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::vm):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::SlotVisitor):
      (JSC::SlotVisitor::setup):
      * heap/Strong.h:
      (JSC):
      (Strong):
      (JSC::Strong::operator=):
      * heap/StrongInlines.h:
      (JSC::::Strong):
      (JSC::::set):
      * heap/SuperRegion.h:
      (JSC):
      * heap/WeakSet.cpp:
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::WeakSet):
      (JSC::WeakSet::vm):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (JSC):
      (AbstractPC):
      * interpreter/CachedCall.h:
      (JSC::CachedCall::CachedCall):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::clearException):
      (JSC::ExecState::clearSupplementaryExceptionInfo):
      (JSC::ExecState::exception):
      (JSC::ExecState::hadException):
      (JSC::ExecState::propertyNames):
      (JSC::ExecState::emptyList):
      (JSC::ExecState::interpreter):
      (JSC::ExecState::heap):
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::jsonTable):
      (JSC::ExecState::mathTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectConstructorTable):
      (JSC::ExecState::privateNamePrototypeTable):
      (JSC::ExecState::regExpTable):
      (JSC::ExecState::regExpConstructorTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable):
      (JSC::ExecState::abstractReturnPC):
      * interpreter/CallFrameClosure.h:
      (CallFrameClosure):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::eval):
      (JSC::loadVarargs):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::appendSourceToError):
      (JSC::getCallerInfo):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::addStackTraceIfNecessary):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      (JSC::Interpreter::retrieveCallerFromVMCode):
      * interpreter/Interpreter.h:
      (JSC):
      (JSC::TopCallFrameSetter::TopCallFrameSetter):
      (JSC::TopCallFrameSetter::~TopCallFrameSetter):
      (TopCallFrameSetter):
      (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
      (Interpreter):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      * interpreter/JSStack.h:
      (JSC):
      * jit/ClosureCallStubRoutine.cpp:
      (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
      * jit/ClosureCallStubRoutine.h:
      (ClosureCallStubRoutine):
      * jit/ExecutableAllocator.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/ExecutableAllocator.h:
      (JSC):
      (ExecutableAllocator):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/GCAwareJITStubRoutine.cpp:
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h:
      (GCAwareJITStubRoutine):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompile):
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JIT.h:
      (JSC::JIT::compile):
      (JSC::JIT::compileClosureCall):
      (JSC::JIT::compileGetByIdProto):
      (JSC::JIT::compileGetByIdSelfList):
      (JSC::JIT::compileGetByIdProtoList):
      (JSC::JIT::compileGetByIdChainList):
      (JSC::JIT::compileGetByIdChain):
      (JSC::JIT::compilePutByIdTransition):
      (JSC::JIT::compileGetByVal):
      (JSC::JIT::compilePutByVal):
      (JSC::JIT::compileCTINativeCall):
      (JSC::JIT::compilePatchGetArrayLength):
      (JIT):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCode.h:
      (JSC):
      (JSC::JITCode::execute):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      (JSC::jitThrow):
      * jit/JITExceptions.h:
      (JSC):
      * jit/JITInlines.h:
      (JSC::JIT::emitLoadCharacterString):
      (JSC::JIT::updateTopCallFrame):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emitSlow_op_eq):
      (JSC::JIT::emitSlow_op_neq):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      (JSC::ctiTrampoline):
      (JSC):
      (JSC::performPlatformSpecificJITAssertions):
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::returnToThrowTrampoline):
      (JSC::throwExceptionFromOpCall):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      (JSC::putByVal):
      * jit/JITStubs.h:
      (JSC):
      (JITStackFrame):
      * jit/JITThunks.cpp:
      (JSC::JITThunks::ctiNativeCall):
      (JSC::JITThunks::ctiNativeConstruct):
      (JSC::JITThunks::ctiStub):
      (JSC::JITThunks::hostFunctionStub):
      * jit/JITThunks.h:
      (JSC):
      (JITThunks):
      * jit/JITWriteBarrier.h:
      (JSC):
      (JSC::JITWriteBarrierBase::set):
      (JSC::JITWriteBarrier::set):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadJSStringArgument):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerator.h:
      (JSC):
      * jit/ThunkGenerators.cpp:
      (JSC::generateSlowCaseFor):
      (JSC::linkForGenerator):
      (JSC::linkCallGenerator):
      (JSC::linkConstructGenerator):
      (JSC::linkClosureCallGenerator):
      (JSC::virtualForGenerator):
      (JSC::virtualCallGenerator):
      (JSC::virtualConstructGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::nativeCallGenerator):
      (JSC::nativeConstructGenerator):
      (JSC::stringCharLoad):
      (JSC::charToString):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * jit/ThunkGenerators.h:
      (JSC):
      * jsc.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      (functionDumpCallFrame):
      (functionJSCStack):
      (functionReleaseExecutableMemory):
      (functionRun):
      (main):
      (runWithScripts):
      (jscmain):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntData.h:
      (JSC):
      (Data):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h:
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/cloop.rb:
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::ASTBuilder):
      (JSC::ASTBuilder::createSourceElements):
      (JSC::ASTBuilder::createCommaExpr):
      (JSC::ASTBuilder::createLogicalNot):
      (JSC::ASTBuilder::createUnaryPlus):
      (JSC::ASTBuilder::createVoid):
      (JSC::ASTBuilder::thisExpr):
      (JSC::ASTBuilder::createResolve):
      (JSC::ASTBuilder::createObjectLiteral):
      (JSC::ASTBuilder::createArray):
      (JSC::ASTBuilder::createNumberExpr):
      (JSC::ASTBuilder::createString):
      (JSC::ASTBuilder::createBoolean):
      (JSC::ASTBuilder::createNull):
      (JSC::ASTBuilder::createBracketAccess):
      (JSC::ASTBuilder::createDotAccess):
      (JSC::ASTBuilder::createRegExp):
      (JSC::ASTBuilder::createNewExpr):
      (JSC::ASTBuilder::createConditionalExpr):
      (JSC::ASTBuilder::createAssignResolve):
      (JSC::ASTBuilder::createFunctionExpr):
      (JSC::ASTBuilder::createFunctionBody):
      (JSC::ASTBuilder::createGetterOrSetterProperty):
      (JSC::ASTBuilder::createArguments):
      (JSC::ASTBuilder::createArgumentsList):
      (JSC::ASTBuilder::createProperty):
      (JSC::ASTBuilder::createPropertyList):
      (JSC::ASTBuilder::createElementList):
      (JSC::ASTBuilder::createFormalParameterList):
      (JSC::ASTBuilder::createClause):
      (JSC::ASTBuilder::createClauseList):
      (JSC::ASTBuilder::createFuncDeclStatement):
      (JSC::ASTBuilder::createBlockStatement):
      (JSC::ASTBuilder::createExprStatement):
      (JSC::ASTBuilder::createIfStatement):
      (JSC::ASTBuilder::createForLoop):
      (JSC::ASTBuilder::createForInLoop):
      (JSC::ASTBuilder::createEmptyStatement):
      (JSC::ASTBuilder::createVarStatement):
      (JSC::ASTBuilder::createReturnStatement):
      (JSC::ASTBuilder::createBreakStatement):
      (JSC::ASTBuilder::createContinueStatement):
      (JSC::ASTBuilder::createTryStatement):
      (JSC::ASTBuilder::createSwitchStatement):
      (JSC::ASTBuilder::createWhileStatement):
      (JSC::ASTBuilder::createDoWhileStatement):
      (JSC::ASTBuilder::createLabelStatement):
      (JSC::ASTBuilder::createWithStatement):
      (JSC::ASTBuilder::createThrowStatement):
      (JSC::ASTBuilder::createDebugger):
      (JSC::ASTBuilder::createConstStatement):
      (JSC::ASTBuilder::appendConstDecl):
      (JSC::ASTBuilder::addVar):
      (JSC::ASTBuilder::combineCommaNodes):
      (JSC::ASTBuilder::Scope::Scope):
      (JSC::ASTBuilder::createNumber):
      (ASTBuilder):
      (JSC::ASTBuilder::makeTypeOfNode):
      (JSC::ASTBuilder::makeDeleteNode):
      (JSC::ASTBuilder::makeNegateNode):
      (JSC::ASTBuilder::makeBitwiseNotNode):
      (JSC::ASTBuilder::makeMultNode):
      (JSC::ASTBuilder::makeDivNode):
      (JSC::ASTBuilder::makeModNode):
      (JSC::ASTBuilder::makeAddNode):
      (JSC::ASTBuilder::makeSubNode):
      (JSC::ASTBuilder::makeLeftShiftNode):
      (JSC::ASTBuilder::makeRightShiftNode):
      (JSC::ASTBuilder::makeURightShiftNode):
      (JSC::ASTBuilder::makeBitOrNode):
      (JSC::ASTBuilder::makeBitAndNode):
      (JSC::ASTBuilder::makeBitXOrNode):
      (JSC::ASTBuilder::makeFunctionCallNode):
      (JSC::ASTBuilder::makeBinaryNode):
      (JSC::ASTBuilder::makeAssignNode):
      (JSC::ASTBuilder::makePrefixNode):
      (JSC::ASTBuilder::makePostfixNode):
      * parser/Lexer.cpp:
      (JSC::Keywords::Keywords):
      (JSC::::Lexer):
      (JSC::::parseIdentifier):
      (JSC::::parseIdentifierSlowCase):
      * parser/Lexer.h:
      (JSC::Keywords::isKeyword):
      (JSC::Keywords::getKeyword):
      (Keywords):
      (Lexer):
      (JSC::::makeIdentifier):
      (JSC::::makeRightSizedIdentifier):
      (JSC::::makeIdentifierLCharFromUChar):
      (JSC::::makeLCharIdentifier):
      * parser/NodeConstructors.h:
      (JSC::ParserArenaFreeable::operator new):
      (JSC::ParserArenaDeletable::operator new):
      (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
      (JSC::PropertyNode::PropertyNode):
      (JSC::ContinueNode::ContinueNode):
      (JSC::BreakNode::BreakNode):
      (JSC::ForInNode::ForInNode):
      * parser/Nodes.cpp:
      (JSC::ScopeNode::ScopeNode):
      (JSC::ProgramNode::ProgramNode):
      (JSC::ProgramNode::create):
      (JSC::EvalNode::EvalNode):
      (JSC::EvalNode::create):
      (JSC::FunctionBodyNode::FunctionBodyNode):
      (JSC::FunctionBodyNode::create):
      * parser/Nodes.h:
      (ParserArenaFreeable):
      (ParserArenaDeletable):
      (ParserArenaRefCounted):
      (ArrayNode):
      (ForInNode):
      (ContinueNode):
      (BreakNode):
      (ScopeNode):
      (ProgramNode):
      (EvalNode):
      (FunctionBodyNode):
      * parser/Parser.cpp:
      (JSC::::Parser):
      (JSC::::parseInner):
      (JSC::::parseSourceElements):
      (JSC::::parseTryStatement):
      (JSC::::parseFunctionBody):
      (JSC::::parseFunctionInfo):
      (JSC::::parseAssignmentExpression):
      (JSC::::parseProperty):
      (JSC::::parsePrimaryExpression):
      (JSC::::parseMemberExpression):
      (JSC::::parseUnaryExpression):
      * parser/Parser.h:
      (JSC):
      (JSC::Scope::Scope):
      (JSC::Scope::declareVariable):
      (JSC::Scope::declareParameter):
      (Scope):
      (Parser):
      (JSC::Parser::pushScope):
      (JSC::::parse):
      (JSC::parse):
      * parser/ParserArena.h:
      (IdentifierArena):
      (JSC::IdentifierArena::makeIdentifier):
      (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
      (JSC::IdentifierArena::makeNumericIdentifier):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::SyntaxChecker):
      (JSC::SyntaxChecker::createProperty):
      (JSC::SyntaxChecker::createGetterOrSetterProperty):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::startProfiling):
      (JSC::LegacyProfiler::stopProfiling):
      * profiler/LegacyProfiler.h:
      (JSC):
      * profiler/ProfilerBytecode.cpp:
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      (JSC::Profiler::BytecodeSequence::addSequenceProperties):
      * profiler/ProfilerBytecodes.cpp:
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerCompilation.cpp:
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompiledBytecode.cpp:
      (JSC::Profiler::CompiledBytecode::toJS):
      * profiler/ProfilerDatabase.cpp:
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::toJS):
      (JSC::Profiler::Database::toJSON):
      * profiler/ProfilerDatabase.h:
      (Database):
      * profiler/ProfilerOSRExit.cpp:
      (JSC::Profiler::OSRExit::toJS):
      * profiler/ProfilerOrigin.cpp:
      (JSC::Profiler::Origin::toJS):
      * profiler/ProfilerProfiledBytecodes.cpp:
      (JSC::Profiler::ProfiledBytecodes::toJS):
      * runtime/ArgList.h:
      (MarkedArgumentBuffer):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      (JSC::Arguments::tearOff):
      (JSC::Arguments::didTearOffActivation):
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      (JSC::Arguments::createStructure):
      (Arguments):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::trySetArgument):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BatchedTransitionOptimizer.h:
      (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
      (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
      (BatchedTransitionOptimizer):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      (JSC::constructBoolean):
      (JSC::constructBooleanFromImmediateBoolean):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::BooleanObject):
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (BooleanObject):
      (JSC::BooleanObject::create):
      (JSC::BooleanObject::createStructure):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/Butterfly.h:
      (JSC):
      (Butterfly):
      * runtime/ButterflyInlines.h:
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::createOrGrowArrayRight):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
      * runtime/CodeCache.h:
      (JSC):
      (JSC::SourceCodeValue::SourceCodeValue):
      (CodeCache):
      * runtime/CommonIdentifiers.cpp:
      (JSC):
      (JSC::CommonIdentifiers::CommonIdentifiers):
      * runtime/CommonIdentifiers.h:
      (CommonIdentifiers):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::DateInstance):
      (JSC::DateInstance::finishCreation):
      (JSC::DateInstance::calculateGregorianDateTime):
      (JSC::DateInstance::calculateGregorianDateTimeUTC):
      * runtime/DateInstance.h:
      (DateInstance):
      (JSC::DateInstance::create):
      (JSC::DateInstance::createStructure):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncToJSON):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.cpp:
      (JSC::createError):
      (JSC::createEvalError):
      (JSC::createRangeError):
      (JSC::createReferenceError):
      (JSC::createSyntaxError):
      (JSC::createTypeError):
      (JSC::createURIError):
      (JSC::addErrorInfo):
      (JSC::throwError):
      * runtime/Error.h:
      (JSC):
      (JSC::StrictModeTypeErrorFunction::create):
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::ErrorInstance):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      (JSC::ErrorInstance::create):
      (ErrorInstance):
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::createInterruptedExecutionException):
      (JSC::createTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC):
      (JSC::InterruptedExecutionError::InterruptedExecutionError):
      (JSC::InterruptedExecutionError::create):
      (JSC::InterruptedExecutionError::createStructure):
      (JSC::TerminatedExecutionError::TerminatedExecutionError):
      (JSC::TerminatedExecutionError::create):
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC::EvalExecutable::EvalExecutable):
      (JSC::ProgramExecutable::ProgramExecutable):
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::checkSyntax):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::initializeGlobalProperties):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
      (JSC::FunctionExecutable::fromGlobalCode):
      * runtime/Executable.h:
      (JSC::ExecutableBase::ExecutableBase):
      (JSC::ExecutableBase::finishCreation):
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::create):
      (JSC::NativeExecutable::createStructure):
      (JSC::NativeExecutable::finishCreation):
      (JSC::NativeExecutable::NativeExecutable):
      (JSC::ScriptExecutable::ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::compile):
      (EvalExecutable):
      (JSC::EvalExecutable::create):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (JSC::ProgramExecutable::compile):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::create):
      (JSC::FunctionExecutable::compileForCall):
      (FunctionExecutable):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      (JSC::FunctionExecutable::createStructure):
      (JSC::JSFunction::JSFunction):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::GCActivityCallback):
      * runtime/GCActivityCallbackBlackBerry.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::GetterSetter):
      (JSC::GetterSetter::create):
      (JSC::GetterSetter::setGetter):
      (JSC::GetterSetter::setSetter):
      (JSC::GetterSetter::createStructure):
      * runtime/Identifier.cpp:
      (JSC::Identifier::add):
      (JSC::Identifier::add8):
      (JSC::Identifier::addSlowCase):
      (JSC::Identifier::from):
      (JSC::Identifier::checkCurrentIdentifierTable):
      * runtime/Identifier.h:
      (JSC::Identifier::Identifier):
      (JSC::Identifier::createLCharFromUChar):
      (Identifier):
      (JSC::Identifier::add):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::InternalFunction):
      (JSC::InternalFunction::finishCreation):
      (JSC::InternalFunction::name):
      (JSC::InternalFunction::displayName):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (InternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      (JSC::JSAPIValueWrapper::finishCreation):
      (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::create):
      (JSC::JSActivation::createStructure):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::ContiguousTypeAccessor::setWithValue):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sortVector):
      * runtime/JSArray.h:
      (JSC::JSArray::JSArray):
      (JSArray):
      (JSC::JSArray::shiftCountForShift):
      (JSC::JSArray::unshiftCountForShift):
      (JSC::JSArray::createStructure):
      (JSC::createContiguousArrayButterfly):
      (JSC::createArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      (JSC::constructArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::JSBoundFunction):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::toStringSlowCase):
      * runtime/JSCJSValue.h:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::allocateCell):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSDateMath.cpp:
      (JSC::getDSTOffset):
      (JSC::getUTCOffset):
      (JSC::parseDate):
      * runtime/JSDestructibleObject.h:
      (JSC::JSDestructibleObject::JSDestructibleObject):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::createAllocationProfile):
      (JSC::JSFunction::name):
      (JSC::JSFunction::displayName):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::deleteProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      (JSC::JSFunction::create):
      (JSC::JSFunction::setScope):
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalData.cpp: Removed.
      * runtime/JSGlobalData.h: Removed.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::setGlobalThis):
      (JSC::JSGlobalObject::init):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::resetPrototype):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
      (JSC::JSGlobalObject::createProgramCodeBlock):
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::create):
      (JSGlobalObject):
      (JSC::JSGlobalObject::finishCreation):
      (JSC::JSGlobalObject::vm):
      (JSC::JSGlobalObject::createStructure):
      (JSC::ExecState::dynamicGlobalObject):
      (JSC::constructEmptyArray):
      (DynamicGlobalObjectScope):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoSetter):
      * runtime/JSLock.cpp:
      (JSC::JSLockHolder::JSLockHolder):
      (JSC::JSLockHolder::init):
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::willDestroyGlobalData):
      (JSC::JSLock::lock):
      (JSC::JSLock::unlock):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (JSLockHolder):
      (JSLock):
      (JSC::JSLock::vm):
      (DropAllLocks):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      (JSC::JSNameScope::finishCreation):
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::JSNotAnObject):
      (JSC::JSNotAnObject::create):
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::JSONObject):
      (JSC::JSONObject::finishCreation):
      (Holder):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::stringify):
      (JSC::Stringifier::toJSON):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::Walker):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      (JSC::JSONStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::rageConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::convertUndecidedForValue):
      (JSC::JSObject::convertInt32ForValue):
      (JSC::JSObject::setIndexQuicklyToUndecided):
      (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
      (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::rageEnsureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::setPrototypeWithCycleCheck):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::seal):
      (JSC::JSObject::freeze):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::reifyStaticFunctionsForDelete):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::putDirectNativeFunction):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
      (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
      (DefineOwnPropertyScope):
      (JSC::JSObject::defineOwnNonIndexProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::putByIndexInline):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectOffset):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::isSealed):
      (JSC::JSObject::isFrozen):
      (JSC::JSObject::flattenDictionaryObject):
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::rageEnsureContiguous):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSObject::ensureLength):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::createStructure):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSFinalObject::JSFinalObject):
      (JSC::JSFinalObject::create):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      (JSC::JSPropertyNameIterator::setCachedStructure):
      (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
      (JSC::JSPropertyNameIterator::finishCreation):
      (JSC::StructureRareData::setEnumerationCache):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget):
      * runtime/JSProxy.h:
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSC::JSProxy::JSProxy):
      (JSC::JSProxy::finishCreation):
      (JSProxy):
      * runtime/JSScope.cpp:
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      * runtime/JSScope.h:
      (JSScope):
      (JSC::JSScope::JSScope):
      (JSC::JSScope::vm):
      (JSC::ExecState::vm):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSString.cpp:
      (JSC::JSRopeString::RopeBuilder::expand):
      (JSC::StringObject::create):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      (JSC::JSString::JSString):
      (JSC::JSString::finishCreation):
      (JSC::JSString::create):
      (JSC::JSString::createHasOtherOwner):
      (JSC::JSString::createStructure):
      (JSRopeString):
      (JSC::JSRopeString::RopeBuilder::RopeBuilder):
      (JSC::JSRopeString::RopeBuilder::append):
      (RopeBuilder):
      (JSC::JSRopeString::JSRopeString):
      (JSC::JSRopeString::finishCreation):
      (JSC::JSRopeString::append):
      (JSC::JSRopeString::createNull):
      (JSC::JSRopeString::create):
      (JSC::jsEmptyString):
      (JSC::jsSingleCharacterString):
      (JSC::jsSingleCharacterSubstring):
      (JSC::jsNontrivialString):
      (JSC::jsString):
      (JSC::jsSubstring):
      (JSC::jsSubstring8):
      (JSC::jsOwnedString):
      (JSC::jsStringBuilder):
      (JSC::inlineJSValueNotStringtoString):
      * runtime/JSStringJoiner.cpp:
      (JSC::JSStringJoiner::build):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::createStructure):
      (JSC::JSWithScope::JSWithScope):
      * runtime/JSWrapperObject.h:
      (JSWrapperObject):
      (JSC::JSWrapperObject::createStructure):
      (JSC::JSWrapperObject::JSWrapperObject):
      (JSC::JSWrapperObject::setInternalValue):
      * runtime/LiteralParser.cpp:
      (JSC::::tryJSONPParse):
      (JSC::::makeIdentifier):
      (JSC::::parse):
      * runtime/Lookup.cpp:
      (JSC::HashTable::createTable):
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::initializeIfNeeded):
      (JSC::HashTable::entry):
      (JSC::HashTable::begin):
      (JSC::HashTable::end):
      (HashTable):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::MathObject):
      (JSC::MathObject::finishCreation):
      (JSC::mathProtoFuncSin):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/MemoryStatistics.cpp:
      * runtime/MemoryStatistics.h:
      * runtime/NameConstructor.cpp:
      (JSC::NameConstructor::finishCreation):
      (JSC::constructPrivateName):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.cpp:
      (JSC::NameInstance::NameInstance):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::create):
      (NameInstance):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::NamePrototype):
      (JSC::NamePrototype::finishCreation):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NativeErrorPrototype.cpp:
      (JSC::NativeErrorPrototype::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      (JSC::constructWithNumberConstructor):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::NumberObject):
      (JSC::NumberObject::finishCreation):
      (JSC::constructNumber):
      * runtime/NumberObject.h:
      (NumberObject):
      (JSC::NumberObject::create):
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::finishCreation):
      (JSC::integerValueToString):
      (JSC::numberProtoFuncToString):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      (JSC::constructEmptyObject):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::objectProtoFuncToString):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      * runtime/Operations.h:
      (JSC):
      (JSC::jsString):
      (JSC::jsStringFromArguments):
      (JSC::normalizePrototypeChainForChainAccess):
      (JSC::normalizePrototypeChain):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      (JSC::PropertyTable::createStructure):
      (PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyNameArray.h:
      (JSC::PropertyNameArray::PropertyNameArray):
      (JSC::PropertyNameArray::vm):
      (JSC::PropertyNameArray::addKnownUnique):
      (PropertyNameArray):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      * runtime/RegExp.cpp:
      (JSC::RegExp::RegExp):
      (JSC::RegExp::finishCreation):
      (JSC::RegExp::createWithoutCaching):
      (JSC::RegExp::create):
      (JSC::RegExp::compile):
      (JSC::RegExp::compileIfNecessary):
      (JSC::RegExp::match):
      (JSC::RegExp::compileMatchOnly):
      (JSC::RegExp::compileIfNecessaryMatchOnly):
      * runtime/RegExp.h:
      (JSC):
      (RegExp):
      (JSC::RegExp::createStructure):
      * runtime/RegExpCache.cpp:
      (JSC::RegExpCache::lookupOrCreate):
      (JSC::RegExpCache::RegExpCache):
      (JSC::RegExpCache::addToStrongCache):
      * runtime/RegExpCache.h:
      (RegExpCache):
      * runtime/RegExpCachedResult.cpp:
      (JSC::RegExpCachedResult::lastResult):
      (JSC::RegExpCachedResult::setInput):
      * runtime/RegExpCachedResult.h:
      (JSC::RegExpCachedResult::RegExpCachedResult):
      (JSC::RegExpCachedResult::record):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::RegExpConstructor):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (RegExpConstructor):
      (JSC::RegExpConstructor::performMatch):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      (JSC::RegExpMatchesArray::reifyAllProperties):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::RegExpObject):
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::match):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::create):
      (JSC::RegExpObject::setRegExp):
      (JSC::RegExpObject::setLastIndex):
      (JSC::RegExpObject::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SmallStrings.cpp:
      (JSC::SmallStrings::initializeCommonStrings):
      (JSC::SmallStrings::createEmptyString):
      (JSC::SmallStrings::createSingleCharacterString):
      (JSC::SmallStrings::initialize):
      * runtime/SmallStrings.h:
      (JSC):
      (JSC::SmallStrings::singleCharacterString):
      (SmallStrings):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::put):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation):
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::create):
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::StringObject):
      (JSC::StringObject::finishCreation):
      (JSC::constructString):
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      (JSC::StringObject::createStructure):
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::StringPrototype):
      (JSC::StringPrototype::finishCreation):
      (JSC::removeUsingRegExpSearch):
      (JSC::replaceUsingRegExpSearch):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      (JSC::StringRecursionChecker::~StringRecursionChecker):
      * runtime/Structure.cpp:
      (JSC::StructureTransitionTable::add):
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::toCacheableDictionaryTransition):
      (JSC::Structure::toUncacheableDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::allocateRareData):
      (JSC::Structure::cloneRareDataFrom):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::finishCreation):
      (JSC::Structure::setPrototypeWithoutTransition):
      (JSC::Structure::setGlobalObject):
      (JSC::Structure::setObjectToStringValue):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::setPreviousID):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::StructureChain):
      * runtime/StructureChain.h:
      (JSC::StructureChain::create):
      (JSC::StructureChain::createStructure):
      (JSC::StructureChain::finishCreation):
      (StructureChain):
      * runtime/StructureInlines.h:
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      (JSC::Structure::get):
      (JSC::Structure::setEnumerationCache):
      (JSC::Structure::prototypeChain):
      (JSC::Structure::propertyTable):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::create):
      (JSC::StructureRareData::clone):
      (JSC::StructureRareData::StructureRareData):
      * runtime/StructureRareData.h:
      (StructureRareData):
      * runtime/StructureRareDataInlines.h:
      (JSC::StructureRareData::setPreviousID):
      (JSC::StructureRareData::setObjectToStringValue):
      * runtime/StructureTransitionTable.h:
      (StructureTransitionTable):
      (JSC::StructureTransitionTable::setSingleTransition):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::create):
      (JSC::SharedSymbolTable::createStructure):
      (JSC::SharedSymbolTable::SharedSymbolTable):
      * runtime/VM.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalData.cpp.
      (JSC::VM::VM):
      (JSC::VM::~VM):
      (JSC::VM::createContextGroup):
      (JSC::VM::create):
      (JSC::VM::createLeaked):
      (JSC::VM::sharedInstanceExists):
      (JSC::VM::sharedInstance):
      (JSC::VM::sharedInstanceInternal):
      (JSC::VM::getHostFunction):
      (JSC::VM::ClientData::~ClientData):
      (JSC::VM::resetDateCache):
      (JSC::VM::startSampling):
      (JSC::VM::stopSampling):
      (JSC::VM::discardAllCode):
      (JSC::VM::dumpSampleData):
      (JSC::VM::addSourceProviderCache):
      (JSC::VM::clearSourceProviderCaches):
      (JSC::VM::releaseExecutableMemory):
      (JSC::releaseExecutableMemory):
      (JSC::VM::gatherConservativeRoots):
      (JSC::VM::addRegExpToTrace):
      (JSC::VM::dumpRegExpTrace):
      * runtime/VM.h: Copied from Source/JavaScriptCore/runtime/JSGlobalData.h.
      (VM):
      (JSC::VM::isSharedInstance):
      (JSC::VM::usingAPI):
      (JSC::VM::isInitializingObject):
      (JSC::VM::setInitializingObjectClass):
      (JSC::WeakSet::heap):
      * runtime/WriteBarrier.h:
      (JSC):
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::setMayBeNull):
      (JSC::WriteBarrierBase::setEarlyValue):
      (JSC::WriteBarrier::WriteBarrier):
      * testRegExp.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (main):
      (testOneRegExp):
      (parseRegExpLine):
      (runFromFiles):
      (realMain):
      * yarr/YarrInterpreter.h:
      (BytecodePattern):
      * yarr/YarrJIT.cpp:
      (YarrGenerator):
      (JSC::Yarr::YarrGenerator::compile):
      (JSC::Yarr::jitCompile):
      * yarr/YarrJIT.h:
      (JSC):
      
      ../WebCore: 
      
      * ForwardingHeaders/runtime/JSGlobalData.h: Removed.
      * ForwardingHeaders/runtime/VM.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalData.h.
      * WebCore.exp.in:
      * WebCore.order:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * bindings/js/DOMObjectHashTableMap.cpp:
      (WebCore::DOMObjectHashTableMap::mapFor):
      * bindings/js/DOMObjectHashTableMap.h:
      (JSC):
      (DOMObjectHashTableMap):
      * bindings/js/DOMWrapperWorld.cpp:
      (WebCore::DOMWrapperWorld::DOMWrapperWorld):
      (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
      (WebCore::normalWorld):
      (WebCore::mainThreadNormalWorld):
      * bindings/js/DOMWrapperWorld.h:
      (WebCore::DOMWrapperWorld::create):
      (WebCore::DOMWrapperWorld::vm):
      (DOMWrapperWorld):
      (WebCore):
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::get):
      (WebCore::set):
      (WebCore::deserializeIDBValue):
      (WebCore::deserializeIDBValueBuffer):
      (WebCore::idbKeyToScriptValue):
      * bindings/js/JSCallbackData.h:
      (WebCore::JSCallbackData::JSCallbackData):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver):
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::getHashTableForGlobalData):
      (WebCore::reportException):
      (WebCore::cacheDOMStructure):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::DOMConstructorWithDocument::finishCreation):
      (WebCore::getDOMStructure):
      (WebCore::setInlineCachedWrapper):
      (WebCore):
      (WebCore::jsStringWithCache):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::finishCreation):
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::JSDOMWindowBase::updateDocument):
      (WebCore::JSDOMWindowBase::commonVM):
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::setLocation):
      (WebCore::DialogHandler::dialogCreated):
      (WebCore::DialogHandler::returnValue):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::finishCreation):
      (WebCore::JSDOMWindowShell::setWindow):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::create):
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSDOMWrapper.h:
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::createAccelerationObject):
      (WebCore::createRotationRateObject):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDictionary.h:
      (WebCore::JSDictionary::JSDictionary):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::setWrapper):
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::all):
      (WebCore::JSHTMLDocument::setAll):
      * bindings/js/JSHTMLTemplateElementCustom.cpp:
      (WebCore::JSHTMLTemplateElement::content):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::state):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::functionDetails):
      (WebCore::getJSListenerFunctions):
      (WebCore::JSInjectedScriptHost::getEventListeners):
      (WebCore::JSInjectedScriptHost::inspect):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::JSMessageEvent::data):
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSMutationCallback.cpp:
      (WebCore::JSMutationCallback::call):
      * bindings/js/JSMutationObserverCustom.cpp:
      (WebCore::JSMutationObserverConstructor::constructJSMutationObserver):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCondition.h:
      (WebCore::JSNodeFilterCondition::create):
      (JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::toNodeFilter):
      * bindings/js/JSPopStateEventCustom.cpp:
      (WebCore::cacheState):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JSSQLResultSetRowListCustom.cpp:
      (WebCore::JSSQLResultSetRowList::item):
      * bindings/js/JSWorkerContextBase.cpp:
      (WebCore::JSWorkerContextBase::JSWorkerContextBase):
      (WebCore::JSWorkerContextBase::finishCreation):
      * bindings/js/JSWorkerContextBase.h:
      (WebCore::JSWorkerContextBase::createStructure):
      (JSWorkerContextBase):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::ScheduledAction):
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScheduledAction.h:
      (WebCore::ScheduledAction::ScheduledAction):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      (WebCore::createScriptArguments):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::createWindowShell):
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::createWorld):
      (WebCore::ScriptController::getAllWorlds):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::clearScriptObjects):
      (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandler):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptGCEvent.cpp:
      (WebCore::ScriptGCEvent::getHeapSize):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptObject::ScriptObject):
      (WebCore::ScriptGlobalObject::set):
      * bindings/js/ScriptState.h:
      (WebCore):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::deserialize):
      * bindings/js/ScriptValue.h:
      (WebCore::ScriptValue::ScriptValue):
      * bindings/js/ScriptWrappable.h:
      (JSC):
      (ScriptWrappable):
      * bindings/js/ScriptWrappableInlines.h:
      (WebCore::ScriptWrappable::setWrapper):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::readTerminal):
      (WebCore::SerializedScriptValue::deserializeForInspector):
      (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
      * bindings/js/WebCoreJSClientData.h:
      (WebCoreJSClientData):
      (WebCore::initNormalWorldClientData):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::WorkerScriptController):
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::scheduleExecutionTermination):
      (WebCore::WorkerScriptController::isExecutionTerminating):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/js/WorkerScriptController.h:
      (JSC):
      (WebCore::WorkerScriptController::vm):
      (WorkerScriptController):
      * bindings/js/WorkerScriptDebugServer.cpp:
      (WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateCallbackImplementation):
      (JSValueToNative):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::getJSFloat64ArrayConstructorTable):
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::getJSFloat64ArrayPrototypeTable):
      (WebCore::getJSFloat64ArrayTable):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::createPrototype):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::create):
      (WebCore::JSFloat64Array::createStructure):
      (JSFloat64Array):
      (WebCore::JSFloat64ArrayPrototype::create):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayPrototype::JSFloat64ArrayPrototype):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::createPrototype):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::create):
      (WebCore::JSTestActiveDOMObject::createStructure):
      (JSTestActiveDOMObject):
      (WebCore::JSTestActiveDOMObjectPrototype::create):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::createPrototype):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::create):
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (JSTestCustomNamedGetter):
      (WebCore::JSTestCustomNamedGetterPrototype::create):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::create):
      (WebCore::JSTestEventConstructor::createStructure):
      (JSTestEventConstructor):
      (WebCore::JSTestEventConstructorPrototype::create):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::createPrototype):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      (WebCore::JSTestEventTarget::createStructure):
      (JSTestEventTarget):
      (WebCore::JSTestEventTargetPrototype::create):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::createPrototype):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::create):
      (WebCore::JSTestException::createStructure):
      (JSTestException):
      (WebCore::JSTestExceptionPrototype::create):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::createPrototype):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::create):
      (WebCore::JSTestInterface::createStructure):
      (JSTestInterface):
      (WebCore::JSTestInterfacePrototype::create):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::createPrototype):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::create):
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (JSTestMediaQueryListListener):
      (WebCore::JSTestMediaQueryListListenerPrototype::create):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::create):
      (WebCore::JSTestNamedConstructor::createStructure):
      (JSTestNamedConstructor):
      (WebCore::JSTestNamedConstructorPrototype::create):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::createPrototype):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::create):
      (WebCore::JSTestNode::createStructure):
      (JSTestNode):
      (WebCore::JSTestNodePrototype::create):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodePrototype::JSTestNodePrototype):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::createPrototype):
      (WebCore::jsTestObjCachedAttribute1):
      (WebCore::jsTestObjCachedAttribute2):
      (WebCore::setJSTestObjConditionalAttr4Constructor):
      (WebCore::setJSTestObjConditionalAttr5Constructor):
      (WebCore::setJSTestObjConditionalAttr6Constructor):
      (WebCore::setJSTestObjAnyAttribute):
      (WebCore::setJSTestObjReplaceableAttribute):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::create):
      (WebCore::JSTestObj::createStructure):
      (JSTestObj):
      (WebCore::JSTestObjPrototype::create):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjPrototype::JSTestObjPrototype):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::createPrototype):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::create):
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (JSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsPrototype::create):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::createPrototype):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::create):
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (JSTestSerializedScriptValueInterface):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::create):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::createPrototype):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::create):
      (WebCore::JSTestTypedefs::createStructure):
      (JSTestTypedefs):
      (WebCore::JSTestTypedefsPrototype::create):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::createStructure):
      (ObjCRuntimeMethod::finishCreation):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (JSC::RuntimeMethod::createStructure):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      (JSC::Bindings::RuntimeObject::finishCreation):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::RootObject):
      (JSC::Bindings::RootObject::gcProtect):
      (JSC::Bindings::RootObject::gcUnprotect):
      (JSC::Bindings::RootObject::updateGlobalObject):
      (JSC::Bindings::RootObject::addRuntimeObject):
      * bridge/runtime_root.h:
      (RootObject):
      * dom/Node.cpp:
      * dom/Node.h:
      (JSC):
      * dom/ScriptExecutionContext.cpp:
      (WebCore::ScriptExecutionContext::vm):
      * dom/ScriptExecutionContext.h:
      (JSC):
      (ScriptExecutionContext):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * inspector/ScriptArguments.cpp:
      (WebCore::ScriptArguments::ScriptArguments):
      * loader/icon/IconDatabaseBase.cpp:
      (WebCore):
      (WebCore::iconDatabase):
      (WebCore::setGlobalIconDatabase):
      * platform/qt/MemoryUsageSupportQt.cpp:
      (WebCore::memoryUsageKB):
      (WebCore::actualMemoryUsageKB):
      * platform/win/ClipboardUtilitiesWin.cpp:
      (WebCore::createGlobalData):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::platformStart):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      ../WebKit/blackberry: 
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebKitSupport/AboutData.cpp:
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::javaScriptObjectsCount):
      
      ../WebKit/efl: 
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::javaScriptObjectsCount):
      
      ../WebKit/gtk: 
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      ../WebKit/mac: 
      
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.h:
      (LocalObjectMap):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::LocalObjectMap::idForObject):
      (WebKit::NetscapePluginInstanceProxy::getWindowNPObject):
      (WebKit::NetscapePluginInstanceProxy::getPluginElementNPObject):
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::createStructure):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::create):
      (WebKit::ProxyRuntimeObject::createStructure):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebKit.order:
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.mm:
      (WebScriptDebugger::WebScriptDebugger):
      
      ../WebKit/qt: 
      
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::javaScriptObjectsCount):
      * WebCoreSupport/QWebFrameAdapter.cpp:
      (QWebFrameAdapter::addToJavaScriptWindowObject):
      
      ../WebKit/win: 
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      
      ../WebKit2: 
      
      * Shared/linux/WebMemorySamplerLinux.cpp:
      (WebKit::WebMemorySampler::sampleWebKit):
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      (WebKit::JSNPMethod::createStructure):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::JSNPObject):
      (WebKit::JSNPObject::finishCreation):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (WebKit::JSNPObject::create):
      (WebKit::JSNPObject::createStructure):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::create):
      (WebKit::NPJSObject::initialize):
      * WebProcess/Plugins/Netscape/NPJSObject.h:
      (JSC):
      (NPJSObject):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
      (JSC):
      (NPRuntimeObjectMap):
      * WebProcess/Plugins/PluginView.cpp:
      (WebKit::PluginView::windowScriptNPObject):
      (WebKit::PluginView::pluginElementNPObject):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148696 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a9a4b52
  13. 12 Mar, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG overflow check elimination is too smart for its own good · 96820433
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=111832
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt and Gavin Barraclough.
              
      Rolling this back in after fixing accidental misuse of JSValue. The code was doing value < someInt
      rather than value.asInt32() < someInt. This "worked" when isWithinPowerOfTwo wasn't templatized.
      It worked by always being false and always disabling the relvant optimization.
              
      This improves overflow check elimination in three ways:
              
      1) It reduces the amount of time the compiler will spend doing it.
              
      2) It fixes bugs where overflow check elimination was overzealous. Precisely, for a binary operation
         over @a and @b where both @a and @b will type check that their inputs (@a->children, @b->children)
         are int32's and then perform a possibly-overflowing operation, we must be careful not to assume
         that @a's non-int32 parts don't matter if at the point that @a runs we have as yet not proved that
         @b->children are int32's and that hence @b might produce a large enough result that doubles would
         start chopping low bits. The specific implication of this is that for a binary operation to not
         propagate that it cares about non-int32 parts (NodeUsedAsNumber), we must prove that at least one
         of the inputs is guaranteed to produce a result within 2^32 and that there won't be a tower of such
         operations large enough to ultimately produce a double greater than 2^52 (roughly). We achieve the
         latter by disabling this optimization for very large basic blocks. It's noteworthy that blocks that
         large won't even make it into the DFG currently.
              
      3) It makes the overflow check elimination more precise for cases where the inputs to an Add or Sub
         are the outputs of a bit-op. For example in (@a + (@b | 0)) | 0, we don't need to propagate
         NodeUsedAsNumber to either @a or @b.
              
      This is neutral on V8v7 and a slight speed-up on compile time benchmarks.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGBackwardsPropagationPhase.cpp: Added.
      (DFG):
      (BackwardsPropagationPhase):
      (JSC::DFG::BackwardsPropagationPhase::BackwardsPropagationPhase):
      (JSC::DFG::BackwardsPropagationPhase::run):
      (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
      (JSC::DFG::BackwardsPropagationPhase::isNotZero):
      (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoForConstant):
      (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoNonRecursive):
      (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
      (JSC::DFG::BackwardsPropagationPhase::mergeDefaultFlags):
      (JSC::DFG::BackwardsPropagationPhase::propagate):
      (JSC::DFG::performBackwardsPropagation):
      * dfg/DFGBackwardsPropagationPhase.h: Added.
      (DFG):
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::run):
      (JSC::DFG::CPSRethreadingPhase::clearIsLoadedFrom):
      (CPSRethreadingPhase):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::dumpNodeFlags):
      (DFG):
      * dfg/DFGNodeFlags.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (PredictionPropagationPhase):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGUnificationPhase.cpp:
      (JSC::DFG::UnificationPhase::run):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (JSC::DFG::VariableAccessData::mergeIsLoadedFrom):
      (VariableAccessData):
      (JSC::DFG::VariableAccessData::setIsLoadedFrom):
      (JSC::DFG::VariableAccessData::isLoadedFrom):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt and Gavin Barraclough.
      
      * fast/js/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int-expected.txt: Added.
      * fast/js/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int.html: Added.
      * fast/js/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers-expected.txt: Added.
      * fast/js/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers.js: Added.
      (foo):
      (bar):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145489 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      96820433
  14. 09 Mar, 2013 2 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r145299. · e8aaf5a0
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/145299
      https://bugs.webkit.org/show_bug.cgi?id=111928
      
      compilation failure with recent clang
      (DFGBackwardsPropagationPhase.cpp:132:35: error: comparison of
      constant 10 with expression of type 'bool' is always false)
      (Requested by thorton on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2013-03-09
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGBackwardsPropagationPhase.cpp: Removed.
      * dfg/DFGBackwardsPropagationPhase.h: Removed.
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::run):
      (CPSRethreadingPhase):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::nodeFlagsAsString):
      (DFG):
      * dfg/DFGNodeFlags.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
      (PredictionPropagationPhase):
      (JSC::DFG::PredictionPropagationPhase::isNotZero):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
      * dfg/DFGUnificationPhase.cpp:
      (JSC::DFG::UnificationPhase::run):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (VariableAccessData):
      
      LayoutTests:
      
      * fast/js/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int-expected.txt: Removed.
      * fast/js/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int.html: Removed.
      * fast/js/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers-expected.txt: Removed.
      * fast/js/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers.html: Removed.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int.js: Removed.
      * fast/js/script-tests/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers.js: Removed.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145323 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e8aaf5a0
    • fpizlo@apple.com's avatar
      DFG overflow check elimination is too smart for its own good · 4695cd92
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=111832
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt and Gavin Barraclough.
              
      This improves overflow check elimination in three ways:
              
      1) It reduces the amount of time the compiler will spend doing it.
              
      2) It fixes bugs where overflow check elimination was overzealous. Precisely, for a binary operation
         over @a and @b where both @a and @b will type check that their inputs (@a->children, @b->children)
         are int32's and then perform a possibly-overflowing operation, we must be careful not to assume
         that @a's non-int32 parts don't matter if at the point that @a runs we have as yet not proved that
         @b->children are int32's and that hence @b might produce a large enough result that doubles would
         start chopping low bits. The specific implication of this is that for a binary operation to not
         propagate that it cares about non-int32 parts (NodeUsedAsNumber), we must prove that at least one
         of the inputs is guaranteed to produce a result within 2^32 and that there won't be a tower of such
         operations large enough to ultimately produce a double greater than 2^52 (roughly). We achieve the
         latter by disabling this optimization for very large basic blocks. It's noteworthy that blocks that
         large won't even make it into the DFG currently.
              
      3) It makes the overflow check elimination more precise for cases where the inputs to an Add or Sub
         are the outputs of a bit-op. For example in (@a + (@b | 0)) | 0, we don't need to propagate
         NodeUsedAsNumber to either @a or @b.
              
      This is neutral on V8v7 and a slight speed-up on compile time benchmarks.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGBackwardsPropagationPhase.cpp: Added.
      (DFG):
      (BackwardsPropagationPhase):
      (JSC::DFG::BackwardsPropagationPhase::BackwardsPropagationPhase):
      (JSC::DFG::BackwardsPropagationPhase::run):
      (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
      (JSC::DFG::BackwardsPropagationPhase::isNotZero):
      (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoForConstant):
      (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoNonRecursive):
      (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
      (JSC::DFG::BackwardsPropagationPhase::mergeDefaultFlags):
      (JSC::DFG::BackwardsPropagationPhase::propagate):
      (JSC::DFG::performBackwardsPropagation):
      * dfg/DFGBackwardsPropagationPhase.h: Added.
      (DFG):
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::run):
      (JSC::DFG::CPSRethreadingPhase::clearIsLoadedFrom):
      (CPSRethreadingPhase):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::dumpNodeFlags):
      (DFG):
      * dfg/DFGNodeFlags.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (PredictionPropagationPhase):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGUnificationPhase.cpp:
      (JSC::DFG::UnificationPhase::run):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (JSC::DFG::VariableAccessData::mergeIsLoadedFrom):
      (VariableAccessData):
      (JSC::DFG::VariableAccessData::setIsLoadedFrom):
      (JSC::DFG::VariableAccessData::isLoadedFrom):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt and Gavin Barraclough.
      
      * fast/js/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int-expected.txt: Added.
      * fast/js/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int.html: Added.
      * fast/js/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers-expected.txt: Added.
      * fast/js/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers.js: Added.
      (foo):
      (bar):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145299 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4695cd92
  15. 07 Mar, 2013 1 commit
    • fpizlo@apple.com's avatar
      The DFG fixpoint is not strictly profitable, and should be straight-lined · e717087b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=111764
      
      Reviewed by Oliver Hunt and Geoffrey Garen.
              
      The DFG previously ran optimizations to fixpoint because there exists a circular dependency:
              
      CSE depends on CFG simplification: CFG simplification merges blocks, and CSE is block-local.
              
      CFG simplification depends on CFA and constant folding: constant folding reveals branches on
      constants.
              
      CFA depends on CSE: CSE reveals must-alias relationships by proving that two operations
      always produce identical values.
              
      Arguments simplification also depends on CSE, but it ought not depend on anything else.
              
      Hence we get a cycle like: CFA -> folding -> CFG -> CSE -> CFA.
              
      Note that before we had sparse conditional CFA, we also had CFA depending on CFG. This ought
      not be the case anymore: CFG simplification should not by itself lead to better CFA results.
              
      My guess is that the weakest link in this cycle is CFG -> CSE. CSE cuts both ways: if you
      CSE too much then you increase register pressure. Hence it's not clear that you always want
      to CSE after simplifying control flow. This leads to an order of optimization as follows:
              
      CSE -> arguments -> CFA -> folding -> CFG
              
      This is a 2.5% speed-up on SunSpider, a 4% speed-up on V8Spider, a possible 0.3% slow-down
      on V8v7, nothing on Kraken, and 1.2% speed-up in the JSRegress geomean. I'll take a 2.5%
      speed-up over a 0.3% V8v7 speed-up.
      
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@145143 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e717087b
  16. 06 Mar, 2013 2 commits
    • fpizlo@apple.com's avatar
      DFG should not run full CSE after the optimization fixpoint, since it really... · a5d6cf4a
      fpizlo@apple.com authored
      DFG should not run full CSE after the optimization fixpoint, since it really just wants store elimination
      https://bugs.webkit.org/show_bug.cgi?id=111536
      
      Reviewed by Oliver Hunt and Mark Hahnenberg.
              
      The fixpoint will do aggressive load elimination and pure CSE. There's no need to do it after the fixpoint.
      On the other hand, the fixpoint does not profit from doing store elimination (except for SetLocal/Flush).
      Previously we had CSE do both, and had it avoid doing some store elimination during the fixpoint by querying
      the fixpoint state. This changes CSE to be templated on mode - either NormalCSE or StoreElimination - so
      that we explicitly put it into one of those modes depending on where we call it from. The goal is to reduce
      time spent doing load elimination after the fixpoint, since that is just wasted cycles.
      
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::CSEPhase):
      (JSC::DFG::CSEPhase::run):
      (JSC::DFG::CSEPhase::performNodeCSE):
      (JSC::DFG::CSEPhase::performBlockCSE):
      (JSC::DFG::performCSE):
      (DFG):
      (JSC::DFG::performStoreElimination):
      * dfg/DFGCSEPhase.h:
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144973 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a5d6cf4a
    • fpizlo@apple.com's avatar
      DFG DCE might eliminate checks unsoundly · 06f82b56
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=109389
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This gets rid of all eager reference counting, and does all dead code elimination
      in one phase - the DCEPhase. This phase also sets up the node reference counts,
      which are then used not just for DCE but also register allocation and stack slot
      allocation.
              
      Doing this required a number of surgical changes in places that previously relied
      on always having liveness information. For example, the structure check hoisting
      phase must now consult whether a VariableAccessData is profitable for unboxing to
      make sure that it doesn't try to do hoisting on set SetLocals. The arguments
      simplification phase employs its own light-weight liveness analysis. Both phases
      previously just used reference counts.
              
      The largest change is that now, dead nodes get turned into Phantoms. Those
      Phantoms will retain those child edges that are not proven. This ensures that any
      type checks performed by a dead node remain even after the node is killed. On the
      other hand, this Phantom conversion means that we need special handling for
      SetLocal. I decided to make the four forms of SetLocal explicit:
              
      MovHint(@a, rK): Just indicates that node @a contains the value that would have
           now been placed into virtual register rK. Does not actually cause @a to be
           stored into rK. This would have previously been a dead SetLocal with @a
           being live. MovHints are always dead.
              
      ZombieHint(rK): Indicates that at this point, register rK will contain a dead
           value and OSR should put Undefined into it. This would have previously been
           a dead SetLocal with @a being dead also. ZombieHints are always dead.
              
      MovHintAndCheck(@a, rK): Identical to MovHint except @a is also type checked,
           according to whatever UseKind the edge to @a has. The type check is always a
           forward exit. MovHintAndChecks are always live, since they are
           NodeMustGenerate. Previously this would have been a dead SetLocal with a
           live @a, and the check would have disappeared. This is one of the bugs that
           this patch solves.
              
      SetLocal(@a, rK): This still does exactly what it does now, if the SetLocal is
           live.
              
      Basically this patch makes it so that dead SetLocals eventually decay to MovHint,
      ZombieHint, or MovHintAndCheck depending on the situation. If the child @a is
      also dead, then you get a ZombieHint. If the child @a is live but the SetLocal
      has a type check and @a's type hasn't been proven to have that type then you get
      a MovHintAndCheck. Otherwise you get a MovHint.
              
      This is performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (ArgumentsSimplificationPhase):
      (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
      * dfg/DFGBasicBlock.h:
      (BasicBlock):
      * dfg/DFGBasicBlockInlines.h:
      (DFG):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::addToGraph):
      (JSC::DFG::ByteCodeParser::insertPhiNode):
      (JSC::DFG::ByteCodeParser::emitFunctionChecks):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::run):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      * dfg/DFGCPSRethreadingPhase.cpp:
      (JSC::DFG::CPSRethreadingPhase::run):
      (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCommon.cpp:
      (WTF::printInternal):
      (WTF):
      * dfg/DFGCommon.h:
      (WTF):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
      (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
      * dfg/DFGDCEPhase.cpp: Added.
      (DFG):
      (DCEPhase):
      (JSC::DFG::DCEPhase::DCEPhase):
      (JSC::DFG::DCEPhase::run):
      (JSC::DFG::DCEPhase::findTypeCheckRoot):
      (JSC::DFG::DCEPhase::countEdge):
      (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::performDCE):
      * dfg/DFGDCEPhase.h: Added.
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      (JSC::DFG::FixupPhase::fixIntEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (JSC::DFG::FixupPhase::truncateConstantToInt32):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      (DFG):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::changeChild):
      (JSC::DFG::Graph::changeEdge):
      (JSC::DFG::Graph::compareAndSwap):
      (JSC::DFG::Graph::clearAndDerefChild):
      (JSC::DFG::Graph::performSubstitution):
      (JSC::DFG::Graph::performSubstitutionForEdge):
      (Graph):
      (JSC::DFG::Graph::substitute):
      * dfg/DFGInsertionSet.h:
      (InsertionSet):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (JSC::DFG::Node::convertToConstant):
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (JSC::DFG::Node::containsMovHint):
      (Node):
      (JSC::DFG::Node::hasVariableAccessData):
      (JSC::DFG::Node::willHaveCodeGenOrOSR):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compileMovHintAndCheck):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      (JSC::DFG::StructureCheckHoistingPhase::shouldConsiderForHoisting):
      (StructureCheckHoistingPhase):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * fast/js/dfg-arguments-osr-exit-multiple-blocks-before-exit-expected.txt: Added.
      * fast/js/dfg-arguments-osr-exit-multiple-blocks-before-exit.html: Added.
      * fast/js/dfg-arguments-osr-exit-multiple-blocks-expected.txt: Added.
      * fast/js/dfg-arguments-osr-exit-multiple-blocks.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-arguments-osr-exit-multiple-blocks-before-exit.js: Added.
      (baz):
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-osr-exit-multiple-blocks.js: Added.
      (baz):
      (foo):
      (bar):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144862 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      06f82b56
  17. 21 Feb, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG should not change its mind about what type speculations a node does, by... · 7a1964c5
      fpizlo@apple.com authored
      DFG should not change its mind about what type speculations a node does, by encoding the checks in the NodeType, UseKind, and ArrayMode
      https://bugs.webkit.org/show_bug.cgi?id=109371
      
      Reviewed by Oliver Hunt.
              
      FixupPhase now locks in the speculations that each node will do. The DFG then
      remembers those speculations, and doesn't change its mind about them even if the
      graph is transformed - for example if a node's child is repointed to a different
      node as part of CSE, CFG simplification, or folding. Each node ensures that it
      executes the speculations promised by its edges. This is true even for Phantom
      nodes.
              
      This still leaves some craziness on the table for future work, like the
      elimination of speculating SetLocal's due to CFG simplification
      (webkit.org/b/109388) and elimination of nodes via DCE (webkit.org/b/109389).
              
      In all, this allows for a huge simplification of the DFG. Instead of having to
      execute the right speculation heuristic each time you want to decide what a node
      does (for example Node::shouldSpeculateInteger(child1, child2) &&
      node->canSpeculateInteger()), you just ask for the use kinds of its children
      (typically node->binaryUseKind() == Int32Use). Because the use kinds are
      discrete, you can often just switch over them. This makes many parts of the code
      more clear than they were before.
              
      Having UseKinds describe the speculations being performed also makes it far
      easier to perform analyses that need to know what speculations are done. This is
      so far only used to simplify large parts of the CFA.
              
      To have a larger vocabulary of UseKinds, this also changes the node allocator to
      be able to round up Node sizes to the nearest multiple of 16.
              
      This appears to be neutral on benchmarks, except for some goofy speed-ups, like
      8% on Octane/box2d.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::startExecuting):
      (DFG):
      (JSC::DFG::AbstractState::executeEdges):
      (JSC::DFG::AbstractState::verifyEdge):
      (JSC::DFG::AbstractState::verifyEdges):
      (JSC::DFG::AbstractState::executeEffects):
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      (JSC::DFG::AbstractState::filterEdgeByUse):
      (JSC::DFG::AbstractState::filterByType):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::filter):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (JSC::DFG::AdjacencyList::child):
      (JSC::DFG::AdjacencyList::setChild):
      (JSC::DFG::AdjacencyList::reset):
      (JSC::DFG::AdjacencyList::firstChild):
      (JSC::DFG::AdjacencyList::setFirstChild):
      (JSC::DFG::AdjacencyList::numChildren):
      (JSC::DFG::AdjacencyList::setNumChildren):
      (AdjacencyList):
      * dfg/DFGAllocator.h:
      (DFG):
      (Allocator):
      (JSC::DFG::Allocator::cellSize):
      (JSC::DFG::Allocator::Region::headerSize):
      (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
      (JSC::DFG::Allocator::Region::payloadSize):
      (JSC::DFG::Allocator::Region::payloadBegin):
      (JSC::DFG::Allocator::Region::payloadEnd):
      (JSC::DFG::Allocator::Region::isInThisRegion):
      (JSC::DFG::::Allocator):
      (JSC::DFG::::~Allocator):
      (JSC::DFG::::allocate):
      (JSC::DFG::::free):
      (JSC::DFG::::freeAll):
      (JSC::DFG::::reset):
      (JSC::DFG::::indexOf):
      (JSC::DFG::::allocatorOf):
      (JSC::DFG::::bumpAllocate):
      (JSC::DFG::::freeListAllocate):
      (JSC::DFG::::allocateSlow):
      (JSC::DFG::::freeRegionsStartingAt):
      (JSC::DFG::::startBumpingIn):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::addToGraph):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCommon.h:
      (DFG):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.cpp:
      (JSC::DFG::Edge::dump):
      * dfg/DFGEdge.h:
      (JSC::DFG::Edge::useKindUnchecked):
      (JSC::DFG::Edge::useKind):
      (JSC::DFG::Edge::shift):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      (JSC::DFG::FixupPhase::fixIntEdge):
      (JSC::DFG::FixupPhase::fixDoubleEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::truncateConstantToInt32):
      (JSC::DFG::FixupPhase::truncateConstantsIfNecessary):
      (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
      * dfg/DFGGraph.cpp:
      (DFG):
      (JSC::DFG::Graph::refChildren):
      (JSC::DFG::Graph::derefChildren):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::ref):
      (JSC::DFG::Graph::deref):
      (JSC::DFG::Graph::performSubstitution):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
      (DFG):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (JSC::DFG::Node::convertToGetByOffset):
      (JSC::DFG::Node::convertToPutByOffset):
      (JSC::DFG::Node::willHaveCodeGenOrOSR):
      (JSC::DFG::Node::child1):
      (JSC::DFG::Node::child2):
      (JSC::DFG::Node::child3):
      (JSC::DFG::Node::binaryUseKind):
      (Node):
      (JSC::DFG::Node::isBinaryUseKind):
      * dfg/DFGNodeAllocator.h:
      (DFG):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::nodeFlagsAsString):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (DFG):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::typeCheck):
      (JSC::DFG::SpeculativeJIT::forwardTypeCheck):
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileInstanceOf):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::speculateInt32):
      (JSC::DFG::SpeculativeJIT::speculateNumber):
      (JSC::DFG::SpeculativeJIT::speculateRealNumber):
      (JSC::DFG::SpeculativeJIT::speculateBoolean):
      (JSC::DFG::SpeculativeJIT::speculateCell):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateNotCell):
      (JSC::DFG::SpeculativeJIT::speculateOther):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
      (JSC::DFG::SpeculativeJIT::needsTypeCheck):
      (JSC::DFG::IntegerOperand::IntegerOperand):
      (JSC::DFG::IntegerOperand::edge):
      (IntegerOperand):
      (JSC::DFG::IntegerOperand::node):
      (JSC::DFG::IntegerOperand::gpr):
      (JSC::DFG::IntegerOperand::use):
      (JSC::DFG::JSValueOperand::JSValueOperand):
      (JSValueOperand):
      (JSC::DFG::JSValueOperand::edge):
      (JSC::DFG::JSValueOperand::node):
      (JSC::DFG::JSValueOperand::gpr):
      (JSC::DFG::JSValueOperand::fill):
      (JSC::DFG::JSValueOperand::use):
      (JSC::DFG::StorageOperand::StorageOperand):
      (JSC::DFG::StorageOperand::edge):
      (StorageOperand):
      (JSC::DFG::StorageOperand::node):
      (JSC::DFG::StorageOperand::gpr):
      (JSC::DFG::StorageOperand::use):
      (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
      (SpeculateIntegerOperand):
      (JSC::DFG::SpeculateIntegerOperand::edge):
      (JSC::DFG::SpeculateIntegerOperand::node):
      (JSC::DFG::SpeculateIntegerOperand::gpr):
      (JSC::DFG::SpeculateIntegerOperand::use):
      (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
      (SpeculateStrictInt32Operand):
      (JSC::DFG::SpeculateStrictInt32Operand::edge):
      (JSC::DFG::SpeculateStrictInt32Operand::node):
      (JSC::DFG::SpeculateStrictInt32Operand::gpr):
      (JSC::DFG::SpeculateStrictInt32Operand::use):
      (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
      (SpeculateDoubleOperand):
      (JSC::DFG::SpeculateDoubleOperand::edge):
      (JSC::DFG::SpeculateDoubleOperand::node):
      (JSC::DFG::SpeculateDoubleOperand::fpr):
      (JSC::DFG::SpeculateDoubleOperand::use):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (SpeculateCellOperand):
      (JSC::DFG::SpeculateCellOperand::edge):
      (JSC::DFG::SpeculateCellOperand::node):
      (JSC::DFG::SpeculateCellOperand::gpr):
      (JSC::DFG::SpeculateCellOperand::use):
      (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
      (JSC::DFG::SpeculateBooleanOperand::edge):
      (SpeculateBooleanOperand):
      (JSC::DFG::SpeculateBooleanOperand::node):
      (JSC::DFG::SpeculateBooleanOperand::gpr):
      (JSC::DFG::SpeculateBooleanOperand::use):
      (DFG):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGUseKind.cpp: Added.
      (WTF):
      (WTF::printInternal):
      * dfg/DFGUseKind.h: Added.
      (DFG):
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isNumerical):
      (WTF):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::reportValidationContext):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143654 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7a1964c5
  18. 09 Feb, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG should allow phases to break Phi's and then have one phase to rebuild them · 3fa6f5d3
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=108414
      
      Reviewed by Mark Hahnenberg.
              
      Introduces two new DFG forms: LoadStore and ThreadedCPS. These are described in
      detail in DFGCommon.h.
              
      Consequently, DFG phases no longer have to worry about preserving data flow
      links between basic blocks. It is generally always safe to request that the
      graph be dethreaded (Graph::dethread), which brings it into LoadStore form, where
      the data flow is implicit. In this form, only liveness-at-head needs to be
      preserved.
              
      All of the machinery for "threading" the graph to introduce data flow between
      blocks is now moved out of the bytecode parser and into the CPSRethreadingPhase.
      All phases that previously did this maintenance themselves now just rely on
      being able to dethread the graph. The one exception is the structure check
      hoising phase, which operates over a threaded graph and preserves it, for the
      sake of performance.
              
      Also moved two other things into their own phases: unification (previously found
      in the parser) and prediction injection (previously found in various places).
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/Operands.h:
      (Operands):
      (JSC::Operands::sizeFor):
      (JSC::Operands::atFor):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      * dfg/DFGAllocator.h:
      (JSC::DFG::::allocateSlow):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGBasicBlockInlines.h:
      (DFG):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (DFG):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::killUnreachable):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * dfg/DFGCPSRethreadingPhase.cpp: Added.
      (DFG):
      (CPSRethreadingPhase):
      (JSC::DFG::CPSRethreadingPhase::CPSRethreadingPhase):
      (JSC::DFG::CPSRethreadingPhase::run):
      (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
      (JSC::DFG::CPSRethreadingPhase::clearVariablesAtHeadAndTail):
      (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
      (JSC::DFG::CPSRethreadingPhase::addPhi):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeSetLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
      (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlocks):
      (JSC::DFG::CPSRethreadingPhase::propagatePhis):
      (JSC::DFG::CPSRethreadingPhase::PhiStackEntry::PhiStackEntry):
      (PhiStackEntry):
      (JSC::DFG::CPSRethreadingPhase::phiStackFor):
      (JSC::DFG::performCPSRethreading):
      * dfg/DFGCPSRethreadingPhase.h: Added.
      (DFG):
      * dfg/DFGCSEPhase.cpp:
      (CSEPhase):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCommon.cpp:
      (WTF):
      (WTF::printInternal):
      * dfg/DFGCommon.h:
      (JSC::DFG::logCompilationChanges):
      (DFG):
      (WTF):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dethread):
      (JSC::DFG::Graph::collectGarbage):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::performSubstitution):
      (Graph):
      (JSC::DFG::Graph::performSubstitutionForEdge):
      (JSC::DFG::Graph::convertToConstant):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToPhantomLocal):
      (Node):
      (JSC::DFG::Node::convertToGetLocal):
      (JSC::DFG::Node::hasVariableAccessData):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPhase.cpp:
      (JSC::DFG::Phase::beginPhase):
      * dfg/DFGPhase.h:
      (JSC::DFG::runAndLog):
      * dfg/DFGPredictionInjectionPhase.cpp: Added.
      (DFG):
      (PredictionInjectionPhase):
      (JSC::DFG::PredictionInjectionPhase::PredictionInjectionPhase):
      (JSC::DFG::PredictionInjectionPhase::run):
      (JSC::DFG::performPredictionInjection):
      * dfg/DFGPredictionInjectionPhase.h: Added.
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::run):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGUnificationPhase.cpp: Added.
      (DFG):
      (UnificationPhase):
      (JSC::DFG::UnificationPhase::UnificationPhase):
      (JSC::DFG::UnificationPhase::run):
      (JSC::DFG::performUnification):
      * dfg/DFGUnificationPhase.h: Added.
      (DFG):
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::dumpGraphIfAppropriate):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::setUpCall):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::dump):
      * runtime/JSString.h:
      (JSString):
      * runtime/Options.h:
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142377 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3fa6f5d3
  19. 29 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG should not use a graph that is a vector, Nodes shouldn't move after... · 8ff092fc
      fpizlo@apple.com authored
      DFG should not use a graph that is a vector, Nodes shouldn't move after allocation, and we should always refer to nodes by Node*
      https://bugs.webkit.org/show_bug.cgi?id=106868
      
      Reviewed by Oliver Hunt.
              
      This adds a pool allocator for Nodes, and uses that instead of a Vector. Changes all
      uses of Node& and NodeIndex to be simply Node*. Nodes no longer have an index except
      for debugging (Node::index(), which is not guaranteed to be O(1)).
              
      1% speed-up on SunSpider, presumably because this improves compile times.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::booleanResult):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
      (JSC::DFG::AbstractState::dump):
      * dfg/DFGAbstractState.h:
      (DFG):
      (JSC::DFG::AbstractState::forNode):
      (AbstractState):
      (JSC::DFG::AbstractState::speculateInt32Unary):
      (JSC::DFG::AbstractState::speculateNumberUnary):
      (JSC::DFG::AbstractState::speculateBooleanUnary):
      (JSC::DFG::AbstractState::speculateInt32Binary):
      (JSC::DFG::AbstractState::speculateNumberBinary):
      (JSC::DFG::AbstractState::trySetConstant):
      * dfg/DFGAbstractValue.h:
      (AbstractValue):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (JSC::DFG::AdjacencyList::initialize):
      * dfg/DFGAllocator.h: Added.
      (DFG):
      (Allocator):
      (JSC::DFG::Allocator::Region::size):
      (JSC::DFG::Allocator::Region::headerSize):
      (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
      (JSC::DFG::Allocator::Region::data):
      (JSC::DFG::Allocator::Region::isInThisRegion):
      (JSC::DFG::Allocator::Region::regionFor):
      (Region):
      (JSC::DFG::::Allocator):
      (JSC::DFG::::~Allocator):
      (JSC::DFG::::allocate):
      (JSC::DFG::::free):
      (JSC::DFG::::freeAll):
      (JSC::DFG::::reset):
      (JSC::DFG::::indexOf):
      (JSC::DFG::::allocatorOf):
      (JSC::DFG::::bumpAllocate):
      (JSC::DFG::::freeListAllocate):
      (JSC::DFG::::allocateSlow):
      (JSC::DFG::::freeRegionsStartingAt):
      (JSC::DFG::::startBumpingIn):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
      (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::originalArrayStructure):
      (JSC::DFG::ArrayMode::alreadyChecked):
      * dfg/DFGArrayMode.h:
      (ArrayMode):
      * dfg/DFGArrayifySlowPathGenerator.h:
      (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::node):
      (JSC::DFG::BasicBlock::isInPhis):
      (JSC::DFG::BasicBlock::isInBlock):
      (BasicBlock):
      * dfg/DFGBasicBlockInlines.h:
      (DFG):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::setDirect):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::setPair):
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::getToInt32):
      (JSC::DFG::ByteCodeParser::toInt32):
      (JSC::DFG::ByteCodeParser::getJSConstantForValue):
      (JSC::DFG::ByteCodeParser::getJSConstant):
      (JSC::DFG::ByteCodeParser::getCallee):
      (JSC::DFG::ByteCodeParser::getThis):
      (JSC::DFG::ByteCodeParser::setThis):
      (JSC::DFG::ByteCodeParser::isJSConstant):
      (JSC::DFG::ByteCodeParser::isInt32Constant):
      (JSC::DFG::ByteCodeParser::valueOfJSConstant):
      (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
      (JSC::DFG::ByteCodeParser::constantUndefined):
      (JSC::DFG::ByteCodeParser::constantNull):
      (JSC::DFG::ByteCodeParser::one):
      (JSC::DFG::ByteCodeParser::constantNaN):
      (JSC::DFG::ByteCodeParser::cellConstant):
      (JSC::DFG::ByteCodeParser::addToGraph):
      (JSC::DFG::ByteCodeParser::insertPhiNode):
      (JSC::DFG::ByteCodeParser::addVarArgChild):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getPrediction):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord):
      (ConstantRecord):
      (JSC::DFG::ByteCodeParser::PhiStackEntry::PhiStackEntry):
      (PhiStackEntry):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitFunctionChecks):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::setIntrinsicResult):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::getScope):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
      (OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
      (JSC::DFG::CFGSimplificationPhase::recordNewTarget):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::canonicalize):
      (JSC::DFG::CSEPhase::endIndexForPureCSE):
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::constantCSE):
      (JSC::DFG::CSEPhase::weakConstantCSE):
      (JSC::DFG::CSEPhase::getCalleeLoadElimination):
      (JSC::DFG::CSEPhase::getArrayLengthElimination):
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::checkFunctionElimination):
      (JSC::DFG::CSEPhase::checkExecutableElimination):
      (JSC::DFG::CSEPhase::checkStructureElimination):
      (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::checkArrayElimination):
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      (JSC::DFG::CSEPhase::performSubstitution):
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::eliminate):
      (JSC::DFG::CSEPhase::performNodeCSE):
      (JSC::DFG::CSEPhase::performBlockCSE):
      (CSEPhase):
      * dfg/DFGCommon.cpp: Added.
      (DFG):
      (JSC::DFG::NodePointerTraits::dump):
      * dfg/DFGCommon.h:
      (DFG):
      (JSC::DFG::NodePointerTraits::defaultValue):
      (NodePointerTraits):
      (JSC::DFG::verboseCompilationEnabled):
      (JSC::DFG::shouldDumpGraphAtEachPhase):
      (JSC::DFG::validationEnabled):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
      (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
      (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::Disassembler):
      (JSC::DFG::Disassembler::createDumpList):
      (JSC::DFG::Disassembler::dumpDisassembly):
      * dfg/DFGDisassembler.h:
      (JSC::DFG::Disassembler::setForNode):
      (Disassembler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.cpp: Added.
      (DFG):
      (JSC::DFG::Edge::dump):
      * dfg/DFGEdge.h:
      (JSC::DFG::Edge::Edge):
      (JSC::DFG::Edge::node):
      (JSC::DFG::Edge::operator*):
      (JSC::DFG::Edge::operator->):
      (Edge):
      (JSC::DFG::Edge::setNode):
      (JSC::DFG::Edge::useKind):
      (JSC::DFG::Edge::setUseKind):
      (JSC::DFG::Edge::isSet):
      (JSC::DFG::Edge::shift):
      (JSC::DFG::Edge::makeWord):
      (JSC::DFG::operator==):
      (JSC::DFG::operator!=):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupBlock):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      (JSC::DFG::FixupPhase::fixIntEdge):
      (JSC::DFG::FixupPhase::fixDoubleEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (FixupPhase):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::GenerationInfo):
      (JSC::DFG::GenerationInfo::initConstant):
      (JSC::DFG::GenerationInfo::initInteger):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initCell):
      (JSC::DFG::GenerationInfo::initBoolean):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::initStorage):
      (GenerationInfo):
      (JSC::DFG::GenerationInfo::node):
      (JSC::DFG::GenerationInfo::noticeOSRBirth):
      (JSC::DFG::GenerationInfo::use):
      (JSC::DFG::GenerationInfo::appendFill):
      (JSC::DFG::GenerationInfo::appendSpill):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::~Graph):
      (DFG):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::amountOfNodeWhiteSpace):
      (JSC::DFG::Graph::printNodeWhiteSpace):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      (JSC::DFG::Graph::refChildren):
      (JSC::DFG::Graph::derefChildren):
      (JSC::DFG::Graph::predictArgumentTypes):
      (JSC::DFG::Graph::collectGarbage):
      (JSC::DFG::Graph::determineReachability):
      (JSC::DFG::Graph::resetExitStates):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::ref):
      (JSC::DFG::Graph::deref):
      (JSC::DFG::Graph::changeChild):
      (JSC::DFG::Graph::compareAndSwap):
      (JSC::DFG::Graph::clearAndDerefChild):
      (JSC::DFG::Graph::clearAndDerefChild1):
      (JSC::DFG::Graph::clearAndDerefChild2):
      (JSC::DFG::Graph::clearAndDerefChild3):
      (JSC::DFG::Graph::convertToConstant):
      (JSC::DFG::Graph::getJSConstantSpeculation):
      (JSC::DFG::Graph::addSpeculationMode):
      (JSC::DFG::Graph::valueAddSpeculationMode):
      (JSC::DFG::Graph::arithAddSpeculationMode):
      (JSC::DFG::Graph::addShouldSpeculateInteger):
      (JSC::DFG::Graph::mulShouldSpeculateInteger):
      (JSC::DFG::Graph::negateShouldSpeculateInteger):
      (JSC::DFG::Graph::isConstant):
      (JSC::DFG::Graph::isJSConstant):
      (JSC::DFG::Graph::isInt32Constant):
      (JSC::DFG::Graph::isDoubleConstant):
      (JSC::DFG::Graph::isNumberConstant):
      (JSC::DFG::Graph::isBooleanConstant):
      (JSC::DFG::Graph::isCellConstant):
      (JSC::DFG::Graph::isFunctionConstant):
      (JSC::DFG::Graph::isInternalFunctionConstant):
      (JSC::DFG::Graph::valueOfJSConstant):
      (JSC::DFG::Graph::valueOfInt32Constant):
      (JSC::DFG::Graph::valueOfNumberConstant):
      (JSC::DFG::Graph::valueOfBooleanConstant):
      (JSC::DFG::Graph::valueOfFunctionConstant):
      (JSC::DFG::Graph::valueProfileFor):
      (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
      (JSC::DFG::Graph::numSuccessors):
      (JSC::DFG::Graph::successor):
      (JSC::DFG::Graph::successorForCondition):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      (JSC::DFG::Graph::varArgNumChildren):
      (JSC::DFG::Graph::numChildren):
      (JSC::DFG::Graph::varArgChild):
      (JSC::DFG::Graph::child):
      (JSC::DFG::Graph::voteNode):
      (JSC::DFG::Graph::voteChildren):
      (JSC::DFG::Graph::substitute):
      (JSC::DFG::Graph::substituteGetLocal):
      (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
      (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
      * dfg/DFGInsertionSet.h:
      (JSC::DFG::Insertion::Insertion):
      (JSC::DFG::Insertion::element):
      (Insertion):
      (JSC::DFG::InsertionSet::insert):
      (InsertionSet):
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::setForNode):
      (JSC::DFG::JITCompiler::addressOfDoubleConstant):
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGLongLivedState.cpp: Added.
      (DFG):
      (JSC::DFG::LongLivedState::LongLivedState):
      (JSC::DFG::LongLivedState::~LongLivedState):
      (JSC::DFG::LongLivedState::shrinkToFit):
      * dfg/DFGLongLivedState.h: Added.
      (DFG):
      (LongLivedState):
      * dfg/DFGMinifiedID.h:
      (JSC::DFG::MinifiedID::MinifiedID):
      (JSC::DFG::MinifiedID::node):
      * dfg/DFGMinifiedNode.cpp:
      (JSC::DFG::MinifiedNode::fromNode):
      * dfg/DFGMinifiedNode.h:
      (MinifiedNode):
      * dfg/DFGNode.cpp: Added.
      (DFG):
      (JSC::DFG::Node::index):
      (WTF):
      (WTF::printInternal):
      * dfg/DFGNode.h:
      (DFG):
      (JSC::DFG::Node::Node):
      (Node):
      (JSC::DFG::Node::convertToGetByOffset):
      (JSC::DFG::Node::convertToPutByOffset):
      (JSC::DFG::Node::ref):
      (JSC::DFG::Node::shouldSpeculateInteger):
      (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
      (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
      (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      (JSC::DFG::Node::shouldSpeculateFinalObject):
      (JSC::DFG::Node::shouldSpeculateArray):
      (JSC::DFG::Node::dumpChildren):
      (WTF):
      * dfg/DFGNodeAllocator.h: Added.
      (DFG):
      (operator new ):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      (SpeculationFailureDebugInfo):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (DFG):
      (JSC::DFG::Phase::beginPhase):
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGPhase.h:
      (Phase):
      (JSC::DFG::runAndLog):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::setPrediction):
      (JSC::DFG::PredictionPropagationPhase::mergePrediction):
      (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
      (JSC::DFG::PredictionPropagationPhase::isNotZero):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
      (JSC::DFG::PredictionPropagationPhase::propagateForward):
      (JSC::DFG::PredictionPropagationPhase::propagateBackward):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      (PredictionPropagationPhase):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::ScoreBoard):
      (JSC::DFG::ScoreBoard::use):
      (JSC::DFG::ScoreBoard::useIfHasResult):
      (ScoreBoard):
      * dfg/DFGSilentRegisterSavePlan.h:
      (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
      (JSC::DFG::SilentRegisterSavePlan::node):
      (SilentRegisterSavePlan):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
      (JSC::DFG::SlowPathGenerator::generate):
      (SlowPathGenerator):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::useChildren):
      (JSC::DFG::SpeculativeJIT::isStrictInt32):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownNumeric):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::writeBarrier):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
      (JSC::DFG::GPRTemporary::GPRTemporary):
      (JSC::DFG::FPRTemporary::FPRTemporary):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
      (JSC::DFG::SpeculativeJIT::compileInstanceOf):
      (JSC::DFG::SpeculativeJIT::compileSoftModulo):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
      (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
      (JSC::DFG::SpeculativeJIT::compileRegExpExec):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::isConstant):
      (JSC::DFG::SpeculativeJIT::isJSConstant):
      (JSC::DFG::SpeculativeJIT::isInt32Constant):
      (JSC::DFG::SpeculativeJIT::isDoubleConstant):
      (JSC::DFG::SpeculativeJIT::isNumberConstant):
      (JSC::DFG::SpeculativeJIT::isBooleanConstant):
      (JSC::DFG::SpeculativeJIT::isFunctionConstant):
      (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
      (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
      (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
      (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
      (JSC::DFG::SpeculativeJIT::isNullConstant):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
      (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::integerResult):
      (JSC::DFG::SpeculativeJIT::noResult):
      (JSC::DFG::SpeculativeJIT::cellResult):
      (JSC::DFG::SpeculativeJIT::booleanResult):
      (JSC::DFG::SpeculativeJIT::jsValueResult):
      (JSC::DFG::SpeculativeJIT::storageResult):
      (JSC::DFG::SpeculativeJIT::doubleResult):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::setNodeForOperand):
      (JSC::DFG::IntegerOperand::IntegerOperand):
      (JSC::DFG::IntegerOperand::node):
      (JSC::DFG::IntegerOperand::gpr):
      (JSC::DFG::IntegerOperand::use):
      (IntegerOperand):
      (JSC::DFG::DoubleOperand::DoubleOperand):
      (JSC::DFG::DoubleOperand::node):
      (JSC::DFG::DoubleOperand::fpr):
      (JSC::DFG::DoubleOperand::use):
      (DoubleOperand):
      (JSC::DFG::JSValueOperand::JSValueOperand):
      (JSC::DFG::JSValueOperand::node):
      (JSC::DFG::JSValueOperand::gpr):
      (JSC::DFG::JSValueOperand::fill):
      (JSC::DFG::JSValueOperand::use):
      (JSValueOperand):
      (JSC::DFG::StorageOperand::StorageOperand):
      (JSC::DFG::StorageOperand::node):
      (JSC::DFG::StorageOperand::gpr):
      (JSC::DFG::StorageOperand::use):
      (StorageOperand):
      (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
      (JSC::DFG::SpeculateIntegerOperand::node):
      (JSC::DFG::SpeculateIntegerOperand::gpr):
      (JSC::DFG::SpeculateIntegerOperand::use):
      (SpeculateIntegerOperand):
      (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
      (JSC::DFG::SpeculateStrictInt32Operand::node):
      (JSC::DFG::SpeculateStrictInt32Operand::gpr):
      (JSC::DFG::SpeculateStrictInt32Operand::use):
      (SpeculateStrictInt32Operand):
      (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
      (JSC::DFG::SpeculateDoubleOperand::node):
      (JSC::DFG::SpeculateDoubleOperand::fpr):
      (JSC::DFG::SpeculateDoubleOperand::use):
      (SpeculateDoubleOperand):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (JSC::DFG::SpeculateCellOperand::node):
      (JSC::DFG::SpeculateCellOperand::gpr):
      (JSC::DFG::SpeculateCellOperand::use):
      (SpeculateCellOperand):
      (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
      (JSC::DFG::SpeculateBooleanOperand::node):
      (JSC::DFG::SpeculateBooleanOperand::gpr):
      (JSC::DFG::SpeculateBooleanOperand::use):
      (SpeculateBooleanOperand):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileValueAdd):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileValueAdd):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureAbstractValue.h:
      (StructureAbstractValue):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGValidate.cpp:
      (DFG):
      (Validate):
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::reportValidationContext):
      * dfg/DFGValidate.h:
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::ValueSource):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * runtime/FunctionExecutableDump.cpp: Added.
      (JSC):
      (JSC::FunctionExecutableDump::dump):
      * runtime/FunctionExecutableDump.h: Added.
      (JSC):
      (FunctionExecutableDump):
      (JSC::FunctionExecutableDump::FunctionExecutableDump):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (DFG):
      (JSGlobalData):
      * runtime/Options.h:
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141069 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8ff092fc
  20. 12 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      The JITThunks class should be in its own file, and doing so should not break the build · a4b4cbe9
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=105696
      
      Source/JavaScriptCore: 
      
      Rubber stamped by Sam Weinig and Geoffrey Garen.
              
      This patch was supposed to just move JITThunks into its own file. But then I
      realized that there is a horrible circular dependency chain between JSCell,
      JSGlobalData, CallFrame, and Weak, which only works because of magical include
      order in JITStubs.h, and the fact that JSGlobalData.h includes JITStubs.h
      before it includes JSCell or JSValue.
              
      I first tried to just get JITThunks.h to just magically do the same pointless
      includes that JITStubs.h had, but then I decided to actually fix the underflying
      problem, which was that JSCell needed CallFrame, CallFrame needed JSGlobalData,
      JSGlobalData needed JITThunks, JITThunks needed Weak, and Weak needed JSCell.
      Now, all of JSCell's outgoing dependencies are placed in JSCellInlines.h. This
      also gave me an opportunity to move JSValue inline methods from JSCell.h into
      JSValueInlines.h. But to make this really work, I needed to remove includes of
      *Inlines.h from other headers (CodeBlock.h for example included JSValueInlines.h,
      which defeats the whole entire purpose of having an Inlines.h file), and I needed
      to add includes of *Inlines.h into a bunch of .cpp files. I did this mostly by
      having .cpp files include Operations.h. In future, if you're adding a .cpp file
      to JSC, you'll almost certainly have to include Operations.h unless you enjoy
      link errors.
      
      * API/JSBase.cpp:
      * API/JSCallbackConstructor.cpp:
      * API/JSCallbackFunction.cpp:
      * API/JSCallbackObject.cpp:
      * API/JSClassRef.cpp:
      * API/JSContextRef.cpp:
      * API/JSObjectRef.cpp:
      * API/JSScriptRef.cpp:
      * API/JSWeakObjectMapRefPrivate.cpp:
      * JSCTypedArrayStubs.h:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ArrayAllocationProfile.cpp:
      * bytecode/CodeBlock.cpp:
      * bytecode/GetByIdStatus.cpp:
      * bytecode/LazyOperandValueProfile.cpp:
      * bytecode/ResolveGlobalStatus.cpp:
      * bytecode/SpeculatedType.cpp:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecompiler/BytecodeGenerator.cpp:
      * debugger/Debugger.cpp:
      * debugger/DebuggerActivation.cpp:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGArrayMode.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGDriver.cpp:
      * dfg/DFGFixupPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGPredictionPropagationPhase.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (DFG):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      * dfg/DFGVariableEventStream.cpp:
      * heap/CopiedBlock.h:
      * heap/CopiedSpace.cpp:
      * heap/HandleSet.cpp:
      * heap/Heap.cpp:
      * heap/HeapStatistics.cpp:
      * heap/SlotVisitor.cpp:
      * heap/WeakBlock.cpp:
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * jit/ClosureCallStubRoutine.cpp:
      * jit/GCAwareJITStubRoutine.cpp:
      * jit/JIT.cpp:
      * jit/JITArithmetic.cpp:
      * jit/JITArithmetic32_64.cpp:
      * jit/JITCall.cpp:
      * jit/JITCall32_64.cpp:
      * jit/JITCode.h:
      * jit/JITExceptions.cpp:
      * jit/JITStubs.h:
      * jit/JITThunks.h:
      * jsc.cpp:
      * llint/LLIntExceptions.cpp:
      * profiler/LegacyProfiler.cpp:
      * profiler/ProfileGenerator.cpp:
      * profiler/ProfilerBytecode.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * profiler/ProfilerBytecodes.cpp:
      * profiler/ProfilerCompilation.cpp:
      * profiler/ProfilerCompiledBytecode.cpp:
      * profiler/ProfilerDatabase.cpp:
      * profiler/ProfilerOSRExit.cpp:
      * profiler/ProfilerOSRExitSite.cpp:
      * profiler/ProfilerOrigin.cpp:
      * profiler/ProfilerOriginStack.cpp:
      * profiler/ProfilerProfiledBytecodes.cpp:
      * runtime/ArgList.cpp:
      * runtime/Arguments.cpp:
      * runtime/ArrayConstructor.cpp:
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanObject.cpp:
      * runtime/BooleanPrototype.cpp:
      * runtime/CallData.cpp:
      * runtime/CodeCache.cpp:
      * runtime/Completion.cpp:
      * runtime/ConstructData.cpp:
      * runtime/DateConstructor.cpp:
      * runtime/DateInstance.cpp:
      * runtime/DatePrototype.cpp:
      * runtime/Error.cpp:
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorInstance.cpp:
      * runtime/ErrorPrototype.cpp:
      * runtime/ExceptionHelpers.cpp:
      * runtime/Executable.cpp:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionPrototype.cpp:
      * runtime/GetterSetter.cpp:
      * runtime/Identifier.cpp:
      * runtime/InternalFunction.cpp:
      * runtime/JSActivation.cpp:
      * runtime/JSBoundFunction.cpp:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC):
      * runtime/JSCellInlines.h: Added.
      (JSC):
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::JSCell::structure):
      (JSC::JSCell::visitChildren):
      (JSC::allocateCell):
      (JSC::isZapped):
      (JSC::JSCell::isObject):
      (JSC::JSCell::isString):
      (JSC::JSCell::isGetterSetter):
      (JSC::JSCell::isProxy):
      (JSC::JSCell::isAPIValueWrapper):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::methodTable):
      (JSC::JSCell::inherits):
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSCell::fastGetOwnProperty):
      (JSC::JSCell::toBoolean):
      * runtime/JSDateMath.cpp:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      (JSC):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSLock.cpp:
      * runtime/JSNameScope.cpp:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSONObject.cpp:
      * runtime/JSObject.h:
      (JSC):
      * runtime/JSProxy.cpp:
      * runtime/JSScope.cpp:
      * runtime/JSSegmentedVariableObject.cpp:
      * runtime/JSString.h:
      (JSC):
      * runtime/JSStringJoiner.cpp:
      * runtime/JSSymbolTableObject.cpp:
      * runtime/JSValue.cpp:
      * runtime/JSValueInlines.h:
      (JSC::JSValue::toInt32):
      (JSC::JSValue::toUInt32):
      (JSC):
      (JSC::JSValue::isUInt32):
      (JSC::JSValue::asUInt32):
      (JSC::JSValue::asNumber):
      (JSC::jsNaN):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::encode):
      (JSC::JSValue::decode):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::JSValue::isEmpty):
      (JSC::JSValue::isUndefined):
      (JSC::JSValue::isNull):
      (JSC::JSValue::isUndefinedOrNull):
      (JSC::JSValue::isCell):
      (JSC::JSValue::isInt32):
      (JSC::JSValue::isDouble):
      (JSC::JSValue::isTrue):
      (JSC::JSValue::isFalse):
      (JSC::JSValue::tag):
      (JSC::JSValue::payload):
      (JSC::JSValue::asInt32):
      (JSC::JSValue::asDouble):
      (JSC::JSValue::asCell):
      (JSC::JSValue::isNumber):
      (JSC::JSValue::isBoolean):
      (JSC::JSValue::asBoolean):
      (JSC::reinterpretDoubleToInt64):
      (JSC::reinterpretInt64ToDouble):
      (JSC::JSValue::isString):
      (JSC::JSValue::isPrimitive):
      (JSC::JSValue::isGetterSetter):
      (JSC::JSValue::isObject):
      (JSC::JSValue::getString):
      (JSC::::getString):
      (JSC::JSValue::getObject):
      (JSC::JSValue::getUInt32):
      (JSC::JSValue::toPrimitive):
      (JSC::JSValue::getPrimitiveNumber):
      (JSC::JSValue::toNumber):
      (JSC::JSValue::toObject):
      (JSC::JSValue::isFunction):
      (JSC::JSValue::inherits):
      (JSC::JSValue::toThisObject):
      (JSC::JSValue::get):
      (JSC::JSValue::put):
      (JSC::JSValue::putByIndex):
      (JSC::JSValue::structureOrUndefined):
      (JSC::JSValue::equal):
      (JSC::JSValue::equalSlowCaseInline):
      (JSC::JSValue::strictEqualSlowCaseInline):
      (JSC::JSValue::strictEqual):
      * runtime/JSVariableObject.cpp:
      * runtime/JSWithScope.cpp:
      * runtime/JSWrapperObject.cpp:
      * runtime/LiteralParser.cpp:
      * runtime/Lookup.cpp:
      * runtime/NameConstructor.cpp:
      * runtime/NameInstance.cpp:
      * runtime/NamePrototype.cpp:
      * runtime/NativeErrorConstructor.cpp:
      * runtime/NativeErrorPrototype.cpp:
      * runtime/NumberConstructor.cpp:
      * runtime/NumberObject.cpp:
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      * runtime/Operations.h:
      (JSC):
      * runtime/PropertySlot.cpp:
      * runtime/RegExp.cpp:
      * runtime/RegExpCache.cpp:
      * runtime/RegExpCachedResult.cpp:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpMatchesArray.cpp:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpPrototype.cpp:
      * runtime/SmallStrings.cpp:
      * runtime/SparseArrayValueMap.cpp:
      * runtime/StrictEvalActivation.cpp:
      * runtime/StringConstructor.cpp:
      * runtime/StringObject.cpp:
      * runtime/StringRecursionChecker.cpp:
      * runtime/Structure.h:
      (JSC):
      * runtime/StructureChain.cpp:
      * runtime/TimeoutChecker.cpp:
      * testRegExp.cpp:
      
      Source/WebCore: 
      
      Rubber stamped by Sam Weinig.
      
      All .cpp files that use the JSC internal API must now transitively include
      Operations.h, and none of the major JSC headers do it for you to avoid
      circularity. WebCore doesn't have to worry about circularity with JSC, so
      this changes all of the major WebCore JSC base headers to include
      Operations.h.
      
      * bindings/js/BindingState.h:
      * bindings/js/JSArrayBufferViewHelper.h:
      * bindings/js/JSCustomXPathNSResolver.h:
      * bindings/js/JSDOMBinding.h:
      * bindings/js/JSDOMGlobalObject.h:
      * bindings/js/JSDictionary.h:
      * bindings/js/JSMessagePortCustom.h:
      * bindings/js/JSNodeFilterCondition.h:
      * bindings/js/ScriptValue.h:
      * bindings/js/ScriptWrappable.h:
      * bindings/js/SerializedScriptValue.cpp:
      * bridge/c/c_utility.h:
      * bridge/jsc/BridgeJSC.h:
      * dom/Node.cpp:
      * html/HTMLCanvasElement.cpp:
      * html/HTMLImageLoader.cpp:
      * plugins/efl/PluginViewEfl.cpp:
      * xml/XMLHttpRequest.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139541 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4b4cbe9
  21. 05 Dec, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC profiler should not count executions of op_call_put_result because doing so changes DFG codegen · bb1c9483
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=104102
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      This removes op_call_put_result from profiling, since profiling it has an effect on
      codegen. This fix enables all of SunSpider, V8, and Kraken to be profiled with the
      new profiler.
              
      To make this all fit together, the profiler now also reports in its output the exact
      bytecode opcode name for each instruction (in addition to the stringified dump of that
      bytecode), so that tools that grok the output can take note of op_call_put_result and
      work around the fact that it has no counts.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      * profiler/ProfilerBytecode.cpp:
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecode.h:
      (JSC::Profiler::Bytecode::Bytecode):
      (JSC::Profiler::Bytecode::opcodeID):
      (Bytecode):
      * profiler/ProfilerDatabase.cpp:
      (JSC::Profiler::Database::ensureBytecodesFor):
      * runtime/CommonIdentifiers.h:
      
      Tools: 
      
      Modify the profiler to not output counts for op_call_put_result, since there
      won't be any. Also fix a few weird bugs, like providing better error reporting
      when you type something incorrectly and not reporting counts for slow paths
      in the old JIT since those counts are actually not what you think they are
      (we don't actually count slow path executions separately).
      
      * Scripts/display-profiler-output:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136720 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bb1c9483
  22. 22 Nov, 2012 1 commit
    • fpizlo@apple.com's avatar
      Rename dataLog() and dataLogV() to dataLogF() and dataLogFV() · 01902c80
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=103001
      
      Rubber stamped by Dan Bernstein.
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      (JSC::LinkBuffer::dumpLinkStatistics):
      (JSC::LinkBuffer::dumpCode):
      * assembler/LinkBuffer.h:
      (JSC):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::vprintfStdoutInstr):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
      (JSC::CodeBlock::printUnaryOp):
      (JSC::CodeBlock::printBinaryOp):
      (JSC::CodeBlock::printConditionalJump):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::dumpStructure):
      (JSC::dumpChain):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::printPutByIdOp):
      (JSC::CodeBlock::printStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::dumpStatistics):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::resetStubInternal):
      (JSC::CodeBlock::reoptimize):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::CodeBlock::shouldOptimizeNow):
      (JSC::CodeBlock::tallyFrequentExitSites):
      (JSC::CodeBlock::dumpValueProfiles):
      * bytecode/Opcode.cpp:
      (JSC::OpcodeStats::~OpcodeStats):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingFlags::stop):
      (JSC::SamplingRegion::dumpInternal):
      (JSC::SamplingTool::dump):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::endBasicBlock):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::dump):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      (JSC::DFG::CFAPhase::performForwardCFA):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::endIndexForPureCSE):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::eliminate):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::debugFail):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dump):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixDoubleEdge):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::printWhiteSpace):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (JSC::DFG::Phase::beginPhase):
      * dfg/DFGPhase.h:
      (JSC::DFG::runAndLog):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::propagateForward):
      (JSC::DFG::PredictionPropagationPhase::propagateBackward):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGRegisterBank.h:
      (JSC::DFG::RegisterBank::dump):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::use):
      (JSC::DFG::ScoreBoard::dump):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::generate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
      (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
      (JSC::DFG::SpeculativeJIT::dump):
      (JSC::DFG::SpeculativeJIT::checkConsistency):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGValidate.cpp:
      (Validate):
      (JSC::DFG::Validate::reportValidationContext):
      (JSC::DFG::Validate::dumpData):
      (JSC::DFG::Validate::dumpGraphIfAppropriate):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::logEvent):
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * heap/Heap.cpp:
      * heap/HeapStatistics.cpp:
      (JSC::HeapStatistics::logStatistics):
      (JSC::HeapStatistics::showObjectStatistics):
      * heap/MarkStack.h:
      * heap/MarkedBlock.h:
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::validate):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::dumpCaller):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITDisassembler.cpp:
      (JSC::JITDisassembler::dump):
      (JSC::JITDisassembler::dumpForInstructions):
      * jit/JITStubRoutine.h:
      (JSC):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JumpReplacementWatchpoint.cpp:
      (JSC::JumpReplacementWatchpoint::fireInternal):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      * profiler/Profile.cpp:
      (JSC::Profile::debugPrintData):
      (JSC::Profile::debugPrintDataSampleStyle):
      * profiler/ProfileNode.cpp:
      (JSC::ProfileNode::debugPrintData):
      (JSC::ProfileNode::debugPrintDataSampleStyle):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::dumpRegExpTrace):
      * runtime/RegExp.cpp:
      (JSC::RegExp::matchCompareWithInterpreter):
      * runtime/SamplingCounter.cpp:
      (JSC::AbstractSamplingCounter::dump):
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::report):
      * tools/ProfileTreeNode.h:
      (JSC::ProfileTreeNode::dumpInternal):
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::ByteCompiler::dumpDisjunction):
      
      Source/WebCore: 
      
      No change in behavior, so no new tests.
      
      * platform/KURLWTFURL.cpp:
      (WebCore::KURL::print):
      
      Source/WTF: 
      
      * wtf/DataLog.cpp:
      (WTF::dataLogFV):
      (WTF::dataLogF):
      (WTF::dataLogFString):
      * wtf/DataLog.h:
      (WTF):
      * wtf/HashTable.cpp:
      (WTF::HashTableStats::dumpStats):
      * wtf/HashTable.h:
      (WTF::HashTable::Stats::dumpStats):
      * wtf/MetaAllocator.cpp:
      (WTF::MetaAllocator::dumpProfile):
      * wtf/StackStats.cpp:
      (WTF::StackStats::initialize):
      (WTF::StackStats::PerThreadStats::PerThreadStats):
      (WTF::StackStats::CheckPoint::CheckPoint):
      (WTF::StackStats::CheckPoint::~CheckPoint):
      (WTF::StackStats::probe):
      (WTF::StackStats::LayoutCheckPoint::LayoutCheckPoint):
      * wtf/text/WTFString.cpp:
      (String::show):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@135469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      01902c80