1. 22 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      Combine SymbolTable and SharedSymbolTable · bbddb5bf
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124761
      
      Reviewed by Geoffrey Garen.
              
      SymbolTable was never used directly; we now always used SharedSymbolTable. So, this
      gets rid of SymbolTable and renames SharedSymbolTable to SymbolTable.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::symbolTable):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::symbolTable):
      (JSC::UnlinkedCodeBlock::symbolTable):
      (JSC::UnlinkedCodeBlock::finishCreation):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::symbolTable):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStackLayoutPhase.cpp:
      (JSC::DFG::StackLayoutPhase::run):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::symbolTableFor):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreation):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::symbolTable):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::registersOffset):
      (JSC::JSActivation::allocationSize):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::symbolTable):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/SymbolTable.cpp:
      (JSC::SymbolTable::destroy):
      (JSC::SymbolTable::SymbolTable):
      * runtime/SymbolTable.h:
      (JSC::SymbolTable::create):
      (JSC::SymbolTable::createStructure):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159713 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bbddb5bf
  2. 06 Nov, 2013 1 commit
    • oliver@apple.com's avatar
      Support iteration of the Arguments object · 125f4cff
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=123835
      
      Reviewed by Mark Lam.
      
      Source/JavaScriptCore:
      
      Add an ArgumentsIterator object, and associated classes so that we can support
      iteration of the arguments object.
      
      This is a largely mechanical patch.  The only gnarliness is in the
      logic to avoid reifying the Arguments object in for(... of arguments)
      scenarios.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitEnumeration):
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::argumentsFuncIterator):
      * runtime/Arguments.h:
      * runtime/ArgumentsIteratorConstructor.cpp: Added.
      (JSC::ArgumentsIteratorConstructor::finishCreation):
      * runtime/ArgumentsIteratorConstructor.h: Added.
      (JSC::ArgumentsIteratorConstructor::create):
      (JSC::ArgumentsIteratorConstructor::createStructure):
      (JSC::ArgumentsIteratorConstructor::ArgumentsIteratorConstructor):
      * runtime/ArgumentsIteratorPrototype.cpp: Added.
      (JSC::ArgumentsIteratorPrototype::finishCreation):
      (JSC::argumentsIteratorPrototypeFuncIterator):
      (JSC::argumentsIteratorPrototypeFuncNext):
      * runtime/ArgumentsIteratorPrototype.h: Added.
      (JSC::ArgumentsIteratorPrototype::create):
      (JSC::ArgumentsIteratorPrototype::createStructure):
      (JSC::ArgumentsIteratorPrototype::ArgumentsIteratorPrototype):
      * runtime/CommonIdentifiers.h:
      * runtime/JSArgumentsIterator.cpp: Added.
      (JSC::JSArgumentsIterator::finishCreation):
      * runtime/JSArgumentsIterator.h: Added.
      (JSC::JSArgumentsIterator::createStructure):
      (JSC::JSArgumentsIterator::create):
      (JSC::JSArgumentsIterator::next):
      (JSC::JSArgumentsIterator::JSArgumentsIterator):
      * runtime/JSArrayIterator.cpp:
      (JSC::createIteratorResult):
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      
      LayoutTests:
      
      Add test cases
      
      * js/arguments-iterator-expected.txt: Added.
      * js/arguments-iterator.html: Added.
      * js/script-tests/arguments-iterator.js: Added.
      (shouldThrow.test):
      (testAlias):
      (testStrict):
      (testReifiedArguments):
      (testOverwrittenArguments):
      (testNullArguments):
      (testNonArrayLikeArguments):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158793 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      125f4cff
  3. 07 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      ASSERTION FAILED: bitwise_cast<WriteBarrier<Unknown>*>(callFrame) ==... · 0e97f125
      fpizlo@apple.com authored
      ASSERTION FAILED: bitwise_cast<WriteBarrier<Unknown>*>(callFrame) == m_registers in jsc-layout-tests.yaml/js/script-tests/dfg-inline-arguments-capture-throw-exception.js.layout-dfg-eager-no-cjit
      https://bugs.webkit.org/show_bug.cgi?id=122418
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      This is pretty awesome. With stack compression, Arguments created in the DFG will point
      their m_registers pointers into a different slab of stack than they would have in byte
      code.
      
      Hence OSR exit must repoint any Arguments objects' m_registers pointers. It previously
      neglected to do so. This patch fixes that.
              
      Fixing this unveiled another bug: the stack reversal broke the reification of inlined
      phantom arguments.
              
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::reifyInlinedCallFrames):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/Arguments.h:
      (JSC::Arguments::offsetOfNumArguments):
      (JSC::Arguments::offsetOfRegisters):
      (JSC::Arguments::offsetOfSlowArgumentData):
      (JSC::Arguments::offsetOfOverrodeLength):
      
      LayoutTests: 
      
      * js/script-tests/dfg-arguments-osr-exit-multiple-blocks-before-exit.js:
      * js/script-tests/dfg-arguments-osr-exit-multiple-blocks.js:
      * js/script-tests/dfg-arguments-osr-exit.js:
      * js/script-tests/dfg-inline-arguments-capture-throw-exception.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157035 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e97f125
  4. 06 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      Compress DFG stack layout · a62d4829
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122024
      
      Reviewed by Oliver Hunt.
              
      The DFG needs to be able to store things at a known offset from frame pointer so that
      the runtime can read those things. Prior to this patch, the DFG would use the exact
      offsets that the bytecode asked for, even in the case of inlining, where it would use
      the callsite stack offset to shift all of the inlined function's variables over just as
      they would have been if a bytecode interpreter had really made the call.
              
      But this won't work once WebKit-LLVM integration is complete. LLVM has no notion of
      storing things at a fixed offset from the frame pointer. We could try to hack LLVM to do
      that, but it would seriously complicate LLVM's stack layout. But what we might be able
      to do is have LLVM tell us (via an addressof intrinsic and a side-channel) where some
      alloca landed relative to the frame pointer. Hence if the DFG can put all of its flushed
      variables in a contiguous range that can be expressed to LLVM as a struct that we
      alloca, then all of this can still work just fine.
              
      Previously the flushed variables didn't fit in a contiguous range, but this patch makes
      them contiguous by allowing the stack layout to be compressed.
              
      What this really means is that there is now a distinction between where the DFG saw a
      variable stored in bytecode and where it will actually store it in the resulting machine
      code. Henceforth when the DFG says "local" or "virtual register" it means the variable
      according to bytecode (with the stack offsetting for inlined code as before), but when
      it says "machine local" or "machine virtual register" it means the actual place where it
      will store things in the resulting machine code. All of the OSR exit, inlined arguments,
      captured variables, and various stack unwinding machine now knows about all of this.
              
      Note that the DFG's abstract interpretation still uses bytecode variables rather than
      machine variables. Same for CSE and abstract heaps. This makes sense since it means that
      we don't have to decide on machine variable allocation just to do those optimizations.
              
      The decision of what a local's machine location becomes is deferred to very late in
      compilation. We only need to assign machine locations to variables that must be stored
      to the stack. It's now mandatory to run some kind of "stack layout phase" that makes the
      decision and updates all data structures.
              
      So far the way that this is being used is just to compress the DFG stack layout, which
      is something that we should have done anyway, a long time ago. And the compression isn't
      even that good - the current StackLayoutPhase just identifies local indices that are
      unused in machine code and slides all other variables towards zero. This doesn't achieve
      particularly good compression but it is better than nothing. Note that this phase makes
      it seem like the bytecode-machine mapping is based on bytecode local indices; for
      example if bytecode local 4 is mapped to machine local 3 then it always will be. That's
      true for the current StackLayoutPhase but it _will not_ be true for all possible stack
      layout phases and it would be incorrect to assume that it should be true. This is why
      the current data structures have each VariableAccessData hold its own copy of the
      machine virtual register, and also have each InlineCallFrame report their own machine
      virtual registers for the various things. The DFG backend is likely to always use the
      dumb StackLayoutPhase since it is very cheap to run, but the FTL backend is likely to
      eventually get a better one, where we do some kind of constraint-based coloring: we
      institute constraints where some VariableAccessData's must have the same indices as some
      other ones, and also must be right next to some other ones; then we process all
      VariableAccessData's and attempt to assign them machine locals while preserving those
      constraints. This could lead to two VariableAccessDatas for the same bytecode local
      ending up with different machine locals.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::isCaptured):
      (JSC::CodeBlock::framePointerOffsetToGetActivationRegisters):
      (JSC::CodeBlock::machineSlowArguments):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasSlowArguments):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::dump):
      (JSC::InlineCallFrame::calleeForCallFrame):
      (JSC::InlineCallFrame::dumpInContext):
      * bytecode/CodeOrigin.h:
      (JSC::InlineCallFrame::InlineCallFrame):
      (JSC::InlineCallFrame::calleeConstant):
      * bytecode/Operands.h:
      (JSC::Operands::indexForOperand):
      * dfg/DFGBasicBlock.cpp:
      (JSC::DFG::BasicBlock::SSAData::SSAData):
      * dfg/DFGBasicBlock.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCommon.h:
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * dfg/DFGDesiredWriteBarriers.cpp:
      (JSC::DFG::DesiredWriteBarrier::trigger):
      * dfg/DFGDesiredWriteBarriers.h:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      (JSC::DFG::FlushLivenessAnalysisPhase::run):
      (JSC::DFG::FlushLivenessAnalysisPhase::process):
      (JSC::DFG::FlushLivenessAnalysisPhase::reportError):
      * dfg/DFGFlushedAt.cpp: Added.
      (JSC::DFG::FlushedAt::dump):
      (JSC::DFG::FlushedAt::dumpInContext):
      * dfg/DFGFlushedAt.h: Added.
      (JSC::DFG::FlushedAt::FlushedAt):
      (JSC::DFG::FlushedAt::operator!):
      (JSC::DFG::FlushedAt::format):
      (JSC::DFG::FlushedAt::virtualRegister):
      (JSC::DFG::FlushedAt::operator==):
      (JSC::DFG::FlushedAt::operator!=):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::bytecodeRegisterForArgument):
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::machineArgumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::activationRegister):
      (JSC::DFG::Graph::uncheckedActivationRegister):
      (JSC::DFG::Graph::machineActivationRegister):
      (JSC::DFG::Graph::uncheckedMachineActivationRegister):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (JSC::DFG::Node::convertToGetLocal):
      (JSC::DFG::Node::machineLocal):
      (JSC::DFG::Node::hasUnlinkedMachineLocal):
      (JSC::DFG::Node::setUnlinkedMachineLocal):
      (JSC::DFG::Node::unlinkedMachineLocal):
      (JSC::DFG::Node::hasInlineStartData):
      (JSC::DFG::Node::inlineStartData):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::dumpNodeFlags):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      (JSC::DFG::OSREntryReshuffling::OSREntryReshuffling):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::reifyInlinedCallFrames):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::ScoreBoard):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      (JSC::DFG::SpeculativeJIT::createOSREntries):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::calleeFrameOffset):
      (JSC::DFG::SpeculativeJIT::callFrameSlot):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
      (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
      (JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters):
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStackLayoutPhase.cpp: Added.
      (JSC::DFG::StackLayoutPhase::StackLayoutPhase):
      (JSC::DFG::StackLayoutPhase::run):
      (JSC::DFG::performStackLayout):
      * dfg/DFGStackLayoutPhase.h: Added.
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::machineLocal):
      (JSC::DFG::VariableAccessData::flushedAt):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLExitValue.h:
      (JSC::FTL::ExitValue::inJSStack):
      (JSC::FTL::ExitValue::inJSStackAsInt32):
      (JSC::FTL::ExitValue::inJSStackAsInt52):
      (JSC::FTL::ExitValue::inJSStackAsDouble):
      (JSC::FTL::ExitValue::virtualRegister):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      (JSC::FTL::ValueSource::ValueSource):
      (JSC::FTL::ValueSource::kind):
      (JSC::FTL::ValueSource::operator!):
      (JSC::FTL::ValueSource::node):
      (JSC::FTL::ValueSource::virtualRegister):
      * interpreter/Interpreter.cpp:
      (JSC::unwindCallFrame):
      * interpreter/StackVisitor.cpp:
      (JSC::StackVisitor::readInlinedFrame):
      (JSC::StackVisitor::Frame::createArguments):
      (JSC::StackVisitor::Frame::existingArguments):
      * interpreter/StackVisitor.h:
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::addressFor):
      (JSC::AssemblyHelpers::tagFor):
      (JSC::AssemblyHelpers::payloadFor):
      (JSC::AssemblyHelpers::offsetOfArgumentsIncludingThis):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      (JSC::Arguments::allocateSlowArguments):
      (JSC::Arguments::tryDeleteArgument):
      (JSC::Arguments::isDeletedArgument):
      (JSC::Arguments::isArgument):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSC::JSActivation::JSActivation):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156984 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a62d4829
  5. 30 Sep, 2013 1 commit
    • fpizlo@apple.com's avatar
      Get rid of the AlreadyInJSStack recoveries since they are totally redundant... · c6bb4a9f
      fpizlo@apple.com authored
      Get rid of the AlreadyInJSStack recoveries since they are totally redundant with the DisplacedInJSStack recoveries
      https://bugs.webkit.org/show_bug.cgi?id=122065
      
      Reviewed by Mark Hahnenberg.
              
      This mostly just kills a bunch of code.
              
      But incidentaly while killing that code, I uncovered a bug in our FTL OSR entrypoint
      creation phase. The phase inserts a sequence of SetLocal(ExtractOSREntryLocal) nodes.
      If we hoist some type check into the local, then we might inject a conversion node
      between the ExtractOSREntryLocal and the SetLocal - for example we might put in a
      Int32ToDouble node. But currently the FixupPhase will make all conversion nodes placed
      on an edge of a SetLocal use forward exit. This then confuses the OSR exit machinery.
      When OSR exit sees a forward exit, it tries to "roll forward" execution from the exiting
      node to the first node that has a different CodeOrigin. This only works if the nodes
      after the forward exit are MovHints or other tnings that the OSR exit compiler can
      forward-execute. But here, it will see a bunch of SetLocal and ExtractOSREntryLocal
      nodes for the same bytecode index. Two possible solutions exist. We could teach the
      forward-execution logic how to deal with multiple SetLocals and ExtractOSREntryLocals.
      This would be a lot of complexity; right now it just needs to deal with exactly one
      SetLocal-like operation. The alternative is to make sure that the conversion node that
      we inject ends up exiting *backward* rather than forward.
              
      But making the conversion nodes exit backward is somewhat tricky. Before this patch,
      conversion nodes always exit forward for SetLocals and backwards otherwise. It turns out
      that the solution is to rationalize how we choose the speculation direciton for a
      conversion node. The conversion node's speculation direction should be the same as the
      speculation direction of the node for which it is doing a conversion. Since SetLocal's
      already exit forward by default, this policy preserves our previous behavior. But it
      also allows the OSR entrypoint creation phase to make its SetLocals exit backward
      instead.
              
      Of course, if the SetLocal(ExtractOSREntryLocal) sequences exit backward, then we need
      to make sure that the OSR exit machine knows that the local variables are indeed live.
      Consider that if we have:
              
          a: ExtractOSREntryLocal(loc1)
          b: SetLocal(@a, loc1)
          c: ExtractOSRentryLocal(loc2)
          d: SetLocal(@c, loc2)
              
      Without additional magic, the exit at @b will think that loc2 is dead and the OSR exit
      compiler will clobber loc2 with Undefined. So we need to make sure that we actually
      emit code like:
              
          a: ExtractOSREntryLocal(loc1)
          b: ExtractOSREntryLocal(loc2)
          c: SetLocal(@a, loc1)
          d: SetLocal(@b, loc2)
          e: SetLocal(@a, loc1)
          f: SetLocal(@b, loc2)
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeOrigin.h:
      * bytecode/ValueRecovery.cpp: Added.
      (JSC::ValueRecovery::recover):
      (JSC::ValueRecovery::dumpInContext):
      (JSC::ValueRecovery::dump):
      * bytecode/ValueRecovery.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::fixEdge):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::speculationDirection):
      (JSC::DFG::Node::setSpeculationDirection):
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      (JSC::DFG::OSREntrypointCreationPhase::run):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::speculate):
      (JSC::FTL::LowerDFGToLLVM::speculateMachineInt):
      * interpreter/Register.h:
      (JSC::Register::unboxedStrictInt52):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156677 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6bb4a9f
  6. 19 Sep, 2013 1 commit
    • weinig@apple.com's avatar
      Replace use of OwnArrayPtr<Foo> with std::unique_ptr<Foo[]> in JavaScriptCore · 5c4dbc40
      weinig@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121583
      
      Reviewed by Anders Carlsson.
      
      * API/JSStringRefCF.cpp:
      (JSStringCreateWithCFString):
      * API/JSStringRefQt.cpp:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::dumpDisassembly):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      (JSC::Arguments::isTornOff):
      (JSC::Arguments::allocateSlowArguments):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSSegmentedVariableObject.h:
      * runtime/JSVariableObject.h:
      * runtime/PropertyNameArray.h:
      * runtime/RegExp.cpp:
      * runtime/StructureChain.h:
      (JSC::StructureChain::finishCreation):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::setSlowArguments):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156079 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5c4dbc40
  7. 21 Aug, 2013 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=120139 · 61ff98cd
      barraclough@apple.com authored
      PropertyDescriptor argument to define methods should be const
      
      Rubber stamped by Sam Weinig.
      
      This should never be modified, and this way we can use rvalues.
      
      Source/JavaScriptCore: 
      
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::defineOwnProperty):
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::defineOwnProperty):
      * runtime/Arguments.h:
      * runtime/ClassInfo.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      * runtime/JSArray.h:
      * runtime/JSArrayBuffer.cpp:
      (JSC::JSArrayBuffer::defineOwnProperty):
      * runtime/JSArrayBuffer.h:
      * runtime/JSArrayBufferView.cpp:
      (JSC::JSArrayBufferView::defineOwnProperty):
      * runtime/JSArrayBufferView.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::defineOwnProperty):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      * runtime/JSGenericTypedArrayView.h:
      * runtime/JSGenericTypedArrayViewInlines.h:
      (JSC::::defineOwnProperty):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::defineOwnProperty):
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::putDescriptor):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::defineOwnProperty):
      * runtime/JSProxy.h:
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::defineOwnProperty):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::defineOwnProperty):
      * runtime/RegExpObject.h:
      * runtime/StringObject.cpp:
      (JSC::StringObject::defineOwnProperty):
      * runtime/StringObject.h:
          - make PropertyDescriptor const
      
      Source/WebCore: 
      
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::defineOwnProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::defineOwnProperty):
      (WebCore::JSLocationPrototype::defineOwnProperty):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
          - make PropertyDescriptor const
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154422 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      61ff98cd
  8. 20 Aug, 2013 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=120093 · 174570f9
      barraclough@apple.com authored
      Remove getOwnPropertyDescriptor trap
      
      Reviewed by Geoff Garen.
      
      All implementations of this method are now called via the method table, and equivalent in behaviour.
      Remove all duplicate implementations (and the method table trap), and add a single member function implementation on JSObject.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      * debugger/DebuggerActivation.cpp:
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConstructor.h:
      * runtime/ArrayPrototype.cpp:
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      * runtime/BooleanPrototype.h:
          - remove getOwnPropertyDescriptor
      * runtime/ClassInfo.h:
          - remove getOwnPropertyDescriptor from MethodTable
      * runtime/DateConstructor.cpp:
      * runtime/DateConstructor.h:
      * runtime/DatePrototype.cpp:
      * runtime/DatePrototype.h:
      * runtime/ErrorPrototype.cpp:
      * runtime/ErrorPrototype.h:
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      * runtime/JSArray.h:
      * runtime/JSArrayBuffer.cpp:
      * runtime/JSArrayBuffer.h:
      * runtime/JSArrayBufferView.cpp:
      * runtime/JSArrayBufferView.h:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      * runtime/JSDataView.cpp:
      * runtime/JSDataView.h:
      * runtime/JSDataViewPrototype.cpp:
      * runtime/JSDataViewPrototype.h:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      * runtime/JSGenericTypedArrayView.h:
      * runtime/JSGenericTypedArrayViewInlines.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      * runtime/JSONObject.h:
          - remove getOwnPropertyDescriptor
      * runtime/JSObject.cpp:
      (JSC::JSObject::propertyIsEnumerable):
          - switch to call new getOwnPropertyDescriptor member function
      (JSC::JSObject::getOwnPropertyDescriptor):
          - new, based on imlementation from GET_OWN_PROPERTY_DESCRIPTOR_IMPL
      (JSC::JSObject::defineOwnNonIndexProperty):
          - switch to call new getOwnPropertyDescriptor member function
      * runtime/JSObject.h:
      * runtime/JSProxy.cpp:
      * runtime/JSProxy.h:
      * runtime/NamePrototype.cpp:
      * runtime/NamePrototype.h:
      * runtime/NumberConstructor.cpp:
      * runtime/NumberConstructor.h:
      * runtime/NumberPrototype.cpp:
      * runtime/NumberPrototype.h:
          - remove getOwnPropertyDescriptor
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
          - switch to call new getOwnPropertyDescriptor member function
      * runtime/ObjectConstructor.h:
          - remove getOwnPropertyDescriptor
      * runtime/PropertyDescriptor.h:
          - remove GET_OWN_PROPERTY_DESCRIPTOR_IMPL
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.cpp:
      * runtime/RegExpMatchesArray.h:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpObject.h:
      * runtime/RegExpPrototype.cpp:
      * runtime/RegExpPrototype.h:
      * runtime/StringConstructor.cpp:
      * runtime/StringConstructor.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
          - remove getOwnPropertyDescriptor
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      * bindings/scripts/test/JS/JSTestException.cpp:
      * bindings/scripts/test/JS/JSTestException.h:
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      * bindings/scripts/test/JS/JSTestInterface.h:
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      * bindings/scripts/test/JS/JSTestNode.cpp:
      * bindings/scripts/test/JS/JSTestNode.h:
      * bindings/scripts/test/JS/JSTestObj.cpp:
      * bindings/scripts/test/JS/JSTestObj.h:
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      * bridge/jsc/BridgeJSC.h:
      (JSC::Bindings::Instance::getOwnPropertySlot):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      * bridge/runtime_method.h:
      * bridge/runtime_object.cpp:
      * bridge/runtime_object.h:
          - remove getOwnPropertyDescriptor
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.h:
          - remove getOwnPropertyDescriptor
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154373 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      174570f9
  9. 14 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      Foo::s_info should be Foo::info(), so that you can change how the s_info is actually linked · 10ae2d0d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119770
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      * API/JSCallbackFunction.h:
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::visitChildren):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::asCallbackObject):
      (JSC::::finishCreation):
      * API/JSObjectRef.cpp:
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp:
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp:
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * JSCTypedArrayStubs.h:
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::CallLinkStatus):
      (JSC::CallLinkStatus::function):
      (JSC::CallLinkStatus::internalFunction):
      * bytecode/CodeBlock.h:
      (JSC::baselineCodeBlockForInlineCallFrame):
      * bytecode/SpeculatedType.cpp:
      (JSC::speculationFromClassInfo):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedFunctionExecutable::visitChildren):
      (JSC::UnlinkedCodeBlock::visitChildren):
      (JSC::UnlinkedProgramCodeBlock::visitChildren):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * debugger/Debugger.cpp:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::createStructure):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::functionName):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::isInternalFunctionConstant):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileNewStringObject):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::virtualForThunkGenerator):
      * interpreter/Interpreter.cpp:
      (JSC::loadVarargs):
      * jsc.cpp:
      (GlobalObject::createStructure):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::createCallIdentifier):
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      * runtime/Arguments.h:
      (JSC::Arguments::createStructure):
      (JSC::asArguments):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::arrayConstructorIsArray):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncConcat):
      (JSC::attemptFastSort):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (JSC::BooleanObject::createStructure):
      (JSC::asBooleanObject):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      (JSC::booleanProtoFuncValueOf):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::finishCreation):
      * runtime/DateInstance.h:
      (JSC::DateInstance::createStructure):
      (JSC::asDateInstance):
      * runtime/DatePrototype.cpp:
      (JSC::formateDateInstance):
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncToISOString):
      (JSC::dateProtoFuncToLocaleString):
      (JSC::dateProtoFuncToLocaleDateString):
      (JSC::dateProtoFuncToLocaleTimeString):
      (JSC::dateProtoFuncGetTime):
      (JSC::dateProtoFuncGetFullYear):
      (JSC::dateProtoFuncGetUTCFullYear):
      (JSC::dateProtoFuncGetMonth):
      (JSC::dateProtoFuncGetUTCMonth):
      (JSC::dateProtoFuncGetDate):
      (JSC::dateProtoFuncGetUTCDate):
      (JSC::dateProtoFuncGetDay):
      (JSC::dateProtoFuncGetUTCDay):
      (JSC::dateProtoFuncGetHours):
      (JSC::dateProtoFuncGetUTCHours):
      (JSC::dateProtoFuncGetMinutes):
      (JSC::dateProtoFuncGetUTCMinutes):
      (JSC::dateProtoFuncGetSeconds):
      (JSC::dateProtoFuncGetUTCSeconds):
      (JSC::dateProtoFuncGetMilliSeconds):
      (JSC::dateProtoFuncGetUTCMilliseconds):
      (JSC::dateProtoFuncGetTimezoneOffset):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncGetYear):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::isTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      (JSC::ExecutableBase::hashFor):
      * runtime/Executable.h:
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::createStructure):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::createStructure):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncToString):
      (JSC::functionProtoFuncApply):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::createStructure):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (JSC::asInternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSC::JSActivation::createStructure):
      (JSC::asActivation):
      * runtime/JSArray.h:
      (JSC::JSArray::createStructure):
      (JSC::asArray):
      (JSC::isJSArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::finishCreation):
      (JSC::JSBoundFunction::visitChildren):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::dumpInContext):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::isFunction):
      * runtime/JSCell.h:
      (JSC::jsCast):
      (JSC::jsDynamicCast):
      * runtime/JSCellInlines.h:
      (JSC::allocateCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::visitChildren):
      (JSC::skipOverBoundFunctions):
      (JSC::JSFunction::callerGetter):
      * runtime/JSFunction.h:
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      (JSC::slowValidateCell):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::createStructure):
      * runtime/JSNameScope.cpp:
      (JSC::JSNameScope::visitChildren):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::finishCreation):
      (JSC::unwrapBoxedPrimitive):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::getCallableObjectSlow):
      (JSC::JSObject::visitChildren):
      (JSC::JSObject::copyBackingStore):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSFinalObject::createStructure):
      (JSC::isJSFinalObject):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::visitChildren):
      * runtime/JSProxy.h:
      (JSC::JSProxy::createStructure):
      * runtime/JSScope.cpp:
      (JSC::JSScope::visitChildren):
      * runtime/JSSegmentedVariableObject.cpp:
      (JSC::JSSegmentedVariableObject::visitChildren):
      * runtime/JSString.h:
      (JSC::JSString::createStructure):
      (JSC::isJSString):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::visitChildren):
      * runtime/JSVariableObject.h:
      * runtime/JSWithScope.cpp:
      (JSC::JSWithScope::visitChildren):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::createStructure):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/JSWrapperObject.h:
      (JSC::JSWrapperObject::createStructure):
      * runtime/MathObject.cpp:
      (JSC::MathObject::finishCreation):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::finishCreation):
      (JSC::privateNameProtoFuncToString):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::finishCreation):
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::finishCreation):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::createStructure):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::visitChildren):
      * runtime/RegExp.h:
      (JSC::RegExp::createStructure):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::finishCreation):
      (JSC::RegExpConstructor::visitChildren):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (JSC::asRegExpConstructor):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::visitChildren):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::visitChildren):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::createStructure):
      (JSC::asRegExpObject):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncTest):
      (JSC::regExpProtoFuncExec):
      (JSC::regExpProtoFuncCompile):
      (JSC::regExpProtoFuncToString):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::createStructure):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::finishCreation):
      * runtime/StringObject.h:
      (JSC::StringObject::createStructure):
      (JSC::asStringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::finishCreation):
      (JSC::stringProtoFuncReplace):
      (JSC::stringProtoFuncToString):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::get):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::typeInfo):
      (JSC::Structure::previousID):
      (JSC::Structure::outOfLineSize):
      (JSC::Structure::totalStorageCapacity):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      (JSC::StructureChain::createStructure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::visitChildren):
      * runtime/StructureRareData.h:
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::createStructure):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::StackPreservingRecompiler::operator()):
      (JSC::VM::releaseExecutableMemory):
      * runtime/WriteBarrier.h:
      (JSC::validateCell):
      * testRegExp.cpp:
      (GlobalObject::createStructure):
      
      Source/WebCore: 
      
      No new tests because no new behavior.
      
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::createIDBKeyFromValue):
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioTrackCustom.cpp:
      (WebCore::JSAudioTrack::visitChildren):
      * bindings/js/JSAudioTrackListCustom.cpp:
      (WebCore::JSAudioTrackList::visitChildren):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertyNames):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::toHTMLCanvasStyle):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::valueToDate):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::getDOMStructure):
      (WebCore::toRefPtrNativeArray):
      (WebCore::getStaticValueSlotEntryWithoutCaching):
      * bindings/js/JSDOMFormDataCustom.cpp:
      (WebCore::toHTMLFormElement):
      (WebCore::JSDOMFormData::append):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::finishCreation):
      (WebCore::JSDOMGlobalObject::scriptExecutionContext):
      (WebCore::JSDOMGlobalObject::visitChildren):
      * bindings/js/JSDOMGlobalObject.h:
      (WebCore::JSDOMGlobalObject::info):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::toJSDOMWindow):
      * bindings/js/JSDOMWindowBase.h:
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::toDOMWindow):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::finishCreation):
      * bindings/js/JSDOMWindowShell.h:
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSEventTargetCustom.cpp:
      (WebCore::toEventTarget):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::getOwnPropertySlotDelegate):
      (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::JSInjectedScriptHost::isHTMLAllCollection):
      (WebCore::JSInjectedScriptHost::type):
      (WebCore::JSInjectedScriptHost::functionDetails):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::getOwnPropertySlotDelegate):
      (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
      (WebCore::JSLocation::putDelegate):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::pushEventHandlerScope):
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      (WebCore::toNodeFilter):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore::pluginElementCustomGetOwnPropertySlot):
      (WebCore::pluginElementCustomGetOwnPropertyDescriptor):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTextTrackCueCustom.cpp:
      (WebCore::JSTextTrackCue::visitChildren):
      * bindings/js/JSTextTrackCustom.cpp:
      (WebCore::JSTextTrack::visitChildren):
      * bindings/js/JSTextTrackListCustom.cpp:
      (WebCore::JSTextTrackList::visitChildren):
      * bindings/js/JSTrackCustom.cpp:
      (WebCore::toTrack):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSVideoTrackCustom.cpp:
      (WebCore::JSVideoTrack::visitChildren):
      * bindings/js/JSVideoTrackListCustom.cpp:
      (WebCore::JSVideoTrackList::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      (WebCore::JSWebGLRenderingContext::getAttachedShaders):
      (WebCore::JSWebGLRenderingContext::getProgramParameter):
      (WebCore::JSWebGLRenderingContext::getShaderParameter):
      (WebCore::JSWebGLRenderingContext::getUniform):
      (WebCore::dataFunctionf):
      (WebCore::dataFunctioni):
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSWorkerGlobalScopeBase.cpp:
      (WebCore::JSWorkerGlobalScopeBase::finishCreation):
      (WebCore::toJSDedicatedWorkerGlobalScope):
      (WebCore::toJSSharedWorkerGlobalScope):
      * bindings/js/JSWorkerGlobalScopeBase.h:
      (WebCore::JSWorkerGlobalScopeBase::createStructure):
      * bindings/js/JSWorkerGlobalScopeCustom.cpp:
      (WebCore::JSWorkerGlobalScope::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptState.cpp:
      (WebCore::domWindowFromScriptState):
      (WebCore::scriptExecutionContextFromScriptState):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::isArray):
      (WebCore::CloneSerializer::dumpArrayBufferView):
      (WebCore::CloneSerializer::dumpIfTerminal):
      (WebCore::CloneSerializer::serialize):
      (WebCore::CloneDeserializer::CloneDeserializer):
      (WebCore::CloneDeserializer::readArrayBufferView):
      * bindings/objc/DOM.mm:
      (+[DOMNode _nodeFromJSWrapper:]):
      * bindings/objc/DOMUtility.mm:
      (JSC::createDOMWrapper):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertySlotBody):
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateParametersCheckExpression):
      (GenerateImplementation):
      (GenerateParametersCheck):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::getOwnPropertySlot):
      (WebCore::JSFloat64Array::getOwnPropertyDescriptor):
      (WebCore::JSFloat64Array::getOwnPropertySlotByIndex):
      (WebCore::JSFloat64Array::put):
      (WebCore::JSFloat64Array::putByIndex):
      (WebCore::JSFloat64Array::getOwnPropertyNames):
      (WebCore::jsFloat64ArrayPrototypeFunctionFoo):
      (WebCore::jsFloat64ArrayPrototypeFunctionSet):
      (WebCore::JSFloat64Array::getByIndex):
      (WebCore::toFloat64Array):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::createStructure):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::getOwnPropertySlot):
      (WebCore::JSTestActiveDOMObject::getOwnPropertyDescriptor):
      (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):
      (WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage):
      (WebCore::toTestActiveDOMObject):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertySlot):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertyDescriptor):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertySlotByIndex):
      (WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction):
      (WebCore::toTestCustomNamedGetter):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::getOwnPropertySlot):
      (WebCore::JSTestEventConstructor::getOwnPropertyDescriptor):
      (WebCore::toTestEventConstructor):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::createStructure):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::getOwnPropertySlot):
      (WebCore::JSTestEventTarget::getOwnPropertyDescriptor):
      (WebCore::JSTestEventTarget::getOwnPropertySlotByIndex):
      (WebCore::JSTestEventTarget::getOwnPropertyNames):
      (WebCore::jsTestEventTargetPrototypeFunctionItem):
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
      (WebCore::JSTestEventTarget::visitChildren):
      (WebCore::JSTestEventTarget::indexGetter):
      (WebCore::toTestEventTarget):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::createStructure):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::getOwnPropertySlot):
      (WebCore::JSTestException::getOwnPropertyDescriptor):
      (WebCore::toTestException):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::createStructure):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::getOwnPropertySlot):
      (WebCore::JSTestInterface::getOwnPropertyDescriptor):
      (WebCore::JSTestInterface::put):
      (WebCore::JSTestInterface::putByIndex):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod1):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod3):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod3):
      (WebCore::toTestInterface):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::createStructure):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertySlot):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertyDescriptor):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      (WebCore::toTestMediaQueryListListener):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::getOwnPropertySlot):
      (WebCore::JSTestNamedConstructor::getOwnPropertyDescriptor):
      (WebCore::toTestNamedConstructor):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::getOwnPropertySlot):
      (WebCore::JSTestNode::getOwnPropertyDescriptor):
      (WebCore::JSTestNode::visitChildren):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::createStructure):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::getOwnPropertySlot):
      (WebCore::JSTestObj::getOwnPropertyDescriptor):
      (WebCore::JSTestObj::put):
      (WebCore::jsTestObjPrototypeFunctionVoidMethod):
      (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionByteMethod):
      (WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionOctetMethod):
      (WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionLongMethod):
      (WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionObjMethod):
      (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg):
      (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
      (WebCore::jsTestObjPrototypeFunctionMethodWithEnumArg):
      (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
      (WebCore::jsTestObjPrototypeFunctionSerializedValue):
      (WebCore::jsTestObjPrototypeFunctionOptionsObject):
      (WebCore::jsTestObjPrototypeFunctionMethodWithException):
      (WebCore::jsTestObjPrototypeFunctionCustomMethod):
      (WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoid):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
      (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalString):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsUndefined):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNullString):
      (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackAndOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod2):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod3):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod):
      (WebCore::jsTestObjPrototypeFunctionClassMethodWithClamp):
      (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
      (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
      (WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
      (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
      (WebCore::jsTestObjPrototypeFunctionConvert1):
      (WebCore::jsTestObjPrototypeFunctionConvert2):
      (WebCore::jsTestObjPrototypeFunctionConvert4):
      (WebCore::jsTestObjPrototypeFunctionConvert5):
      (WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
      (WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
      (WebCore::jsTestObjPrototypeFunctionOrange):
      (WebCore::jsTestObjPrototypeFunctionStrictFunction):
      (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
      (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
      (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
      (WebCore::JSTestObj::visitChildren):
      (WebCore::toTestObj):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::createStructure):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::constructJSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::getOwnPropertySlot):
      (WebCore::JSTestOverloadedConstructors::getOwnPropertyDescriptor):
      (WebCore::toTestOverloadedConstructors):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertySlot):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertyDescriptor):
      (WebCore::JSTestSerializedScriptValueInterface::put):
      (WebCore::JSTestSerializedScriptValueInterface::visitChildren):
      (WebCore::toTestSerializedScriptValueInterface):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::getOwnPropertySlot):
      (WebCore::JSTestTypedefs::getOwnPropertyDescriptor):
      (WebCore::JSTestTypedefs::put):
      (WebCore::jsTestTypedefsPrototypeFunctionFunc):
      (WebCore::jsTestTypedefsPrototypeFunctionSetShadow):
      (WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
      (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
      (WebCore::jsTestTypedefsPrototypeFunctionFuncWithClamp):
      (WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
      (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
      (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
      (WebCore::jsTestTypedefsPrototypeFunctionMethodWithException):
      (WebCore::toTestTypedefs):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::createStructure):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.cpp:
      (JSC::Bindings::CRuntimeObject::finishCreation):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      (JSC::Bindings::CInstance::invokeMethod):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::finishCreation):
      (ObjcInstance::invokeMethod):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      (JSC::Bindings::callObjCFallbackObject):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::getInstance):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::assignToHTMLImageElement):
      (JSC::Bindings::QtPixmapRuntime::toQt):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::isJSUint8Array):
      (JSC::Bindings::isJSArray):
      (JSC::Bindings::isJSDate):
      (JSC::Bindings::isQtObject):
      (JSC::Bindings::unwrapBoxedPrimitive):
      (JSC::Bindings::convertQVariantToValue):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      (JSC::callRuntimeMethod):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::createStructure):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::finishCreation):
      (JSC::Bindings::callRuntimeObject):
      (JSC::Bindings::callRuntimeConstructor):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::getObjectID):
      (WebKit::NetscapePluginInstanceProxy::retainLocalObject):
      (WebKit::NetscapePluginInstanceProxy::releaseLocalObject):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::invokeMethod):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::createStructure):
      * WebView/WebView.mm:
      (aeDescFromJSValue):
      
      Source/WebKit/qt: 
      
      * Api/qwebelement.cpp:
      (convertJSValueToWebElementVariant):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (convertJSValueToNodeVariant):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10ae2d0d
  10. 31 Jul, 2013 1 commit
    • barraclough@apple.com's avatar
      Some cleanup in JSValue::get · ab7b6096
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119343
      
      Reviewed by Geoff Garen.
      
      Source/JavaScriptCore: 
      
      JSValue::get is implemented to:
          1) Check if the value is a cell – if not, synthesize a prototype to search,
          2) call getOwnPropertySlot on the cell,
          3) if this returns false, cast to JSObject to get the prototype, and walk the prototype chain.
      By all rights this should crash when passed a string and accessing a property that does not exist, because
      the string is a cell, getOwnPropertySlot should return false, and the cast to JSObject should be unsafe.
      To work around this, JSString::getOwnPropertySlot actually implements 'get' functionality - searching the
      prototype chain, and faking out a return value of undefined if no property is found.
      
      This is a huge hazard, since fixing JSString::getOwnPropertySlot or calling getOwnPropertySlot on cells
      from elsewhere would introduce bugs. Fortunately it is only ever called in this one place.
      
      The fix here is to move getOwnPropertySlot onto JSObjecte and end this madness - cells don't have property
      slots anyway.
      
      Interesting changes are in JSCJSValueInlines.h, JSString.cpp - the rest is pretty much all JSCell -> JSObject.
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertySlotByIndex):
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::getOwnPropertySlot):
      * bridge/runtime_method.h:
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      * bridge/runtime_object.h:
          - getOwnPropertySlot, JSCell -> JSObject
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getOwnPropertySlot):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
          - getOwnPropertySlot, JSCell -> JSObject
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153532 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ab7b6096
  11. 18 Apr, 2013 1 commit
    • ggaren@apple.com's avatar
      Renamed JSGlobalData to VM · 9a9a4b52
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114777
      
      Reviewed by Phil Pizlo.
      
      ../JavaScriptCore: 
      
      * API/APICast.h:
      (JSC):
      (toJS):
      (toRef):
      * API/APIShims.h:
      (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
      (APIEntryShimWithoutLock):
      (JSC::APIEntryShim::APIEntryShim):
      (APIEntryShim):
      (JSC::APIEntryShim::~APIEntryShim):
      (JSC::APICallbackShim::APICallbackShim):
      (JSC::APICallbackShim::~APICallbackShim):
      (APICallbackShim):
      * API/JSAPIWrapperObject.h:
      (JSAPIWrapperObject):
      * API/JSAPIWrapperObject.mm:
      (JSC::::createStructure):
      (JSC::JSAPIWrapperObject::JSAPIWrapperObject):
      (JSC::JSAPIWrapperObject::finishCreation):
      (JSC::JSAPIWrapperObject::visitChildren):
      * API/JSBase.cpp:
      (JSGarbageCollect):
      (JSReportExtraMemoryCost):
      (JSSynchronousGarbageCollectForDebugging):
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::create):
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObjectData::setPrivateProperty):
      (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
      (JSCallbackObject):
      (JSC::JSCallbackObject::setPrivateProperty):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::JSCallbackObject):
      (JSC::::finishCreation):
      (JSC::::put):
      (JSC::::staticFunctionGetter):
      * API/JSClassRef.cpp:
      (OpaqueJSClassContextData::OpaqueJSClassContextData):
      (OpaqueJSClass::contextData):
      (OpaqueJSClass::prototype):
      * API/JSClassRef.h:
      (OpaqueJSClassContextData):
      * API/JSContext.mm:
      (-[JSContext setException:]):
      (-[JSContext initWithGlobalContextRef:]):
      (+[JSContext contextWithGlobalContextRef:]):
      * API/JSContextRef.cpp:
      (JSContextGroupCreate):
      (JSContextGroupRelease):
      (JSGlobalContextCreate):
      (JSGlobalContextCreateInGroup):
      (JSGlobalContextRetain):
      (JSGlobalContextRelease):
      (JSContextGetGroup):
      (JSContextCreateBacktrace):
      * API/JSObjectRef.cpp:
      (JSObjectMake):
      (JSObjectMakeConstructor):
      (JSObjectMakeFunction):
      (JSObjectSetPrototype):
      (JSObjectHasProperty):
      (JSObjectGetProperty):
      (JSObjectSetProperty):
      (JSObjectDeleteProperty):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
      (OpaqueJSPropertyNameArray):
      (JSObjectCopyPropertyNames):
      (JSPropertyNameArrayRelease):
      (JSPropertyNameAccumulatorAddName):
      * API/JSScriptRef.cpp:
      (OpaqueJSScript::create):
      (OpaqueJSScript::vm):
      (OpaqueJSScript::OpaqueJSScript):
      (OpaqueJSScript):
      (parseScript):
      * API/JSVirtualMachine.mm:
      (scanExternalObjectGraph):
      * API/JSVirtualMachineInternal.h:
      (JSC):
      * API/JSWrapperMap.mm:
      (makeWrapper):
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * API/ObjCCallbackFunction.mm:
      (JSC::ObjCCallbackFunction::create):
      * API/OpaqueJSString.cpp:
      (OpaqueJSString::identifier):
      * API/OpaqueJSString.h:
      (JSC):
      (OpaqueJSString):
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * KeywordLookupGenerator.py:
      (Trie.printSubTreeAsC):
      * Target.pri:
      * assembler/ARMAssembler.cpp:
      (JSC::ARMAssembler::executableCopy):
      * assembler/ARMAssembler.h:
      (ARMAssembler):
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/AssemblerBufferWithConstantPool.h:
      (JSC::AssemblerBufferWithConstantPool::executableCopy):
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::linkCode):
      * assembler/LinkBuffer.h:
      (JSC):
      (JSC::LinkBuffer::LinkBuffer):
      (LinkBuffer):
      * assembler/MIPSAssembler.h:
      (JSC::MIPSAssembler::executableCopy):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CallLinkInfo.h:
      (CallLinkInfo):
      * bytecode/CodeBlock.cpp:
      (JSC::dumpStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::createActivation):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::findClosureCallForReturnPC):
      (JSC::ProgramCodeBlock::jettisonImpl):
      (JSC::EvalCodeBlock::jettisonImpl):
      (JSC::FunctionCodeBlock::jettisonImpl):
      (JSC::CodeBlock::predictedMachineCodeSize):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendWeakReference):
      (JSC::CodeBlock::appendWeakReferenceTransition):
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::setGlobalData):
      (JSC::CodeBlock::vm):
      (JSC::CodeBlock::valueProfileForBytecodeOffset):
      (JSC::CodeBlock::addConstant):
      (JSC::CodeBlock::setConstantRegisters):
      (CodeBlock):
      (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
      * bytecode/EvalCodeCache.h:
      (JSC::EvalCodeCache::getSlow):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC::GetByIdStatus::computeForChain):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC::Instruction::Instruction):
      * bytecode/ObjectAllocationProfile.h:
      (JSC::ObjectAllocationProfile::initialize):
      (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
      * bytecode/PolymorphicAccessStructureList.h:
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      * bytecode/PreciseJumpTargets.cpp:
      (JSC::computePreciseJumpTargets):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (JSC):
      (PutByIdStatus):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingTool::notifyOfScope):
      * bytecode/SamplingTool.h:
      (JSC::ScriptSampleRecord::ScriptSampleRecord):
      (SamplingTool):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::initGetByIdSelf):
      (JSC::StructureStubInfo::initGetByIdProto):
      (JSC::StructureStubInfo::initGetByIdChain):
      (JSC::StructureStubInfo::initPutByIdTransition):
      (JSC::StructureStubInfo::initPutByIdReplace):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::generateFunctionCodeBlock):
      (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::link):
      (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
      (JSC::UnlinkedFunctionExecutable::codeBlockFor):
      (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::create):
      (UnlinkedFunctionExecutable):
      (JSC::UnlinkedFunctionExecutable::finishCreation):
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedCodeBlock::addRegExp):
      (JSC::UnlinkedCodeBlock::addConstant):
      (JSC::UnlinkedCodeBlock::addFunctionDecl):
      (JSC::UnlinkedCodeBlock::addFunctionExpr):
      (JSC::UnlinkedCodeBlock::vm):
      (UnlinkedCodeBlock):
      (JSC::UnlinkedCodeBlock::finishCreation):
      (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::create):
      (JSC::UnlinkedProgramCodeBlock::addFunctionDeclaration):
      (JSC::UnlinkedProgramCodeBlock::UnlinkedProgramCodeBlock):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::create):
      (JSC::UnlinkedEvalCodeBlock::UnlinkedEvalCodeBlock):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::create):
      (JSC::UnlinkedFunctionCodeBlock::UnlinkedFunctionCodeBlock):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::addConstant):
      (JSC::BytecodeGenerator::emitLoad):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::addStringConstant):
      (JSC::BytecodeGenerator::expectedFunctionForIdentifier):
      (JSC::BytecodeGenerator::emitThrowReferenceError):
      (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::vm):
      (JSC::BytecodeGenerator::propertyNames):
      (JSC::BytecodeGenerator::makeFunction):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::RegExpNode::emitBytecode):
      (JSC::ArrayNode::toArgumentList):
      (JSC::ApplyFunctionCallDotNode::emitBytecode):
      (JSC::InstanceOfNode::emitBytecode):
      * debugger/Debugger.cpp:
      (JSC::Debugger::recompileAllJSFunctions):
      (JSC::evaluateInGlobalCallFrame):
      * debugger/Debugger.h:
      (JSC):
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::DebuggerActivation):
      (JSC::DebuggerActivation::finishCreation):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::create):
      (JSC::DebuggerActivation::createStructure):
      (DebuggerActivation):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::evaluate):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::vm):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGByteCodeParser.h:
      (JSC):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::CCallHelpers):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::canHandleOpcodes):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::reportToProfiler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      (Graph):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      (JSC::DFG::operationPutByValInternal):
      (JSC::getHostCallReturnValueWithExecState):
      * dfg/DFGPhase.h:
      (JSC::DFG::Phase::vm):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      (JSC::DFG::linkSlowFor):
      (JSC::DFG::dfgLinkFor):
      (JSC::DFG::dfgLinkSlowFor):
      (JSC::DFG::dfgLinkClosureCall):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::compileFromCharCode):
      (JSC::DFG::SpeculativeJIT::compileMakeRope):
      (JSC::DFG::SpeculativeJIT::compileStringEquality):
      (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
      (JSC::DFG::SpeculativeJIT::speculateObject):
      (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
      (JSC::DFG::SpeculativeJIT::speculateString):
      (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::linkForThunkGenerator):
      (JSC::DFG::linkCallThunkGenerator):
      (JSC::DFG::linkConstructThunkGenerator):
      (JSC::DFG::linkClosureCallThunkGenerator):
      (JSC::DFG::virtualForThunkGenerator):
      (JSC::DFG::virtualCallThunkGenerator):
      (JSC::DFG::virtualConstructThunkGenerator):
      * dfg/DFGThunks.h:
      (JSC):
      (DFG):
      * heap/BlockAllocator.h:
      (JSC):
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::tryAllocateSlowCase):
      (JSC::CopiedSpace::tryReallocate):
      * heap/CopiedSpaceInlines.h:
      (JSC::CopiedSpace::tryAllocate):
      * heap/GCThreadSharedData.cpp:
      (JSC::GCThreadSharedData::GCThreadSharedData):
      (JSC::GCThreadSharedData::reset):
      * heap/GCThreadSharedData.h:
      (JSC):
      (GCThreadSharedData):
      * heap/HandleSet.cpp:
      (JSC::HandleSet::HandleSet):
      (JSC::HandleSet::~HandleSet):
      (JSC::HandleSet::grow):
      * heap/HandleSet.h:
      (JSC):
      (HandleSet):
      (JSC::HandleSet::vm):
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC):
      (JSC::Heap::lastChanceToFinalize):
      (JSC::Heap::protect):
      (JSC::Heap::unprotect):
      (JSC::Heap::stack):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::collect):
      (JSC::Heap::isValidAllocation):
      * heap/Heap.h:
      (JSC):
      (Heap):
      (JSC::Heap::vm):
      * heap/HeapTimer.cpp:
      (JSC::HeapTimer::HeapTimer):
      (JSC::HeapTimer::timerDidFire):
      (JSC::HeapTimer::timerEvent):
      * heap/HeapTimer.h:
      (JSC):
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC::IncrementalSweeper::create):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/Local.h:
      (Local):
      (JSC::::Local):
      (JSC::LocalStack::LocalStack):
      (JSC::LocalStack::push):
      (LocalStack):
      * heap/LocalScope.h:
      (JSC):
      (LocalScope):
      (JSC::LocalScope::LocalScope):
      * heap/MachineStackMarker.cpp:
      (JSC::MachineThreads::addCurrentThread):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::vm):
      * heap/SlotVisitor.cpp:
      (JSC::SlotVisitor::SlotVisitor):
      (JSC::SlotVisitor::setup):
      * heap/Strong.h:
      (JSC):
      (Strong):
      (JSC::Strong::operator=):
      * heap/StrongInlines.h:
      (JSC::::Strong):
      (JSC::::set):
      * heap/SuperRegion.h:
      (JSC):
      * heap/WeakSet.cpp:
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::WeakSet):
      (JSC::WeakSet::vm):
      * interpreter/AbstractPC.cpp:
      (JSC::AbstractPC::AbstractPC):
      * interpreter/AbstractPC.h:
      (JSC):
      (AbstractPC):
      * interpreter/CachedCall.h:
      (JSC::CachedCall::CachedCall):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::clearException):
      (JSC::ExecState::clearSupplementaryExceptionInfo):
      (JSC::ExecState::exception):
      (JSC::ExecState::hadException):
      (JSC::ExecState::propertyNames):
      (JSC::ExecState::emptyList):
      (JSC::ExecState::interpreter):
      (JSC::ExecState::heap):
      (JSC::ExecState::arrayConstructorTable):
      (JSC::ExecState::arrayPrototypeTable):
      (JSC::ExecState::booleanPrototypeTable):
      (JSC::ExecState::dateTable):
      (JSC::ExecState::dateConstructorTable):
      (JSC::ExecState::errorPrototypeTable):
      (JSC::ExecState::globalObjectTable):
      (JSC::ExecState::jsonTable):
      (JSC::ExecState::mathTable):
      (JSC::ExecState::numberConstructorTable):
      (JSC::ExecState::numberPrototypeTable):
      (JSC::ExecState::objectConstructorTable):
      (JSC::ExecState::privateNamePrototypeTable):
      (JSC::ExecState::regExpTable):
      (JSC::ExecState::regExpConstructorTable):
      (JSC::ExecState::regExpPrototypeTable):
      (JSC::ExecState::stringConstructorTable):
      (JSC::ExecState::abstractReturnPC):
      * interpreter/CallFrameClosure.h:
      (CallFrameClosure):
      * interpreter/Interpreter.cpp:
      (JSC):
      (JSC::eval):
      (JSC::loadVarargs):
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::appendSourceToError):
      (JSC::getCallerInfo):
      (JSC::Interpreter::getStackTrace):
      (JSC::Interpreter::addStackTraceIfNecessary):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      (JSC::Interpreter::retrieveCallerFromVMCode):
      * interpreter/Interpreter.h:
      (JSC):
      (JSC::TopCallFrameSetter::TopCallFrameSetter):
      (JSC::TopCallFrameSetter::~TopCallFrameSetter):
      (TopCallFrameSetter):
      (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
      (Interpreter):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      * interpreter/JSStack.h:
      (JSC):
      * jit/ClosureCallStubRoutine.cpp:
      (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
      * jit/ClosureCallStubRoutine.h:
      (ClosureCallStubRoutine):
      * jit/ExecutableAllocator.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/ExecutableAllocator.h:
      (JSC):
      (ExecutableAllocator):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::ExecutableAllocator):
      (JSC::ExecutableAllocator::allocate):
      * jit/GCAwareJITStubRoutine.cpp:
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h:
      (GCAwareJITStubRoutine):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompile):
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JIT.h:
      (JSC::JIT::compile):
      (JSC::JIT::compileClosureCall):
      (JSC::JIT::compileGetByIdProto):
      (JSC::JIT::compileGetByIdSelfList):
      (JSC::JIT::compileGetByIdProtoList):
      (JSC::JIT::compileGetByIdChainList):
      (JSC::JIT::compileGetByIdChain):
      (JSC::JIT::compilePutByIdTransition):
      (JSC::JIT::compileGetByVal):
      (JSC::JIT::compilePutByVal):
      (JSC::JIT::compileCTINativeCall):
      (JSC::JIT::compilePatchGetArrayLength):
      (JIT):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCode.h:
      (JSC):
      (JSC::JITCode::execute):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow):
      (JSC::jitThrow):
      * jit/JITExceptions.h:
      (JSC):
      * jit/JITInlines.h:
      (JSC::JIT::emitLoadCharacterString):
      (JSC::JIT::updateTopCallFrame):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_new_object):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emitSlow_op_eq):
      (JSC::JIT::emitSlow_op_neq):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_convert_this):
      (JSC::JIT::emitSlow_op_convert_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      (JSC::ctiTrampoline):
      (JSC):
      (JSC::performPlatformSpecificJITAssertions):
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::returnToThrowTrampoline):
      (JSC::throwExceptionFromOpCall):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      (JSC::putByVal):
      * jit/JITStubs.h:
      (JSC):
      (JITStackFrame):
      * jit/JITThunks.cpp:
      (JSC::JITThunks::ctiNativeCall):
      (JSC::JITThunks::ctiNativeConstruct):
      (JSC::JITThunks::ctiStub):
      (JSC::JITThunks::hostFunctionStub):
      * jit/JITThunks.h:
      (JSC):
      (JITThunks):
      * jit/JITWriteBarrier.h:
      (JSC):
      (JSC::JITWriteBarrierBase::set):
      (JSC::JITWriteBarrier::set):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadJSStringArgument):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerator.h:
      (JSC):
      * jit/ThunkGenerators.cpp:
      (JSC::generateSlowCaseFor):
      (JSC::linkForGenerator):
      (JSC::linkCallGenerator):
      (JSC::linkConstructGenerator):
      (JSC::linkClosureCallGenerator):
      (JSC::virtualForGenerator):
      (JSC::virtualCallGenerator):
      (JSC::virtualConstructGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::nativeCallGenerator):
      (JSC::nativeConstructGenerator):
      (JSC::stringCharLoad):
      (JSC::charToString):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * jit/ThunkGenerators.h:
      (JSC):
      * jsc.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      (functionDumpCallFrame):
      (functionJSCStack):
      (functionReleaseExecutableMemory):
      (functionRun):
      (main):
      (runWithScripts):
      (jscmain):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntData.h:
      (JSC):
      (Data):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp:
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h:
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp:
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h:
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/cloop.rb:
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::ASTBuilder):
      (JSC::ASTBuilder::createSourceElements):
      (JSC::ASTBuilder::createCommaExpr):
      (JSC::ASTBuilder::createLogicalNot):
      (JSC::ASTBuilder::createUnaryPlus):
      (JSC::ASTBuilder::createVoid):
      (JSC::ASTBuilder::thisExpr):
      (JSC::ASTBuilder::createResolve):
      (JSC::ASTBuilder::createObjectLiteral):
      (JSC::ASTBuilder::createArray):
      (JSC::ASTBuilder::createNumberExpr):
      (JSC::ASTBuilder::createString):
      (JSC::ASTBuilder::createBoolean):
      (JSC::ASTBuilder::createNull):
      (JSC::ASTBuilder::createBracketAccess):
      (JSC::ASTBuilder::createDotAccess):
      (JSC::ASTBuilder::createRegExp):
      (JSC::ASTBuilder::createNewExpr):
      (JSC::ASTBuilder::createConditionalExpr):
      (JSC::ASTBuilder::createAssignResolve):
      (JSC::ASTBuilder::createFunctionExpr):
      (JSC::ASTBuilder::createFunctionBody):
      (JSC::ASTBuilder::createGetterOrSetterProperty):
      (JSC::ASTBuilder::createArguments):
      (JSC::ASTBuilder::createArgumentsList):
      (JSC::ASTBuilder::createProperty):
      (JSC::ASTBuilder::createPropertyList):
      (JSC::ASTBuilder::createElementList):
      (JSC::ASTBuilder::createFormalParameterList):
      (JSC::ASTBuilder::createClause):
      (JSC::ASTBuilder::createClauseList):
      (JSC::ASTBuilder::createFuncDeclStatement):
      (JSC::ASTBuilder::createBlockStatement):
      (JSC::ASTBuilder::createExprStatement):
      (JSC::ASTBuilder::createIfStatement):
      (JSC::ASTBuilder::createForLoop):
      (JSC::ASTBuilder::createForInLoop):
      (JSC::ASTBuilder::createEmptyStatement):
      (JSC::ASTBuilder::createVarStatement):
      (JSC::ASTBuilder::createReturnStatement):
      (JSC::ASTBuilder::createBreakStatement):
      (JSC::ASTBuilder::createContinueStatement):
      (JSC::ASTBuilder::createTryStatement):
      (JSC::ASTBuilder::createSwitchStatement):
      (JSC::ASTBuilder::createWhileStatement):
      (JSC::ASTBuilder::createDoWhileStatement):
      (JSC::ASTBuilder::createLabelStatement):
      (JSC::ASTBuilder::createWithStatement):
      (JSC::ASTBuilder::createThrowStatement):
      (JSC::ASTBuilder::createDebugger):
      (JSC::ASTBuilder::createConstStatement):
      (JSC::ASTBuilder::appendConstDecl):
      (JSC::ASTBuilder::addVar):
      (JSC::ASTBuilder::combineCommaNodes):
      (JSC::ASTBuilder::Scope::Scope):
      (JSC::ASTBuilder::createNumber):
      (ASTBuilder):
      (JSC::ASTBuilder::makeTypeOfNode):
      (JSC::ASTBuilder::makeDeleteNode):
      (JSC::ASTBuilder::makeNegateNode):
      (JSC::ASTBuilder::makeBitwiseNotNode):
      (JSC::ASTBuilder::makeMultNode):
      (JSC::ASTBuilder::makeDivNode):
      (JSC::ASTBuilder::makeModNode):
      (JSC::ASTBuilder::makeAddNode):
      (JSC::ASTBuilder::makeSubNode):
      (JSC::ASTBuilder::makeLeftShiftNode):
      (JSC::ASTBuilder::makeRightShiftNode):
      (JSC::ASTBuilder::makeURightShiftNode):
      (JSC::ASTBuilder::makeBitOrNode):
      (JSC::ASTBuilder::makeBitAndNode):
      (JSC::ASTBuilder::makeBitXOrNode):
      (JSC::ASTBuilder::makeFunctionCallNode):
      (JSC::ASTBuilder::makeBinaryNode):
      (JSC::ASTBuilder::makeAssignNode):
      (JSC::ASTBuilder::makePrefixNode):
      (JSC::ASTBuilder::makePostfixNode):
      * parser/Lexer.cpp:
      (JSC::Keywords::Keywords):
      (JSC::::Lexer):
      (JSC::::parseIdentifier):
      (JSC::::parseIdentifierSlowCase):
      * parser/Lexer.h:
      (JSC::Keywords::isKeyword):
      (JSC::Keywords::getKeyword):
      (Keywords):
      (Lexer):
      (JSC::::makeIdentifier):
      (JSC::::makeRightSizedIdentifier):
      (JSC::::makeIdentifierLCharFromUChar):
      (JSC::::makeLCharIdentifier):
      * parser/NodeConstructors.h:
      (JSC::ParserArenaFreeable::operator new):
      (JSC::ParserArenaDeletable::operator new):
      (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
      (JSC::PropertyNode::PropertyNode):
      (JSC::ContinueNode::ContinueNode):
      (JSC::BreakNode::BreakNode):
      (JSC::ForInNode::ForInNode):
      * parser/Nodes.cpp:
      (JSC::ScopeNode::ScopeNode):
      (JSC::ProgramNode::ProgramNode):
      (JSC::ProgramNode::create):
      (JSC::EvalNode::EvalNode):
      (JSC::EvalNode::create):
      (JSC::FunctionBodyNode::FunctionBodyNode):
      (JSC::FunctionBodyNode::create):
      * parser/Nodes.h:
      (ParserArenaFreeable):
      (ParserArenaDeletable):
      (ParserArenaRefCounted):
      (ArrayNode):
      (ForInNode):
      (ContinueNode):
      (BreakNode):
      (ScopeNode):
      (ProgramNode):
      (EvalNode):
      (FunctionBodyNode):
      * parser/Parser.cpp:
      (JSC::::Parser):
      (JSC::::parseInner):
      (JSC::::parseSourceElements):
      (JSC::::parseTryStatement):
      (JSC::::parseFunctionBody):
      (JSC::::parseFunctionInfo):
      (JSC::::parseAssignmentExpression):
      (JSC::::parseProperty):
      (JSC::::parsePrimaryExpression):
      (JSC::::parseMemberExpression):
      (JSC::::parseUnaryExpression):
      * parser/Parser.h:
      (JSC):
      (JSC::Scope::Scope):
      (JSC::Scope::declareVariable):
      (JSC::Scope::declareParameter):
      (Scope):
      (Parser):
      (JSC::Parser::pushScope):
      (JSC::::parse):
      (JSC::parse):
      * parser/ParserArena.h:
      (IdentifierArena):
      (JSC::IdentifierArena::makeIdentifier):
      (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
      (JSC::IdentifierArena::makeNumericIdentifier):
      * parser/SyntaxChecker.h:
      (JSC::SyntaxChecker::SyntaxChecker):
      (JSC::SyntaxChecker::createProperty):
      (JSC::SyntaxChecker::createGetterOrSetterProperty):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::startProfiling):
      (JSC::LegacyProfiler::stopProfiling):
      * profiler/LegacyProfiler.h:
      (JSC):
      * profiler/ProfilerBytecode.cpp:
      (JSC::Profiler::Bytecode::toJS):
      * profiler/ProfilerBytecodeSequence.cpp:
      (JSC::Profiler::BytecodeSequence::BytecodeSequence):
      (JSC::Profiler::BytecodeSequence::addSequenceProperties):
      * profiler/ProfilerBytecodes.cpp:
      (JSC::Profiler::Bytecodes::toJS):
      * profiler/ProfilerCompilation.cpp:
      (JSC::Profiler::Compilation::toJS):
      * profiler/ProfilerCompiledBytecode.cpp:
      (JSC::Profiler::CompiledBytecode::toJS):
      * profiler/ProfilerDatabase.cpp:
      (JSC::Profiler::Database::Database):
      (JSC::Profiler::Database::toJS):
      (JSC::Profiler::Database::toJSON):
      * profiler/ProfilerDatabase.h:
      (Database):
      * profiler/ProfilerOSRExit.cpp:
      (JSC::Profiler::OSRExit::toJS):
      * profiler/ProfilerOrigin.cpp:
      (JSC::Profiler::Origin::toJS):
      * profiler/ProfilerProfiledBytecodes.cpp:
      (JSC::Profiler::ProfiledBytecodes::toJS):
      * runtime/ArgList.h:
      (MarkedArgumentBuffer):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      (JSC::Arguments::tearOff):
      (JSC::Arguments::didTearOffActivation):
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      (JSC::Arguments::createStructure):
      (Arguments):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::trySetArgument):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BatchedTransitionOptimizer.h:
      (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
      (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
      (BatchedTransitionOptimizer):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      (JSC::constructBoolean):
      (JSC::constructBooleanFromImmediateBoolean):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::BooleanObject):
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (BooleanObject):
      (JSC::BooleanObject::create):
      (JSC::BooleanObject::createStructure):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::BooleanPrototype):
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/Butterfly.h:
      (JSC):
      (Butterfly):
      * runtime/ButterflyInlines.h:
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::createOrGrowArrayRight):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      * runtime/CodeCache.cpp:
      (JSC::CodeCache::getCodeBlock):
      (JSC::CodeCache::getProgramCodeBlock):
      (JSC::CodeCache::getEvalCodeBlock):
      (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
      * runtime/CodeCache.h:
      (JSC):
      (JSC::SourceCodeValue::SourceCodeValue):
      (CodeCache):
      * runtime/CommonIdentifiers.cpp:
      (JSC):
      (JSC::CommonIdentifiers::CommonIdentifiers):
      * runtime/CommonIdentifiers.h:
      (CommonIdentifiers):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::opIn):
      * runtime/Completion.cpp:
      (JSC::checkSyntax):
      (JSC::evaluate):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::DateInstance):
      (JSC::DateInstance::finishCreation):
      (JSC::DateInstance::calculateGregorianDateTime):
      (JSC::DateInstance::calculateGregorianDateTimeUTC):
      * runtime/DateInstance.h:
      (DateInstance):
      (JSC::DateInstance::create):
      (JSC::DateInstance::createStructure):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncToJSON):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.cpp:
      (JSC::createError):
      (JSC::createEvalError):
      (JSC::createRangeError):
      (JSC::createReferenceError):
      (JSC::createSyntaxError):
      (JSC::createTypeError):
      (JSC::createURIError):
      (JSC::addErrorInfo):
      (JSC::throwError):
      * runtime/Error.h:
      (JSC):
      (JSC::StrictModeTypeErrorFunction::create):
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::ErrorInstance):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      (JSC::ErrorInstance::create):
      (ErrorInstance):
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::ErrorPrototype):
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::createInterruptedExecutionException):
      (JSC::createTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC):
      (JSC::InterruptedExecutionError::InterruptedExecutionError):
      (JSC::InterruptedExecutionError::create):
      (JSC::InterruptedExecutionError::createStructure):
      (JSC::TerminatedExecutionError::TerminatedExecutionError):
      (JSC::TerminatedExecutionError::create):
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC::EvalExecutable::EvalExecutable):
      (JSC::ProgramExecutable::ProgramExecutable):
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::EvalExecutable::compileOptimized):
      (JSC::EvalExecutable::compileInternal):
      (JSC::EvalExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::checkSyntax):
      (JSC::ProgramExecutable::compileOptimized):
      (JSC::ProgramExecutable::jettisonOptimizedCode):
      (JSC::ProgramExecutable::initializeGlobalProperties):
      (JSC::FunctionExecutable::compileOptimizedForCall):
      (JSC::FunctionExecutable::compileOptimizedForConstruct):
      (JSC::FunctionExecutable::produceCodeBlockFor):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
      (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
      (JSC::FunctionExecutable::fromGlobalCode):
      * runtime/Executable.h:
      (JSC::ExecutableBase::ExecutableBase):
      (JSC::ExecutableBase::finishCreation):
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::create):
      (JSC::NativeExecutable::createStructure):
      (JSC::NativeExecutable::finishCreation):
      (JSC::NativeExecutable::NativeExecutable):
      (JSC::ScriptExecutable::ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::compile):
      (EvalExecutable):
      (JSC::EvalExecutable::create):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (JSC::ProgramExecutable::compile):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::create):
      (JSC::FunctionExecutable::compileForCall):
      (FunctionExecutable):
      (JSC::FunctionExecutable::compileForConstruct):
      (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
      (JSC::FunctionExecutable::createStructure):
      (JSC::JSFunction::JSFunction):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::GCActivityCallback):
      * runtime/GCActivityCallbackBlackBerry.cpp:
      (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::doWork):
      (JSC::DefaultGCActivityCallback::didAllocate):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::GetterSetter):
      (JSC::GetterSetter::create):
      (JSC::GetterSetter::setGetter):
      (JSC::GetterSetter::setSetter):
      (JSC::GetterSetter::createStructure):
      * runtime/Identifier.cpp:
      (JSC::Identifier::add):
      (JSC::Identifier::add8):
      (JSC::Identifier::addSlowCase):
      (JSC::Identifier::from):
      (JSC::Identifier::checkCurrentIdentifierTable):
      * runtime/Identifier.h:
      (JSC::Identifier::Identifier):
      (JSC::Identifier::createLCharFromUChar):
      (Identifier):
      (JSC::Identifier::add):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::InternalFunction):
      (JSC::InternalFunction::finishCreation):
      (JSC::InternalFunction::name):
      (JSC::InternalFunction::displayName):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (InternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      (JSC::JSAPIValueWrapper::finishCreation):
      (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::create):
      (JSC::JSActivation::createStructure):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::ContiguousTypeAccessor::setWithValue):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sortVector):
      * runtime/JSArray.h:
      (JSC::JSArray::JSArray):
      (JSArray):
      (JSC::JSArray::shiftCountForShift):
      (JSC::JSArray::unshiftCountForShift):
      (JSC::JSArray::createStructure):
      (JSC::createContiguousArrayButterfly):
      (JSC::createArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      (JSC::constructArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::JSBoundFunction):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      (JSC::JSValue::toStringSlowCase):
      * runtime/JSCJSValue.h:
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::allocateCell):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::fastGetOwnProperty):
      * runtime/JSDateMath.cpp:
      (JSC::getDSTOffset):
      (JSC::getUTCOffset):
      (JSC::parseDate):
      * runtime/JSDestructibleObject.h:
      (JSC::JSDestructibleObject::JSDestructibleObject):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::JSFunction):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::createAllocationProfile):
      (JSC::JSFunction::name):
      (JSC::JSFunction::displayName):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::deleteProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      (JSC::JSFunction::create):
      (JSC::JSFunction::setScope):
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalData.cpp: Removed.
      * runtime/JSGlobalData.h: Removed.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::~JSGlobalObject):
      (JSC::JSGlobalObject::setGlobalThis):
      (JSC::JSGlobalObject::init):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::resetPrototype):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
      (JSC::JSGlobalObject::createProgramCodeBlock):
      (JSC::JSGlobalObject::createEvalCodeBlock):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::create):
      (JSGlobalObject):
      (JSC::JSGlobalObject::finishCreation):
      (JSC::JSGlobalObject::vm):
      (JSC::JSGlobalObject::createStructure):
      (JSC::ExecState::dynamicGlobalObject):
      (JSC::constructEmptyArray):
      (DynamicGlobalObjectScope):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncProtoSetter):
      * runtime/JSLock.cpp:
      (JSC::JSLockHolder::JSLockHolder):
      (JSC::JSLockHolder::init):
      (JSC::JSLockHolder::~JSLockHolder):
      (JSC::JSLock::JSLock):
      (JSC::JSLock::willDestroyGlobalData):
      (JSC::JSLock::lock):
      (JSC::JSLock::unlock):
      (JSC::JSLock::DropAllLocks::DropAllLocks):
      (JSC::JSLock::DropAllLocks::~DropAllLocks):
      * runtime/JSLock.h:
      (JSC):
      (JSLockHolder):
      (JSLock):
      (JSC::JSLock::vm):
      (DropAllLocks):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      (JSC::JSNameScope::finishCreation):
      (JSC::JSNameScope::JSNameScope):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::JSNotAnObject):
      (JSC::JSNotAnObject::create):
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::JSONObject):
      (JSC::JSONObject::finishCreation):
      (Holder):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::stringify):
      (JSC::Stringifier::toJSON):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::Walker):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncParse):
      (JSC::JSONProtoFuncStringify):
      (JSC::JSONStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::notifyPresenceOfIndexedAccessors):
      (JSC::JSObject::createInitialIndexedStorage):
      (JSC::JSObject::createInitialUndecided):
      (JSC::JSObject::createInitialInt32):
      (JSC::JSObject::createInitialDouble):
      (JSC::JSObject::createInitialContiguous):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::convertUndecidedToInt32):
      (JSC::JSObject::convertUndecidedToDouble):
      (JSC::JSObject::convertUndecidedToContiguous):
      (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
      (JSC::JSObject::convertUndecidedToArrayStorage):
      (JSC::JSObject::convertInt32ToDouble):
      (JSC::JSObject::convertInt32ToContiguous):
      (JSC::JSObject::convertInt32ToArrayStorage):
      (JSC::JSObject::genericConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToContiguous):
      (JSC::JSObject::rageConvertDoubleToContiguous):
      (JSC::JSObject::convertDoubleToArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::convertUndecidedForValue):
      (JSC::JSObject::convertInt32ForValue):
      (JSC::JSObject::setIndexQuicklyToUndecided):
      (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
      (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::rageEnsureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::setPrototypeWithCycleCheck):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::seal):
      (JSC::JSObject::freeze):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::reifyStaticFunctionsForDelete):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::putDirectNativeFunction):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureLengthSlow):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
      (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
      (DefineOwnPropertyScope):
      (JSC::JSObject::defineOwnNonIndexProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::putByIndexInline):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectOffset):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::isSealed):
      (JSC::JSObject::isFrozen):
      (JSC::JSObject::flattenDictionaryObject):
      (JSC::JSObject::ensureInt32):
      (JSC::JSObject::ensureDouble):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::rageEnsureContiguous):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSObject::ensureLength):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSC::JSFinalObject::createStructure):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSFinalObject::JSFinalObject):
      (JSC::JSFinalObject::create):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      (JSC::JSPropertyNameIterator::setCachedStructure):
      (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
      (JSC::JSPropertyNameIterator::finishCreation):
      (JSC::StructureRareData::setEnumerationCache):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::setTarget):
      * runtime/JSProxy.h:
      (JSC::JSProxy::create):
      (JSC::JSProxy::createStructure):
      (JSC::JSProxy::JSProxy):
      (JSC::JSProxy::finishCreation):
      (JSProxy):
      * runtime/JSScope.cpp:
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      * runtime/JSScope.h:
      (JSScope):
      (JSC::JSScope::JSScope):
      (JSC::JSScope::vm):
      (JSC::ExecState::vm):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSString.cpp:
      (JSC::JSRopeString::RopeBuilder::expand):
      (JSC::StringObject::create):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      (JSC::JSString::JSString):
      (JSC::JSString::finishCreation):
      (JSC::JSString::create):
      (JSC::JSString::createHasOtherOwner):
      (JSC::JSString::createStructure):
      (JSRopeString):
      (JSC::JSRopeString::RopeBuilder::RopeBuilder):
      (JSC::JSRopeString::RopeBuilder::append):
      (RopeBuilder):
      (JSC::JSRopeString::JSRopeString):
      (JSC::JSRopeString::finishCreation):
      (JSC::JSRopeString::append):
      (JSC::JSRopeString::createNull):
      (JSC::JSRopeString::create):
      (JSC::jsEmptyString):
      (JSC::jsSingleCharacterString):
      (JSC::jsSingleCharacterSubstring):
      (JSC::jsNontrivialString):
      (JSC::jsString):
      (JSC::jsSubstring):
      (JSC::jsSubstring8):
      (JSC::jsOwnedString):
      (JSC::jsStringBuilder):
      (JSC::inlineJSValueNotStringtoString):
      * runtime/JSStringJoiner.cpp:
      (JSC::JSStringJoiner::build):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::createStructure):
      (JSC::JSWithScope::JSWithScope):
      * runtime/JSWrapperObject.h:
      (JSWrapperObject):
      (JSC::JSWrapperObject::createStructure):
      (JSC::JSWrapperObject::JSWrapperObject):
      (JSC::JSWrapperObject::setInternalValue):
      * runtime/LiteralParser.cpp:
      (JSC::::tryJSONPParse):
      (JSC::::makeIdentifier):
      (JSC::::parse):
      * runtime/Lookup.cpp:
      (JSC::HashTable::createTable):
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::initializeIfNeeded):
      (JSC::HashTable::entry):
      (JSC::HashTable::begin):
      (JSC::HashTable::end):
      (HashTable):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::MathObject):
      (JSC::MathObject::finishCreation):
      (JSC::mathProtoFuncSin):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/MemoryStatistics.cpp:
      * runtime/MemoryStatistics.h:
      * runtime/NameConstructor.cpp:
      (JSC::NameConstructor::finishCreation):
      (JSC::constructPrivateName):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.cpp:
      (JSC::NameInstance::NameInstance):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::create):
      (NameInstance):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::NamePrototype):
      (JSC::NamePrototype::finishCreation):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NativeErrorPrototype.cpp:
      (JSC::NativeErrorPrototype::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      (JSC::constructWithNumberConstructor):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::NumberObject):
      (JSC::NumberObject::finishCreation):
      (JSC::constructNumber):
      * runtime/NumberObject.h:
      (NumberObject):
      (JSC::NumberObject::create):
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::NumberPrototype):
      (JSC::NumberPrototype::finishCreation):
      (JSC::integerValueToString):
      (JSC::numberProtoFuncToString):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      (JSC::objectConstructorSeal):
      (JSC::objectConstructorFreeze):
      (JSC::objectConstructorPreventExtensions):
      (JSC::objectConstructorIsSealed):
      (JSC::objectConstructorIsFrozen):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      (JSC::constructEmptyObject):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC::ObjectPrototype::finishCreation):
      (JSC::objectProtoFuncToString):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/Operations.cpp:
      (JSC::jsTypeStringForValue):
      * runtime/Operations.h:
      (JSC):
      (JSC::jsString):
      (JSC::jsStringFromArguments):
      (JSC::normalizePrototypeChainForChainAccess):
      (JSC::normalizePrototypeChain):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      (JSC::PropertyTable::createStructure):
      (PropertyTable):
      (JSC::PropertyTable::copy):
      * runtime/PropertyNameArray.h:
      (JSC::PropertyNameArray::PropertyNameArray):
      (JSC::PropertyNameArray::vm):
      (JSC::PropertyNameArray::addKnownUnique):
      (PropertyNameArray):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::create):
      (JSC::PropertyTable::clone):
      (JSC::PropertyTable::PropertyTable):
      * runtime/PrototypeMap.cpp:
      (JSC::PrototypeMap::emptyObjectStructureForPrototype):
      * runtime/RegExp.cpp:
      (JSC::RegExp::RegExp):
      (JSC::RegExp::finishCreation):
      (JSC::RegExp::createWithoutCaching):
      (JSC::RegExp::create):
      (JSC::RegExp::compile):
      (JSC::RegExp::compileIfNecessary):
      (JSC::RegExp::match):
      (JSC::RegExp::compileMatchOnly):
      (JSC::RegExp::compileIfNecessaryMatchOnly):
      * runtime/RegExp.h:
      (JSC):
      (RegExp):
      (JSC::RegExp::createStructure):
      * runtime/RegExpCache.cpp:
      (JSC::RegExpCache::lookupOrCreate):
      (JSC::RegExpCache::RegExpCache):
      (JSC::RegExpCache::addToStrongCache):
      * runtime/RegExpCache.h:
      (RegExpCache):
      * runtime/RegExpCachedResult.cpp:
      (JSC::RegExpCachedResult::lastResult):
      (JSC::RegExpCachedResult::setInput):
      * runtime/RegExpCachedResult.h:
      (JSC::RegExpCachedResult::RegExpCachedResult):
      (JSC::RegExpCachedResult::record):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::RegExpConstructor):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (RegExpConstructor):
      (JSC::RegExpConstructor::performMatch):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      (JSC::RegExpMatchesArray::reifyAllProperties):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::RegExpObject):
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::match):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::create):
      (JSC::RegExpObject::setRegExp):
      (JSC::RegExpObject::setLastIndex):
      (JSC::RegExpObject::createStructure):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncCompile):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SmallStrings.cpp:
      (JSC::SmallStrings::initializeCommonStrings):
      (JSC::SmallStrings::createEmptyString):
      (JSC::SmallStrings::createSingleCharacterString):
      (JSC::SmallStrings::initialize):
      * runtime/SmallStrings.h:
      (JSC):
      (JSC::SmallStrings::singleCharacterString):
      (SmallStrings):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::put):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::StrictEvalActivation):
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::create):
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::StringObject):
      (JSC::StringObject::finishCreation):
      (JSC::constructString):
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      (JSC::StringObject::createStructure):
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::StringPrototype):
      (JSC::StringPrototype::finishCreation):
      (JSC::removeUsingRegExpSearch):
      (JSC::replaceUsingRegExpSearch):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      (JSC::StringRecursionChecker::~StringRecursionChecker):
      * runtime/Structure.cpp:
      (JSC::StructureTransitionTable::add):
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::toCacheableDictionaryTransition):
      (JSC::Structure::toUncacheableDictionaryTransition):
      (JSC::Structure::sealTransition):
      (JSC::Structure::freezeTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      (JSC::Structure::nonPropertyTransition):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::allocateRareData):
      (JSC::Structure::cloneRareDataFrom):
      (JSC::Structure::copyPropertyTable):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::finishCreation):
      (JSC::Structure::setPrototypeWithoutTransition):
      (JSC::Structure::setGlobalObject):
      (JSC::Structure::setObjectToStringValue):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      (JSC::Structure::setPreviousID):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::StructureChain):
      * runtime/StructureChain.h:
      (JSC::StructureChain::create):
      (JSC::StructureChain::createStructure):
      (JSC::StructureChain::finishCreation):
      (StructureChain):
      * runtime/StructureInlines.h:
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      (JSC::Structure::get):
      (JSC::Structure::setEnumerationCache):
      (JSC::Structure::prototypeChain):
      (JSC::Structure::propertyTable):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::create):
      (JSC::StructureRareData::clone):
      (JSC::StructureRareData::StructureRareData):
      * runtime/StructureRareData.h:
      (StructureRareData):
      * runtime/StructureRareDataInlines.h:
      (JSC::StructureRareData::setPreviousID):
      (JSC::StructureRareData::setObjectToStringValue):
      * runtime/StructureTransitionTable.h:
      (StructureTransitionTable):
      (JSC::StructureTransitionTable::setSingleTransition):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::create):
      (JSC::SharedSymbolTable::createStructure):
      (JSC::SharedSymbolTable::SharedSymbolTable):
      * runtime/VM.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalData.cpp.
      (JSC::VM::VM):
      (JSC::VM::~VM):
      (JSC::VM::createContextGroup):
      (JSC::VM::create):
      (JSC::VM::createLeaked):
      (JSC::VM::sharedInstanceExists):
      (JSC::VM::sharedInstance):
      (JSC::VM::sharedInstanceInternal):
      (JSC::VM::getHostFunction):
      (JSC::VM::ClientData::~ClientData):
      (JSC::VM::resetDateCache):
      (JSC::VM::startSampling):
      (JSC::VM::stopSampling):
      (JSC::VM::discardAllCode):
      (JSC::VM::dumpSampleData):
      (JSC::VM::addSourceProviderCache):
      (JSC::VM::clearSourceProviderCaches):
      (JSC::VM::releaseExecutableMemory):
      (JSC::releaseExecutableMemory):
      (JSC::VM::gatherConservativeRoots):
      (JSC::VM::addRegExpToTrace):
      (JSC::VM::dumpRegExpTrace):
      * runtime/VM.h: Copied from Source/JavaScriptCore/runtime/JSGlobalData.h.
      (VM):
      (JSC::VM::isSharedInstance):
      (JSC::VM::usingAPI):
      (JSC::VM::isInitializingObject):
      (JSC::VM::setInitializingObjectClass):
      (JSC::WeakSet::heap):
      * runtime/WriteBarrier.h:
      (JSC):
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::setMayBeNull):
      (JSC::WriteBarrierBase::setEarlyValue):
      (JSC::WriteBarrier::WriteBarrier):
      * testRegExp.cpp:
      (GlobalObject):
      (GlobalObject::create):
      (GlobalObject::createStructure):
      (GlobalObject::finishCreation):
      (main):
      (testOneRegExp):
      (parseRegExpLine):
      (runFromFiles):
      (realMain):
      * yarr/YarrInterpreter.h:
      (BytecodePattern):
      * yarr/YarrJIT.cpp:
      (YarrGenerator):
      (JSC::Yarr::YarrGenerator::compile):
      (JSC::Yarr::jitCompile):
      * yarr/YarrJIT.h:
      (JSC):
      
      ../WebCore: 
      
      * ForwardingHeaders/runtime/JSGlobalData.h: Removed.
      * ForwardingHeaders/runtime/VM.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSGlobalData.h.
      * WebCore.exp.in:
      * WebCore.order:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * bindings/js/DOMObjectHashTableMap.cpp:
      (WebCore::DOMObjectHashTableMap::mapFor):
      * bindings/js/DOMObjectHashTableMap.h:
      (JSC):
      (DOMObjectHashTableMap):
      * bindings/js/DOMWrapperWorld.cpp:
      (WebCore::DOMWrapperWorld::DOMWrapperWorld):
      (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
      (WebCore::normalWorld):
      (WebCore::mainThreadNormalWorld):
      * bindings/js/DOMWrapperWorld.h:
      (WebCore::DOMWrapperWorld::create):
      (WebCore::DOMWrapperWorld::vm):
      (DOMWrapperWorld):
      (WebCore):
      * bindings/js/GCController.cpp:
      (WebCore::collect):
      (WebCore::GCController::garbageCollectSoon):
      (WebCore::GCController::garbageCollectNow):
      (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
      (WebCore::GCController::discardAllCompiledCode):
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::get):
      (WebCore::set):
      (WebCore::deserializeIDBValue):
      (WebCore::deserializeIDBValueBuffer):
      (WebCore::idbKeyToScriptValue):
      * bindings/js/JSCallbackData.h:
      (WebCore::JSCallbackData::JSCallbackData):
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver):
      (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::getHashTableForGlobalData):
      (WebCore::reportException):
      (WebCore::cacheDOMStructure):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::DOMConstructorWithDocument::finishCreation):
      (WebCore::getDOMStructure):
      (WebCore::setInlineCachedWrapper):
      (WebCore):
      (WebCore::jsStringWithCache):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::finishCreation):
      * bindings/js/JSDOMGlobalObject.h:
      (JSDOMGlobalObject):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::JSDOMWindowBase::updateDocument):
      (WebCore::JSDOMWindowBase::commonVM):
      * bindings/js/JSDOMWindowBase.h:
      (JSDOMWindowBase):
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::setLocation):
      (WebCore::DialogHandler::dialogCreated):
      (WebCore::DialogHandler::returnValue):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::finishCreation):
      (WebCore::JSDOMWindowShell::setWindow):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      (WebCore::JSDOMWindowShell::create):
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSDOMWrapper.h:
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::createAccelerationObject):
      (WebCore::createRotationRateObject):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDictionary.h:
      (WebCore::JSDictionary::JSDictionary):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::setWrapper):
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::all):
      (WebCore::JSHTMLDocument::setAll):
      * bindings/js/JSHTMLTemplateElementCustom.cpp:
      (WebCore::JSHTMLTemplateElement::content):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::state):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSImageDataCustom.cpp:
      (WebCore::toJS):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::InjectedScriptHost::nodeAsScriptValue):
      (WebCore::JSInjectedScriptHost::functionDetails):
      (WebCore::getJSListenerFunctions):
      (WebCore::JSInjectedScriptHost::getEventListeners):
      (WebCore::JSInjectedScriptHost::inspect):
      * bindings/js/JSLazyEventListener.cpp:
      (WebCore::JSLazyEventListener::initializeJSFunction):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::JSMessageEvent::data):
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSMutationCallback.cpp:
      (WebCore::JSMutationCallback::call):
      * bindings/js/JSMutationObserverCustom.cpp:
      (WebCore::JSMutationObserverConstructor::constructJSMutationObserver):
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCondition.h:
      (WebCore::JSNodeFilterCondition::create):
      (JSNodeFilterCondition):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::toNodeFilter):
      * bindings/js/JSPopStateEventCustom.cpp:
      (WebCore::cacheState):
      * bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
      (WebCore::JSRequestAnimationFrameCallback::handleEvent):
      * bindings/js/JSSQLResultSetRowListCustom.cpp:
      (WebCore::JSSQLResultSetRowList::item):
      * bindings/js/JSWorkerContextBase.cpp:
      (WebCore::JSWorkerContextBase::JSWorkerContextBase):
      (WebCore::JSWorkerContextBase::finishCreation):
      * bindings/js/JSWorkerContextBase.h:
      (WebCore::JSWorkerContextBase::createStructure):
      (JSWorkerContextBase):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScheduledAction.cpp:
      (WebCore::ScheduledAction::ScheduledAction):
      (WebCore::ScheduledAction::executeFunctionInContext):
      * bindings/js/ScheduledAction.h:
      (WebCore::ScheduledAction::ScheduledAction):
      * bindings/js/ScriptCachedFrameData.cpp:
      (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
      (WebCore::ScriptCachedFrameData::restore):
      (WebCore::ScriptCachedFrameData::clear):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      (WebCore::createScriptArguments):
      * bindings/js/ScriptController.cpp:
      (WebCore::ScriptController::createWindowShell):
      (WebCore::ScriptController::evaluateInWorld):
      (WebCore::ScriptController::createWorld):
      (WebCore::ScriptController::getAllWorlds):
      (WebCore::ScriptController::clearWindowShell):
      (WebCore::ScriptController::initScript):
      (WebCore::ScriptController::updateDocument):
      (WebCore::ScriptController::cacheableBindingRootObject):
      (WebCore::ScriptController::bindingRootObject):
      (WebCore::ScriptController::clearScriptObjects):
      (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy):
      * bindings/js/ScriptControllerMac.mm:
      (WebCore::ScriptController::windowScriptObject):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptEventListener.cpp:
      (WebCore::eventListenerHandlerBody):
      (WebCore::eventListenerHandler):
      (WebCore::eventListenerHandlerLocation):
      * bindings/js/ScriptFunctionCall.cpp:
      (WebCore::ScriptFunctionCall::call):
      (WebCore::ScriptCallback::call):
      * bindings/js/ScriptGCEvent.cpp:
      (WebCore::ScriptGCEvent::getHeapSize):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptObject::ScriptObject):
      (WebCore::ScriptGlobalObject::set):
      * bindings/js/ScriptState.h:
      (WebCore):
      * bindings/js/ScriptValue.cpp:
      (WebCore::ScriptValue::deserialize):
      * bindings/js/ScriptValue.h:
      (WebCore::ScriptValue::ScriptValue):
      * bindings/js/ScriptWrappable.h:
      (JSC):
      (ScriptWrappable):
      * bindings/js/ScriptWrappableInlines.h:
      (WebCore::ScriptWrappable::setWrapper):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::readTerminal):
      (WebCore::SerializedScriptValue::deserializeForInspector):
      (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
      * bindings/js/WebCoreJSClientData.h:
      (WebCoreJSClientData):
      (WebCore::initNormalWorldClientData):
      * bindings/js/WorkerScriptController.cpp:
      (WebCore::WorkerScriptController::WorkerScriptController):
      (WebCore::WorkerScriptController::~WorkerScriptController):
      (WebCore::WorkerScriptController::initScript):
      (WebCore::WorkerScriptController::evaluate):
      (WebCore::WorkerScriptController::scheduleExecutionTermination):
      (WebCore::WorkerScriptController::isExecutionTerminating):
      (WebCore::WorkerScriptController::disableEval):
      * bindings/js/WorkerScriptController.h:
      (JSC):
      (WebCore::WorkerScriptController::vm):
      (WorkerScriptController):
      * bindings/js/WorkerScriptDebugServer.cpp:
      (WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateCallbackImplementation):
      (JSValueToNative):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::getJSFloat64ArrayConstructorTable):
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::getJSFloat64ArrayPrototypeTable):
      (WebCore::getJSFloat64ArrayTable):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::createPrototype):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::create):
      (WebCore::JSFloat64Array::createStructure):
      (JSFloat64Array):
      (WebCore::JSFloat64ArrayPrototype::create):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayPrototype::JSFloat64ArrayPrototype):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::createPrototype):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::create):
      (WebCore::JSTestActiveDOMObject::createStructure):
      (JSTestActiveDOMObject):
      (WebCore::JSTestActiveDOMObjectPrototype::create):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCallback.cpp:
      (WebCore::JSTestCallback::callbackWithNoParam):
      (WebCore::JSTestCallback::callbackWithClass1Param):
      (WebCore::JSTestCallback::callbackWithClass2Param):
      (WebCore::JSTestCallback::callbackWithStringList):
      (WebCore::JSTestCallback::callbackWithBoolean):
      (WebCore::JSTestCallback::callbackRequiresThisToPass):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::createPrototype):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::create):
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (JSTestCustomNamedGetter):
      (WebCore::JSTestCustomNamedGetterPrototype::create):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::create):
      (WebCore::JSTestEventConstructor::createStructure):
      (JSTestEventConstructor):
      (WebCore::JSTestEventConstructorPrototype::create):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::createPrototype):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::create):
      (WebCore::JSTestEventTarget::createStructure):
      (JSTestEventTarget):
      (WebCore::JSTestEventTargetPrototype::create):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::createPrototype):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::create):
      (WebCore::JSTestException::createStructure):
      (JSTestException):
      (WebCore::JSTestExceptionPrototype::create):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::createPrototype):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::create):
      (WebCore::JSTestInterface::createStructure):
      (JSTestInterface):
      (WebCore::JSTestInterfacePrototype::create):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::createPrototype):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::create):
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (JSTestMediaQueryListListener):
      (WebCore::JSTestMediaQueryListListenerPrototype::create):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::createPrototype):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::create):
      (WebCore::JSTestNamedConstructor::createStructure):
      (JSTestNamedConstructor):
      (WebCore::JSTestNamedConstructorPrototype::create):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::createPrototype):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::create):
      (WebCore::JSTestNode::createStructure):
      (JSTestNode):
      (WebCore::JSTestNodePrototype::create):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodePrototype::JSTestNodePrototype):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::createPrototype):
      (WebCore::jsTestObjCachedAttribute1):
      (WebCore::jsTestObjCachedAttribute2):
      (WebCore::setJSTestObjConditionalAttr4Constructor):
      (WebCore::setJSTestObjConditionalAttr5Constructor):
      (WebCore::setJSTestObjConditionalAttr6Constructor):
      (WebCore::setJSTestObjAnyAttribute):
      (WebCore::setJSTestObjReplaceableAttribute):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::create):
      (WebCore::JSTestObj::createStructure):
      (JSTestObj):
      (WebCore::JSTestObjPrototype::create):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjPrototype::JSTestObjPrototype):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::createPrototype):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::create):
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (JSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsPrototype::create):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::createPrototype):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedValue):
      (WebCore::jsTestSerializedScriptValueInterfaceCachedReadonlyValue):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::create):
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (JSTestSerializedScriptValueInterface):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::create):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::createPrototype):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::create):
      (WebCore::JSTestTypedefs::createStructure):
      (JSTestTypedefs):
      (WebCore::JSTestTypedefsPrototype::create):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      * bridge/jsc/BridgeJSC.cpp:
      (JSC::Bindings::Instance::createRuntimeObject):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::createStructure):
      (ObjCRuntimeMethod::finishCreation):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::~QtInstance):
      (JSC::Bindings::QtInstance::getQtInstance):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (JSC::RuntimeMethod::createStructure):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      (JSC::Bindings::RuntimeObject::finishCreation):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      * bridge/runtime_root.cpp:
      (JSC::Bindings::RootObject::RootObject):
      (JSC::Bindings::RootObject::gcProtect):
      (JSC::Bindings::RootObject::gcUnprotect):
      (JSC::Bindings::RootObject::updateGlobalObject):
      (JSC::Bindings::RootObject::addRuntimeObject):
      * bridge/runtime_root.h:
      (RootObject):
      * dom/Node.cpp:
      * dom/Node.h:
      (JSC):
      * dom/ScriptExecutionContext.cpp:
      (WebCore::ScriptExecutionContext::vm):
      * dom/ScriptExecutionContext.h:
      (JSC):
      (ScriptExecutionContext):
      * html/HTMLCanvasElement.cpp:
      (WebCore::HTMLCanvasElement::createImageBuffer):
      * html/HTMLImageLoader.cpp:
      (WebCore::HTMLImageLoader::notifyFinished):
      * inspector/ScriptArguments.cpp:
      (WebCore::ScriptArguments::ScriptArguments):
      * loader/icon/IconDatabaseBase.cpp:
      (WebCore):
      (WebCore::iconDatabase):
      (WebCore::setGlobalIconDatabase):
      * platform/qt/MemoryUsageSupportQt.cpp:
      (WebCore::memoryUsageKB):
      (WebCore::actualMemoryUsageKB):
      * platform/win/ClipboardUtilitiesWin.cpp:
      (WebCore::createGlobalData):
      * plugins/PluginView.cpp:
      (WebCore::PluginView::start):
      (WebCore::PluginView::stop):
      (WebCore::PluginView::performRequest):
      (WebCore::PluginView::npObject):
      (WebCore::PluginView::privateBrowsingStateChanged):
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      (WebCore::PluginView::getWindowInfo):
      * plugins/efl/PluginViewEfl.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      * plugins/gtk/PluginViewGtk.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      (WebCore::PluginView::platformStart):
      * plugins/mac/PluginViewMac.mm:
      (WebCore::PluginView::platformStart):
      * plugins/qt/PluginViewQt.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::setNPWindowIfNeeded):
      * plugins/win/PluginViewWin.cpp:
      (WebCore::PluginView::dispatchNPEvent):
      (WebCore::PluginView::handleKeyboardEvent):
      (WebCore::PluginView::handleMouseEvent):
      (WebCore::PluginView::setNPWindowRect):
      * testing/js/WebCoreTestSupport.cpp:
      (WebCoreTestSupport::injectInternalsObject):
      * xml/XMLHttpRequest.cpp:
      (WebCore::XMLHttpRequest::dropProtection):
      
      ../WebKit/blackberry: 
      
      * Api/BlackBerryGlobal.cpp:
      (BlackBerry::WebKit::clearMemoryCaches):
      * WebKitSupport/AboutData.cpp:
      * WebKitSupport/DumpRenderTreeSupport.cpp:
      (DumpRenderTreeSupport::javaScriptObjectsCount):
      
      ../WebKit/efl: 
      
      * WebCoreSupport/DumpRenderTreeSupportEfl.cpp:
      (DumpRenderTreeSupportEfl::javaScriptObjectsCount):
      
      ../WebKit/gtk: 
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      (DumpRenderTreeSupportGtk::gcCountJavascriptObjects):
      
      ../WebKit/mac: 
      
      * Misc/WebCoreStatistics.mm:
      (+[WebCoreStatistics javaScriptObjectsCount]):
      (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
      (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
      (+[WebCoreStatistics javaScriptObjectTypeCounts]):
      (+[WebCoreStatistics shouldPrintExceptions]):
      (+[WebCoreStatistics setShouldPrintExceptions:]):
      (+[WebCoreStatistics memoryStatistics]):
      (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
      * Plugins/Hosted/NetscapePluginHostProxy.mm:
      (identifierFromIdentifierRep):
      * Plugins/Hosted/NetscapePluginInstanceProxy.h:
      (LocalObjectMap):
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::LocalObjectMap::idForObject):
      (WebKit::NetscapePluginInstanceProxy::getWindowNPObject):
      (WebKit::NetscapePluginInstanceProxy::getPluginElementNPObject):
      (WebKit::NetscapePluginInstanceProxy::evaluate):
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::createStructure):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getPropertyNames):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::create):
      (WebKit::ProxyRuntimeObject::createStructure):
      * Plugins/WebNetscapePluginStream.mm:
      (WebNetscapePluginStream::wantsAllStreams):
      * Plugins/WebNetscapePluginView.mm:
      (-[WebNetscapePluginView sendEvent:isDrawRect:]):
      (-[WebNetscapePluginView privateBrowsingModeDidChange]):
      (-[WebNetscapePluginView setWindowIfNecessary]):
      (-[WebNetscapePluginView createPluginScriptableObject]):
      (-[WebNetscapePluginView getFormValue:]):
      (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
      (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
      (-[WebNetscapePluginView loadPluginRequest:]):
      (-[WebNetscapePluginView _printedPluginBitmap]):
      * Plugins/WebPluginController.mm:
      (+[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
      (-[WebPluginController stopOnePlugin:]):
      (-[WebPluginController destroyOnePlugin:]):
      (-[WebPluginController startAllPlugins]):
      (-[WebPluginController addPlugin:]):
      * WebKit.order:
      * WebView/WebScriptDebugDelegate.mm:
      (-[WebScriptCallFrame scopeChain]):
      (-[WebScriptCallFrame evaluateWebScript:]):
      * WebView/WebScriptDebugger.mm:
      (WebScriptDebugger::WebScriptDebugger):
      
      ../WebKit/qt: 
      
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (DumpRenderTreeSupportQt::javaScriptObjectsCount):
      * WebCoreSupport/QWebFrameAdapter.cpp:
      (QWebFrameAdapter::addToJavaScriptWindowObject):
      
      ../WebKit/win: 
      
      * WebCoreStatistics.cpp:
      (WebCoreStatistics::javaScriptObjectsCount):
      (WebCoreStatistics::javaScriptGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectsCount):
      (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
      (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
      * WebJavaScriptCollector.cpp:
      (WebJavaScriptCollector::objectCount):
      
      ../WebKit2: 
      
      * Shared/linux/WebMemorySamplerLinux.cpp:
      (WebKit::WebMemorySampler::sampleWebKit):
      * Shared/mac/WebMemorySampler.mac.mm:
      (WebKit::WebMemorySampler::sampleWebKit):
      * WebProcess/InjectedBundle/InjectedBundle.cpp:
      (WebKit::InjectedBundle::javaScriptObjectsCount):
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      (WebKit::JSNPMethod::createStructure):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::JSNPObject):
      (WebKit::JSNPObject::finishCreation):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (WebKit::JSNPObject::create):
      (WebKit::JSNPObject::createStructure):
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::create):
      (WebKit::NPJSObject::initialize):
      * WebProcess/Plugins/Netscape/NPJSObject.h:
      (JSC):
      (NPJSObject):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      (WebKit::NPRuntimeObjectMap::evaluate):
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
      (JSC):
      (NPRuntimeObjectMap):
      * WebProcess/Plugins/PluginView.cpp:
      (WebKit::PluginView::windowScriptNPObject):
      (WebKit::PluginView::pluginElementNPObject):
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::runJavaScriptInMainFrame):
      * WebProcess/WebProcess.cpp:
      (WebKit::WebProcess::getWebCoreStatistics):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148696 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a9a4b52
  12. 08 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      REGRESSION (r138921): Crash in JSC::Arguments::create · 608ecbe4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=106329
      <rdar://problem/12974196>
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      Arguments::finishCreation() that takes an InlineCallFrame* needs to understand that the callee can
      be unset, indicating that the callee needs to be loaded from the true call frame. This adds a
      method to InlineCallFrame to do just that.
      
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::calleeForCallFrame):
      * bytecode/CodeOrigin.h:
      (InlineCallFrame):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreation):
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
      
      * fast/js/dfg-create-inlined-arguments-in-closure-inline-expected.txt: Added.
      * fast/js/dfg-create-inlined-arguments-in-closure-inline.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-create-inlined-arguments-in-closure-inline.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139109 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      608ecbe4
  13. 09 Nov, 2012 1 commit
  14. 07 Nov, 2012 1 commit
    • oliver@apple.com's avatar
      Reduce parser overhead in JSC · f0c01b8e
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101127
      
      Reviewed by Filip Pizlo.
      
      An exciting journey into the world of architecture in which our hero
      adds yet another layer to JSC codegeneration.
      
      This patch adds a marginally more compact form of bytecode that is
      free from any data specific to a given execution context, and that
      does store any data structures necessary for execution.  To actually
      execute this UnlinkedBytecode we still need to instantiate a real
      CodeBlock, but this is a much faster linear time operation than any
      of the earlier parsing or code generation passes.
      
      As the unlinked code is context free we can then simply use a cache
      from source to unlinked code mapping to completely avoid all of the
      old parser overhead.  The cache is currently very simple and memory
      heavy, using the complete source text as a key (rather than SourceCode
      or equivalent), and a random eviction policy.
      
      This seems to produce a substantial win when loading identical content
      in different contexts.
      
      * API/tests/testapi.c:
      (main):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
          Moved a number of fields, and a bunch of logic to UnlinkedCodeBlock.h/cpp
      * bytecode/Opcode.h:
          Added a global const init no op instruction needed to get correct
          behaviour without any associated semantics.
      * bytecode/UnlinkedCodeBlock.cpp: Added.
      * bytecode/UnlinkedCodeBlock.h: Added.
          A fairly shallow, GC allocated version of the old CodeBlock
          classes with a 32bit instruction size, and just metadata
          size tracking.
      * bytecompiler/BytecodeGenerator.cpp:
      * bytecompiler/BytecodeGenerator.h:
          Replace direct access to m_symbolTable with access through
          symbolTable().  ProgramCode no longer has a symbol table at
          all so some previously unconditional (and pointless) uses
          of symbolTable get null checks.
          A few other changes to deal with type changes due to us generating
          unlinked code (eg. pointer free, so profile indices rather than
          pointers).
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCapabilities.h:
          Support global_init_nop
      * interpreter/Interpreter.cpp:
          Now get the ProgramExecutable to initialise new global properties
          before starting execution.
      * jit/JIT.cpp:
      * jit/JITDriver.h:
      * jit/JITStubs.cpp:
      * llint/LLIntData.cpp:
      * llint/LLIntSlowPaths.cpp:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
          Adding init_global_const_nop everywhere else
      * parser/Parser.h:
      * parser/ParserModes.h: Added.
      * parser/ParserTokens.h:
          Parser no longer needs a global object or callframe to function
      * runtime/CodeCache.cpp: Added.
      * runtime/CodeCache.h: Added.
          A simple, random eviction, Source->UnlinkedCode cache
      * runtime/Executable.cpp:
      * runtime/Executable.h:
          Executables now reference their unlinked counterparts, and
          request code specifically for the target global object.
      * runtime/JSGlobalData.cpp:
      * runtime/JSGlobalData.h:
          GlobalData now owns a CodeCache and a set of new structures
          for the unlinked code types.
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
          Utility functions used by executables to perform compilation
      
      * runtime/JSType.h:
        Add new JSTypes for unlinked code
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133688 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f0c01b8e
  15. 03 Oct, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Delayed structure sweep can leak structures without bound · 30738a77
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96546
      
      Reviewed by Geoffrey Garen.
      
      This patch gets rid of the separate Structure allocator in the MarkedSpace and adds two new destructor-only
      allocators. We now have separate allocators for our three types of objects: those objects with no destructors,
      those objects with destructors and with immortal structures, and those objects with destructors that don't have 
      immortal structures. All of the objects of the third type (destructors without immortal structures) now 
      inherit from a new class named JSDestructibleObject (which in turn is a subclass of JSNonFinalObject), which stores 
      the ClassInfo for these classes at a fixed offset for safe retrieval during sweeping/destruction.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp: Use JSDestructibleObject for JSCallbackConstructor.
      (JSC):
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      * API/JSCallbackConstructor.h:
      (JSCallbackConstructor):
      * API/JSCallbackObject.cpp: Inherit from JSDestructibleObject for normal JSCallbackObjects and use a finalizer for 
      JSCallbackObject<JSGlobalObject>, since JSGlobalObject also uses a finalizer.
      (JSC):
      (JSC::::create): We need to move the create function for JSCallbackObject<JSGlobalObject> out of line so we can add 
      the finalizer for it. We don't want to add the finalizer is something like finishCreation in case somebody decides 
      to subclass this. We use this same technique for many other subclasses of JSGlobalObject.
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      (JSC):
      * API/JSClassRef.cpp: Change all the JSCallbackObject<JSNonFinalObject> to use JSDestructibleObject instead.
      (OpaqueJSClass::prototype):
      * API/JSObjectRef.cpp: Ditto.
      (JSObjectMake):
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp: Ditto.
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGSpeculativeJIT.h: Use the proper allocator type when doing inline allocation in the DFG.
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * heap/Heap.cpp:
      (JSC):
      * heap/Heap.h: Add accessors for the various types of allocators now. Also remove the isSafeToSweepStructures function 
      since it's always safe to sweep Structures now.
      (JSC::Heap::allocatorForObjectWithNormalDestructor): 
      (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
      (Heap):
      (JSC::Heap::allocateWithNormalDestructor):
      (JSC):
      (JSC::Heap::allocateWithImmortalStructureDestructor):
      * heap/IncrementalSweeper.cpp: Remove all the logic to detect when it's safe to sweep Structures from the 
      IncrementalSweeper since it's always safe to sweep Structures now.
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp: Remove the logic that was preventing us from sweeping Structures if it wasn't safe. Add 
      tracking of the specific destructor type of allocator. 
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::destructorType):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp: Add all the destructor type stuff to MarkedBlocks so that we do the right thing when sweeping. 
      We also use the stored destructor type to determine the right thing to do in all JSCell::classInfo() calls.
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC):
      (JSC::MarkedBlock::allocator):
      (JSC::MarkedBlock::destructorType):
      * heap/MarkedSpace.cpp: Add the new destructor allocators to MarkedSpace.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor):
      (JSC::MarkedSpace::normalDestructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithImmortalStructureDestructor):
      (JSC::MarkedSpace::allocateWithNormalDestructor):
      (JSC::MarkedSpace::forEachBlock):
      * heap/SlotVisitor.cpp: Add include because the symbol was needed in an inlined function.
      * jit/JIT.h: Make sure we use the correct allocator when doing inline allocations in the baseline JIT.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSArray):
      * jsc.cpp: 
      (GlobalObject::create): Add finalizer here since JSGlobalObject needs to use a finalizer instead of inheriting from 
      JSDestructibleObject.
      * runtime/Arguments.cpp: Inherit from JSDestructibleObject.
      (JSC):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::Arguments):
      * runtime/ErrorPrototype.cpp: Added an assert to make sure we have a trivial destructor.
      (JSC):
      * runtime/Executable.h: Indicate that all of the Executable* classes have immortal Structures.
      (JSC):
      * runtime/InternalFunction.cpp: Inherit from JSDestructibleObject.
      (JSC):
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSCell.h: Added two static bools, needsDestruction and hasImmortalStructure, that classes can override 
      to indicate at compile time which part of the heap they should be allocated in.
      (JSC::allocateCell): Use the appropriate allocator depending on the destructor type.
      * runtime/JSDestructibleObject.h: Added. New class that stores the ClassInfo of any subclass so that it can be 
      accessed safely when the object is being destroyed.
      (JSC):
      (JSDestructibleObject):
      (JSC::JSDestructibleObject::classInfo):
      (JSC::JSDestructibleObject::JSDestructibleObject):
      (JSC::JSCell::classInfo): Checks the current MarkedBlock to see where it should get the ClassInfo from so that it's always safe.
      * runtime/JSGlobalObject.cpp: JSGlobalObject now uses a finalizer instead of a destructor so that it can avoid forcing all 
      of its relatives in the inheritance hierarchy (e.g. JSScope) to use destructors as well.
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::createRareDataIfNeeded): Since we always create a finalizer now, we don't have to worry about adding one 
      for the m_rareData field when it's created.
      (JSC::JSGlobalObject::create):
      (JSC):
      * runtime/JSGlobalThis.h: Inherit from JSDestructibleObject.
      (JSGlobalThis):
      (JSC::JSGlobalThis::JSGlobalThis):
      * runtime/JSPropertyNameIterator.h: Has an immortal Structure.
      (JSC):
      * runtime/JSScope.cpp:
      (JSC):
      * runtime/JSString.h: Has an immortal Structure.
      (JSC):
      * runtime/JSWrapperObject.h: Inherit from JSDestructibleObject.
      (JSWrapperObject):
      (JSC::JSWrapperObject::JSWrapperObject):
      * runtime/MathObject.cpp: Cleaning up some of the inheritance stuff.
      (JSC):
      * runtime/NameInstance.h: Inherit from JSDestructibleObject.
      (NameInstance):
      * runtime/RegExp.h: Has immortal Structure.
      (JSC):
      * runtime/RegExpObject.cpp: Inheritance cleanup.
      (JSC):
      * runtime/SparseArrayValueMap.h: Has immortal Structure.
      (JSC):
      * runtime/Structure.h: Has immortal Structure.
      (JSC):
      * runtime/StructureChain.h: Ditto.
      (JSC):
      * runtime/SymbolTable.h: Ditto.
      (SharedSymbolTable):
      (JSC):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/runtime/JSDestructableObject.h: Added.
      * bindings/js/JSDOMWrapper.h: Inherits from JSDestructibleObject.
      (JSDOMWrapper):
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/scripts/CodeGeneratorJS.pm: Add finalizers to anything that inherits from JSGlobalObject,
      e.g. JSDOMWindow and JSWorkerContexts. For those classes we also need to define needsDestruction as true.
      (GenerateHeader):
      * bridge/objc/objc_runtime.h: Inherit from JSDestructibleObject.
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (Bindings):
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      * bridge/runtime_array.cpp: Use a finalizer so that JSArray isn't forced to inherit from JSDestructibleObject.
      (JSC):
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC):
      * bridge/runtime_object.cpp: Inherit from JSDestructibleObject.
      (Bindings):
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130303 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      30738a77
  16. 22 Sep, 2012 1 commit
    • ggaren@apple.com's avatar
      Optimized closures that capture arguments · be8ad1fd
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97358
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      Previously, the activation object was responsible for capturing all
      arguments in a way that was convenient for the arguments object. Now,
      we move all captured variables into a contiguous region in the stack,
      allocate an activation for exactly that size, and make the arguments
      object responsible for knowing all the places to which arguments could
      have moved.
      
      This seems like the right tradeoff because
      
          (a) Closures are common and long-lived, so we want them to be small.
      
          (b) Our primary strategy for optimizing the arguments object is to make
          it go away. If you're allocating arguments objects, you're already having
          a bad time.
      
          (c) It's common to use either the arguments object or named argument
          closure, but not both.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::argumentsRegister):
      (JSC::CodeBlock::activationRegister):
      (JSC::CodeBlock::isCaptured):
      (JSC::CodeBlock::argumentIndexAfterCapture): m_numCapturedVars is gone
      now -- we have an explicit range instead.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator): Move captured arguments
      into the captured region of local variables for space efficiency. Record
      precise data about where they moved for the sake of the arguments object.
      
      Some of this data was previously wrong, but it didn't cause any problems
      because the arguments weren't actually moving.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables): Don't
      assume that captured vars are in any particular location -- always ask
      the CodeBlock. This is better encapsulation.
      
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): I rename things sometimes.
      
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff): Account for a particularly nasty edge case.
      
      (JSC::Arguments::didTearOffActivation): Don't allocate our slow arguments
      data on tear-off. We need to allocate it eagerly instead, since we need
      to know about displaced, captured arguments during access before tear-off.
      
      * runtime/Arguments.h:
      (JSC::Arguments::allocateSlowArguments):
      (JSC::Arguments::argument): Tell our slow arguments array where all arguments
      are, even if they are not captured. This simplifies some things, so we don't
      have to account explicitly for the full matrix of (not torn off, torn off)
      * (captured, not captured).
      
      (JSC::Arguments::finishCreation): Allocate our slow arguments array eagerly
      because we need to know about displaced, captured arguments during access
      before tear-off.
      
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::parameterCount):
      (FunctionExecutable):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::create):
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::registerOffset):
      (JSC::JSActivation::tearOff):
      (JSC::JSActivation::allocationSize):
      (JSC::JSActivation::isValid): This is really the point of the patch. All
      the pointer math in Activations basically boils away, since we always
      copy a contiguous region of captured variables now.
      
      * runtime/SymbolTable.h:
      (JSC::SlowArgument::SlowArgument):
      (SlowArgument):
      (SharedSymbolTable):
      (JSC::SharedSymbolTable::captureCount):
      (JSC::SharedSymbolTable::SharedSymbolTable): AllOfTheThings capture mode
      is gone now -- that's the point of the patch. indexIfCaptured gets renamed
      to index because we always have an index, even if not captured. (The only
      time when the index is meaningless is when we're Deleted.)
      
      LayoutTests: 
      
      * fast/js/dfg-arguments-alias-activation-expected.txt:
      * fast/js/dfg-arguments-alias-activation.html:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129297 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      be8ad1fd
  17. 19 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should not call out to C++ every time that it tries to put to an object... · 497c7515
      fpizlo@apple.com authored
      DFG should not call out to C++ every time that it tries to put to an object that doesn't yet have array storage
      https://bugs.webkit.org/show_bug.cgi?id=96983
      
      Reviewed by Oliver Hunt.
      
      Introduce more polymorphism into the DFG's array mode support. Use that to
      introduce the notion of effectul array modes, where the check for the mode
      will perform actions necessary to ensure that we have the mode we want, if
      the object is not already in that mode. Also added profiling support for
      checking if an object is of a type that would not allow us to create array
      storage (like a typed array or a string for example).
              
      This is a ~2x speed-up on loops that transform an object that did not have
      indexed storage into one that does.
      
      * JSCTypedArrayStubs.h:
      (JSC):
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::computeUpdatedPrediction):
      * bytecode/ArrayProfile.h:
      (JSC::ArrayProfile::ArrayProfile):
      (JSC::ArrayProfile::mayInterceptIndexedAccesses):
      (ArrayProfile):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (DFG):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::isSlowPutAccess):
      (JSC::DFG::benefitsFromStructureCheck):
      (JSC::DFG::isEffectful):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getArrayMode):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasArrayMode):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (DFG):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::ensureArrayStorage):
      * runtime/JSString.h:
      (JSC::JSString::createStructure):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      497c7515
  18. 18 Sep, 2012 2 commits
    • ossy@webkit.org's avatar
      Unreviewed, rolling out r128826 and r128813. · 7c7e4274
      ossy@webkit.org authored
      Source/JavaScriptCore:
      
      * API/JSCallbackConstructor.cpp:
      (JSC):
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      * API/JSCallbackConstructor.h:
      (JSCallbackConstructor):
      * API/JSCallbackObject.cpp:
      (JSC):
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::create):
      (JSCallbackObject):
      * API/JSClassRef.cpp:
      (OpaqueJSClass::prototype):
      * API/JSObjectRef.cpp:
      (JSObjectMake):
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp:
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp:
      * GNUmakefile.list.am:
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * heap/Heap.cpp:
      (JSC::Heap::isSafeToSweepStructures):
      (JSC):
      * heap/Heap.h:
      (JSC::Heap::allocatorForObjectWithDestructor):
      (Heap):
      (JSC::Heap::allocateWithDestructor):
      (JSC::Heap::allocateStructure):
      (JSC):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC::IncrementalSweeper::structuresCanBeSwept):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::cellsNeedDestruction):
      (JSC::MarkedAllocator::onlyContainsStructures):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC):
      (MarkedBlock):
      (JSC::MarkedBlock::cellsNeedDestruction):
      (JSC::MarkedBlock::onlyContainsStructures):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (Subspace):
      (JSC::MarkedSpace::allocatorFor):
      (JSC::MarkedSpace::destructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithDestructor):
      (JSC::MarkedSpace::allocateStructure):
      (JSC::MarkedSpace::forEachBlock):
      * heap/SlotVisitor.cpp:
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSArray):
      * jsc.cpp:
      (GlobalObject::create):
      * runtime/Arguments.cpp:
      (JSC):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::Arguments):
      * runtime/ErrorPrototype.cpp:
      (JSC):
      * runtime/Executable.h:
      * runtime/InternalFunction.cpp:
      (JSC):
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSCell.h:
      (JSC):
      (JSC::allocateCell):
      * runtime/JSDestructibleObject.h: Removed.
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::createRareDataIfNeeded):
      (JSC::JSGlobalObject::create):
      * runtime/JSGlobalThis.h:
      (JSGlobalThis):
      (JSC::JSGlobalThis::JSGlobalThis):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSScope.cpp:
      (JSC):
      * runtime/JSString.h:
      (JSC):
      * runtime/JSWrapperObject.h:
      (JSWrapperObject):
      (JSC::JSWrapperObject::JSWrapperObject):
      * runtime/MathObject.cpp:
      (JSC):
      * runtime/NameInstance.h:
      (NameInstance):
      * runtime/RegExp.h:
      * runtime/RegExpObject.cpp:
      (JSC):
      * runtime/SparseArrayValueMap.h:
      * runtime/Structure.h:
      (JSC::Structure):
      (JSC::JSCell::classInfo):
      (JSC):
      * runtime/StructureChain.h:
      * runtime/SymbolTable.h:
      * testRegExp.cpp:
      (GlobalObject::create):
      
      Source/WebCore:
      
      * ForwardingHeaders/runtime/JSDestructibleObject.h: Removed.
      * bindings/js/JSDOMWrapper.h:
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      * bridge/objc/objc_runtime.h:
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (Bindings):
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      * bridge/runtime_array.cpp:
      (JSC):
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      * bridge/runtime_object.cpp:
      (Bindings):
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit):
      (WebKit::JSNPObject::JSNPObject):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (JSNPObject):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128851 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7c7e4274
    • ggaren@apple.com's avatar
      Refactored the arguments object so it doesn't dictate closure layout · af710d81
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96955
      
      Reviewed by Oliver Hunt.
      
      * bytecode/CodeBlock.h:
      (JSC::ExecState::argumentAfterCapture): Helper function for accessing an
      argument that has been moved for capture.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator): Generate metadata for arguments
      that are captured. We don't move any arguments yet, but we do use this
      metadata to tell the arguments object if an argument is stored in the
      activation.
      
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): Updated for the arguments object not
      malloc'ing a separate backing store, and for a rename from deletedArguments
      to slowArguments.
      
      * interpreter/CallFrame.h:
      (ExecState):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::unwindCallFrame):
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL): Updated for small interface changes.
      
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      (JSC::Arguments::copyToArguments):
      (JSC::Arguments::fillArgList):
      (JSC::Arguments::getOwnPropertySlotByIndex):
      (JSC::Arguments::createStrictModeCallerIfNecessary):
      (JSC::Arguments::createStrictModeCalleeIfNecessary):
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::getOwnPropertyNames):
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      (JSC::Arguments::tearOff): Moved all data inline into the object, for speed,
      and refactored all internal argument accesses to use helper functions, so
      we can change the implementation without changing lots of code.
      
      (JSC::Arguments::didTearOffActivation): This function needs to account
      for arguments that were moved by the activation object. We do this accounting
      through a side vector that tells us where our arguments will be in the
      activation.
      
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::length):
      (JSC::Arguments::isTornOff):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::allocateSlowArguments):
      (JSC::Arguments::tryDeleteArgument):
      (JSC::Arguments::trySetArgument):
      (JSC::Arguments::tryGetArgument):
      (JSC::Arguments::isDeletedArgument):
      (JSC::Arguments::isArgument):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation):
      
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSActivation):
      (JSC::JSActivation::captureStart):
      (JSC::JSActivation::storageSize):
      (JSC::JSActivation::registerOffset):
      (JSC::JSActivation::isValid): The activation object is no longer responsible
      for copying extra arguments provided by the caller. The argumnents object
      does this instead. This means we can allocate and initialize an activation
      without worrying about the call frame's argument count.
      
      * runtime/SymbolTable.h:
      (JSC::SlowArgument::SlowArgument):
      (SlowArgument):
      (JSC):
      (JSC::SharedSymbolTable::parameterCount):
      (SharedSymbolTable):
      (JSC::SharedSymbolTable::slowArguments):
      (JSC::SharedSymbolTable::setSlowArguments): Added data structures to back
      the algorithms above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128832 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      af710d81
  19. 17 Sep, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Delayed structure sweep can leak structures without bound · 013fd88d
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96546
      
      Reviewed by Gavin Barraclough.
      
      This patch gets rid of the separate Structure allocator in the MarkedSpace and adds two new destructor-only
      allocators. We now have separate allocators for our three types of objects: those objects with no destructors,
      those objects with destructors and with immortal structures, and those objects with destructors that don't have 
      immortal structures. All of the objects of the third type (destructors without immortal structures) now 
      inherit from a new class named JSDestructibleObject (which in turn is a subclass of JSNonFinalObject), which stores 
      the ClassInfo for these classes at a fixed offset for safe retrieval during sweeping/destruction.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp: Use JSDestructibleObject for JSCallbackConstructor.
      (JSC):
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      * API/JSCallbackConstructor.h:
      (JSCallbackConstructor):
      * API/JSCallbackObject.cpp: Inherit from JSDestructibleObject for normal JSCallbackObjects and use a finalizer for 
      JSCallbackObject<JSGlobalObject>, since JSGlobalObject also uses a finalizer.
      (JSC):
      (JSC::::create): We need to move the create function for JSCallbackObject<JSGlobalObject> out of line so we can add 
      the finalizer for it. We don't want to add the finalizer is something like finishCreation in case somebody decides 
      to subclass this. We use this same technique for many other subclasses of JSGlobalObject.
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      (JSC):
      * API/JSClassRef.cpp: Change all the JSCallbackObject<JSNonFinalObject> to use JSDestructibleObject instead.
      (OpaqueJSClass::prototype):
      * API/JSObjectRef.cpp: Ditto.
      (JSObjectMake):
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp: Ditto.
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGSpeculativeJIT.h: Use the proper allocator type when doing inline allocation in the DFG.
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * heap/Heap.cpp:
      (JSC):
      * heap/Heap.h: Add accessors for the various types of allocators now. Also remove the isSafeToSweepStructures function 
      since it's always safe to sweep Structures now.
      (JSC::Heap::allocatorForObjectWithNormalDestructor): 
      (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
      (Heap):
      (JSC::Heap::allocateWithNormalDestructor):
      (JSC):
      (JSC::Heap::allocateWithImmortalStructureDestructor):
      * heap/IncrementalSweeper.cpp: Remove all the logic to detect when it's safe to sweep Structures from the 
      IncrementalSweeper since it's always safe to sweep Structures now.
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp: Remove the logic that was preventing us from sweeping Structures if it wasn't safe. Add 
      tracking of the specific destructor type of allocator. 
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::destructorType):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp: Add all the destructor type stuff to MarkedBlocks so that we do the right thing when sweeping. 
      We also use the stored destructor type to determine the right thing to do in all JSCell::classInfo() calls.
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC):
      (JSC::MarkedBlock::allocator):
      (JSC::MarkedBlock::destructorType):
      * heap/MarkedSpace.cpp: Add the new destructor allocators to MarkedSpace.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor):
      (JSC::MarkedSpace::normalDestructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithImmortalStructureDestructor):
      (JSC::MarkedSpace::allocateWithNormalDestructor):
      (JSC::MarkedSpace::forEachBlock):
      * heap/SlotVisitor.cpp: Add include because the symbol was needed in an inlined function.
      * jit/JIT.h: Make sure we use the correct allocator when doing inline allocations in the baseline JIT.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSArray):
      * jsc.cpp: 
      (GlobalObject::create): Add finalizer here since JSGlobalObject needs to use a finalizer instead of inheriting from 
      JSDestructibleObject.
      * runtime/Arguments.cpp: Inherit from JSDestructibleObject.
      (JSC):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::Arguments):
      * runtime/ErrorPrototype.cpp: Added an assert to make sure we have a trivial destructor.
      (JSC):
      * runtime/Executable.h: Indicate that all of the Executable* classes have immortal Structures.
      (JSC):
      * runtime/InternalFunction.cpp: Inherit from JSDestructibleObject.
      (JSC):
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSCell.h: Added the NEEDS_DESTRUCTOR  macro to make it easier for classes to indicate that instead of being 
      allocated in a destructor MarkedAllocator that they will handle their destruction themselves through the 
      use of a finalizer.
      (JSC):
      (HasImmortalStructure): New template to help us determine at compile-time if a particular class 
      should be allocated in the immortal structure MarkedAllocator. The default value is false. In order 
      to be allocated in the immortal structure allocator, classes must specialize this template. Also added 
      a macro to make it easier for classes to specialize the template.
      (JSC::allocateCell): Use the appropriate allocator depending on the destructor type.
      * runtime/JSDestructibleObject.h: Added. New class that stores the ClassInfo of any subclass so that it can be 
      accessed safely when the object is being destroyed.
      (JSC):
      (JSDestructibleObject):
      (JSC::JSDestructibleObject::classInfo):
      (JSC::JSDestructibleObject::JSDestructibleObject):
      (JSC::JSCell::classInfo): Checks the current MarkedBlock to see where it should get the ClassInfo from so that it's always safe.
      * runtime/JSGlobalObject.cpp: JSGlobalObject now uses a finalizer instead of a destructor so that it can avoid forcing all 
      of its relatives in the inheritance hierarchy (e.g. JSScope) to use destructors as well.
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::createRareDataIfNeeded): Since we always create a finalizer now, we don't have to worry about adding one 
      for the m_rareData field when it's created.
      (JSC::JSGlobalObject::create):
      (JSC):
      * runtime/JSGlobalThis.h: Inherit from JSDestructibleObject.
      (JSGlobalThis):
      (JSC::JSGlobalThis::JSGlobalThis):
      * runtime/JSPropertyNameIterator.h: Has an immortal Structure.
      (JSC):
      * runtime/JSScope.cpp:
      (JSC):
      * runtime/JSString.h: Has an immortal Structure.
      (JSC):
      * runtime/JSWrapperObject.h: Inherit from JSDestructibleObject.
      (JSWrapperObject):
      (JSC::JSWrapperObject::JSWrapperObject):
      * runtime/MathObject.cpp: Cleaning up some of the inheritance stuff.
      (JSC):
      * runtime/NameInstance.h: Inherit from JSDestructibleObject.
      (NameInstance):
      * runtime/RegExp.h: Has immortal Structure.
      (JSC):
      * runtime/RegExpObject.cpp: Inheritance cleanup.
      (JSC):
      * runtime/SparseArrayValueMap.h: Has immortal Structure.
      (JSC):
      * runtime/Structure.h: Has immortal Structure.
      (JSC):
      * runtime/StructureChain.h: Ditto.
      (JSC):
      * runtime/SymbolTable.h: Ditto.
      (SharedSymbolTable):
      (JSC):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/runtime/JSDestructableObject.h: Added.
      * bindings/js/JSDOMWrapper.h: Inherits from JSDestructibleObject.
      (JSDOMWrapper):
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/scripts/CodeGeneratorJS.pm: Add finalizers to anything that inherits from JSGlobalObject,
      e.g. JSDOMWindow and JSWorkerContexts. For those classes we also need to use the NEEDS_DESTRUCTOR macro.
      (GenerateHeader):
      * bridge/objc/objc_runtime.h: Inherit from JSDestructibleObject.
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (Bindings):
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      * bridge/runtime_array.cpp: Use a finalizer so that JSArray isn't forced to inherit from JSDestructibleObject.
      (JSC):
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC):
      * bridge/runtime_object.cpp: Inherit from JSDestructibleObject.
      (Bindings):
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128813 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      013fd88d
  20. 12 Sep, 2012 1 commit
    • ggaren@apple.com's avatar
      JSActivation should inline allocate its registers, and eliminate · 06a8bb6e
      ggaren@apple.com authored
      'arguments' registers in the common case
      https://bugs.webkit.org/show_bug.cgi?id=96427
      
      Reviewed by Filip Pizlo.
      
      This cuts the size class for simple closures down to 64 bytes.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator): Set the usesNonStrictEval
      flag, which is new. Use a more specific test for whether a function
      uses 'arguments', so we can avoid allocating, initializing, and tearing
      off those registers in the common case. Distinguish between capturing
      arguments and not, so we can avoid allocating space for arguments in
      the torn-off object.
      
      We can make this even more general in the future, with some bytecode
      generator refactoring.
      
      (JSC::BytecodeGenerator::resolve): Updated for new interface.
      
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::symbolTable): Updated some types.
      
      * heap/Heap.cpp:
      (JSC::Heap::isValidAllocation): Allow large allocations, now that they
      are both supported and used.
      
      * heap/Heap.h:
      (Heap): Added a new form of allocateCell that specifies the full size
      of the allocation, to allow for extra space on the end.
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::argumentOffset):
      (JSC::ExecState::argumentOffsetIncludingThis):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::unwindCallFrame): Refactored this code to be more
      specific about tearing off 'arguments' vs activations. This is something
      I forgot in my last patch, and it is required now that we can have
      acitvations without 'arguments' registers.
      
      * runtime/Arguments.h:
      (JSC::Arguments::setRegisters): No need for setRegisters anymore because
      the activation object's storage doesn't change.
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation): Initialize our storage manually because
      it's not declared to the C++ compiler.
      
      (JSC::JSActivation::visitChildren): No copyAndAppend because our storage
      is not out-of-line anymore.
      
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::getOwnPropertyNames):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::getOwnPropertyDescriptor):
      (JSC::JSActivation::argumentsGetter): Refactored isTornOff() testing to
      avoid using a data member and to avoid hard-coding any offset assumptions.
      
      * runtime/JSActivation.h:
      (JSC):
      (JSActivation):
      (JSC::JSActivation::create):
      (JSC::JSActivation::isDynamicScope):
      (JSC::JSActivation::captureStart):
      (JSC::JSActivation::storageSize):
      (JSC::JSActivation::storageSizeInBytes):
      (JSC::JSActivation::registerOffset):
      (JSC::JSActivation::tearOff):
      (JSC::JSActivation::isTornOff):
      (JSC::JSActivation::storage):
      (JSC::JSActivation::allocationSize):
      (JSC::JSActivation::isValid): New helper functions for doing the math
      on our inline storage. Note that in the "AllOfTheThings" tear-off case,
      the number of things is not known at compile time, so we store the
      number in the argument count register. We can't just copy the raw contents
      of the register beacuse we need a value that is safe for precise marking,
      and the value in the register file has an invalid tag.
      
      * runtime/JSCell.h:
      (JSC::allocateCell): New function for allocating with extra storage
      on the end.
      
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::JSVariableObject):
      (JSVariableObject): Make it easier for subclasses to use their symbol
      tables during construction, by passing the table as a constructor argument.
      
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::usesNonStrictEval):
      (JSC::SharedSymbolTable::setUsesNonStrictEval):
      (SharedSymbolTable):
      (JSC::SharedSymbolTable::captureMode):
      (JSC::SharedSymbolTable::setCaptureMode):
      (JSC::SharedSymbolTable::captureStart):
      (JSC::SharedSymbolTable::setCaptureStart):
      (JSC::SharedSymbolTable::captureEnd):
      (JSC::SharedSymbolTable::setCaptureEnd):
      (JSC::SharedSymbolTable::parameterCountIncludingThis):
      (JSC::SharedSymbolTable::setParameterCountIncludingThis):
      (JSC::SharedSymbolTable::SharedSymbolTable): Added data members to more
      precisely describe what kind of capture is in play, and to avoid having
      data members in the activation. We expect N activations per symbol table,
      so this can be a big savings in heavy closure usage.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128260 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      06a8bb6e
  21. 26 Aug, 2012 1 commit
    • ggaren@apple.com's avatar
      Don't use malloc / destructors for activation objects · 47e224a6
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=94897
      
      Reviewed by Oliver Hunt.
      
      65% faster on v8-real-earley.
      
      Lots of boilerplate here, but the jist is this:
      
      (1) Use CopiedSpace instead of malloc to allocate the activation's
      backing store.
      
      (2) Use MarkedSpace instead of ref-counting to allocate the symbol table.
      
      (3) ==> No more destructor.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::symbolTable):
      (CodeBlock):
      (JSC::GlobalCodeBlock::GlobalCodeBlock):
      (JSC::FunctionCodeBlock::FunctionCodeBlock):
      (FunctionCodeBlock): SymbolTable is a GC object now, so it gets a write
      barrier and visit calls instead of ref-counting. I changed all CodeBlocks
      to use shared symbol tables because the distinction between shared and
      unshared hurt my head.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile): Sometimes, a period just wants
      to be an arrow. And then C++ is there to accommodate.
      
      * jit/JITDriver.h:
      (JSC::jitCompileFunctionIfAppropriate):
      * runtime/Arguments.h:
      (ArgumentsData):
      (JSC::Arguments::setRegisters):
      (Arguments):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::FunctionExecutable):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::symbolTable):
      (FunctionExecutable):
      * runtime/ExecutionHarness.h:
      (JSC::prepareFunctionForExecution): I changed from WriteBarrier to
      WriteBarrierBase so activations could reuse StorageBarrier and PropertyStorage.
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::finishCreation): Allocate the symbol table here,
      after we're fully constructed, to avoid GC during initialization.
      
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::getOwnPropertyNames):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSActivation):
      (JSC::JSActivation::registerOffset):
      (JSC):
      (JSC::JSActivation::registerArraySize):
      (JSC::JSActivation::registerArraySizeInBytes):
      (JSC::JSActivation::tearOff): Tear-off zero-initializes all uncopied
      registers. This makes it safe to copyAndAppend the full buffer in
      visitChildren, without any extra checks.
      
      * runtime/JSCell.h:
      (JSCell): Moved a shared default set of flags into this base class, so
      I could use it in a few places.
      
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData): New structure for symbol tables.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC::JSGlobalObject::addStaticGlobals):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::symbolTableHasProperty): We don't need an inline
      symbol table -- JSSymbolTableObject will GC allocate one for us.
      
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSegmentedVariableObject.h:
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      * runtime/JSStaticScopeObject.cpp:
      (JSC):
      (JSC::JSStaticScopeObject::visitChildren): NULL check our register store
      because finishCreation allocates an object now, so we may get marked
      before we've assigned to our register store.
      
      * runtime/JSStaticScopeObject.h:
      (JSC::JSStaticScopeObject::finishCreation):
      (JSC::JSStaticScopeObject::JSStaticScopeObject):
      (JSStaticScopeObject): No more destructor for this object, either, since
      it no longer embeds a hash table.
      
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::visitChildren):
      (JSC::JSSymbolTableObject::deleteProperty):
      (JSC::JSSymbolTableObject::getOwnPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSC::JSSymbolTableObject::symbolTable):
      (JSSymbolTableObject):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes): SymbolTableObject allocates a symbol
      table automatically if one isn't provided. (Activations provide their
      own, which they get from compiled code.)
      
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSC::JSVariableObject::registerAt):
      (JSC::JSVariableObject::addressOfRegisters):
      (JSVariableObject):
      (JSC::JSVariableObject::JSVariableObject):
      (JSC::JSVariableObject::finishCreation): Removed a bunch of obsolete code.
      Activations manage their registers directly now.
      
      * runtime/StorageBarrier.h:
      (StorageBarrier):
      (JSC::StorageBarrier::operator!):
      
      * runtime/SymbolTable.cpp:
      (JSC):
      (JSC::SharedSymbolTable::destroy):
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::create):
      (SharedSymbolTable):
      (JSC::SharedSymbolTable::createStructure):
      (JSC::SharedSymbolTable::SharedSymbolTable): Boilerplat code to
      make shared symbol table GC-allocated.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126695 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      47e224a6
  22. 23 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should be able to inline functions that use arguments reflectively · c6446114
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86132
      
      Reviewed by Oliver Hunt.
              
      Merged r116838 from dfgopt.
              
      This turns on inlining of functions that use arguments reflectively, but it
      does not do any of the obvious optimizations that this exposes. I'll save that
      for another patch - the important thing for now is that this contains all of
      the plumbing necessary to make this kind of inlining sound even in bizarro
      cases like an inline callee escaping the arguments object to parts of the
      inline caller where the arguments are otherwise dead. Or even more fun cases
      like where you've inlined to an inline stack that is three-deep, and the
      function on top of the inline stack reflectively accesses the arguments of a
      function that is in the middle of the inline stack. Any subsequent
      optimizations that we do for the obvious cases of arguments usage in inline
      functions will have to take care not to break the baseline functionality that
      this patch plumbs together.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canInlineOpcode):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::someCodeBlockForPossiblyInlinedCode):
      * interpreter/CallFrame.h:
      (ExecState):
      (JSC::ExecState::someCodeBlockForPossiblyInlinedCode):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::retrieveArgumentsFromVMCode):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      (JSC):
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::create):
      (JSC::Arguments::finishCreation):
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118240 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6446114
  23. 22 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should support reflective arguments access · f860f9bb
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85721
      
      Reviewed by Oliver Hunt.
              
      Merged r116345 from dfgopt.
              
      This adds support for op_create_arguments to the DFG. No other arguments-related
      opcodes are added by this change, though it does add a lot of the scaffolding
      necessary for the other ops.
              
      This also adds GetByVal/PutByVal optimizations for Arguments.
              
      Finally, this rationalizes slowPathCall with no return. Previously, that would
      work via callOperation() overloads that took InvalidGPRReg as the return GPR.
      But that creates awful ambiguity, since we had template functions that were
      polymorphic over all parameters except the second, which was a GPRReg, and a
      bunch of non-template overloads that also potentially had GPRReg as the second
      argument. I finally started to hit this ambiguity and was getting absolutely
      bizarre compiler errors, that made me feel like I was programming in SML. So,
      I changed the no-argument overloads to take NoResultTag instead, which made
      everything sensible again by eliminating the overload ambiguity.
              
      This is a ~7% speed-up on V8/earley and neutral elsewhere.
      
      * bytecode/PredictedType.h:
      (JSC::isArgumentsPrediction):
      (JSC):
      (JSC::isActionableMutableArrayPrediction):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      (JSC::DFG::canInlineOpcode):
      * dfg/DFGCommon.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::unmodifiedArgumentsRegister):
      (Node):
      (JSC::DFG::Node::shouldSpeculateArguments):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::pickCanTrample):
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/Arguments.h:
      (ArgumentsData):
      (Arguments):
      (JSC::Arguments::offsetOfData):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118030 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f860f9bb
  24. 12 May, 2012 1 commit
    • barraclough@apple.com's avatar
      Introduce PropertyName class · 38d3c75b
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86241
      
      Reviewed by Geoff Garen.
      
      Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
      This change paves the way to allow for properties keyed by values that are not Identifiers.
      
      This change is largely a mechanical find & replace.
      It also changes JSFunction's constructor to take a UString& instead of an Identifier&
      (since in some cases we can no longer guarantee that we'lll have an Identifier), and
      unifies Identifier's methods to obtain array indices onto PropertyName.
      
      The new PropertyName class retains the ability to support .impl() and .ustring(), but
      in a future patch we may need to rework this, since not all PropertyNames should be
      equal based on their string representation.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      * API/JSCallbackFunction.h:
      (JSCallbackFunction):
      (JSC::JSCallbackFunction::create):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlot):
      (JSC::::getOwnPropertyDescriptor):
      (JSC::::put):
      (JSC::::deleteProperty):
      (JSC::::getStaticValue):
      (JSC::::staticFunctionGetter):
      (JSC::::callbackGetter):
      * API/JSObjectRef.cpp:
      (JSObjectMakeFunctionWithCallback):
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertySlot):
      (JSC::DebuggerActivation::put):
      (JSC::DebuggerActivation::putDirectVirtual):
      (JSC::DebuggerActivation::deleteProperty):
      (JSC::DebuggerActivation::getOwnPropertyDescriptor):
      (JSC::DebuggerActivation::defineOwnProperty):
      * debugger/DebuggerActivation.h:
      (DebuggerActivation):
      * jsc.cpp:
      (GlobalObject::addFunction):
      (GlobalObject::addConstructableFunction):
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::put):
      (JSC::Arguments::deleteProperty):
      (JSC::Arguments::defineOwnProperty):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::finishCreation):
      (JSC::ArrayConstructor::getOwnPropertySlot):
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      (ArrayConstructor):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertySlot):
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      (JSC::putProperty):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      * runtime/BooleanConstructor.cpp:
      (JSC::BooleanConstructor::finishCreation):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::getOwnPropertySlot):
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      (BooleanPrototype):
      * runtime/ClassInfo.h:
      (MethodTable):
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::finishCreation):
      (JSC::DateConstructor::getOwnPropertySlot):
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      (DateConstructor):
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::getOwnPropertySlot):
      (JSC::DatePrototype::getOwnPropertyDescriptor):
      * runtime/DatePrototype.h:
      (DatePrototype):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorConstructor.cpp:
      (JSC::ErrorConstructor::finishCreation):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::getOwnPropertySlot):
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      (ErrorPrototype):
      * runtime/FunctionConstructor.cpp:
      (JSC::FunctionConstructor::finishCreation):
      * runtime/FunctionPrototype.cpp:
      (JSC::FunctionPrototype::finishCreation):
      (JSC::FunctionPrototype::addFunctionProperties):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      (FunctionPrototype):
      * runtime/Identifier.cpp:
      (JSC):
      * runtime/Identifier.h:
      (Identifier):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::symbolTableGet):
      (JSC::JSActivation::symbolTablePut):
      (JSC::JSActivation::symbolTablePutWithAttributes):
      (JSC::JSActivation::getOwnPropertySlot):
      (JSC::JSActivation::put):
      (JSC::JSActivation::putDirectVirtual):
      (JSC::JSActivation::deleteProperty):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSActivation):
      * runtime/JSArray.cpp:
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      * runtime/JSArray.h:
      (JSArray):
      (JSC):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSBoundFunction.h:
      (JSBoundFunction):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnPropertySlot):
      (JSC::JSCell::put):
      (JSC::JSCell::deleteProperty):
      (JSC::JSCell::putDirectVirtual):
      (JSC::JSCell::defineOwnProperty):
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::argumentsGetter):
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::lengthGetter):
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::put):
      (JSC::JSFunction::deleteProperty):
      (JSC::JSFunction::defineOwnProperty):
      (JSC::getCalculatedDisplayName):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::createThrowTypeError):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      (JSC::JSGlobalObject::symbolTableHasProperty):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::getOwnPropertySlot):
      (JSC::JSNotAnObject::getOwnPropertyDescriptor):
      (JSC::JSNotAnObject::put):
      (JSC::JSNotAnObject::deleteProperty):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::getOwnPropertySlot):
      (JSC::JSONObject::getOwnPropertyDescriptor):
      * runtime/JSONObject.h:
      (JSONObject):
      * runtime/JSObject.cpp:
      (JSC::JSObject::put):
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::hasProperty):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::hasOwnProperty):
      (JSC::callDefaultValueFunction):
      (JSC::JSObject::findPropertyHashEntry):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::JSObject::getPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectLocation):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::getOwnPropertySlot):
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSObject::getPropertySlot):
      (JSC::JSObject::get):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::putOwnDataProperty):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::JSValue::get):
      (JSC::JSValue::put):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSStaticScopeObject.h:
      (JSStaticScopeObject):
      * runtime/JSString.cpp:
      (JSC::JSString::getOwnPropertySlot):
      (JSC::JSString::getStringPropertyDescriptor):
      * runtime/JSString.h:
      (JSString):
      (JSC::JSString::getStringPropertySlot):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/JSValue.h:
      (JSC):
      (JSValue):
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::deleteProperty):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::putDirectVirtual):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::symbolTableGet):
      (JSC::JSVariableObject::symbolTablePut):
      (JSC::JSVariableObject::symbolTablePutWithAttributes):
      * runtime/Lookup.cpp:
      (JSC::setUpStaticFunctionSlot):
      * runtime/Lookup.h:
      (JSC::HashTable::entry):
      (JSC):
      (JSC::getStaticPropertySlot):
      (JSC::getStaticPropertyDescriptor):
      (JSC::getStaticFunctionSlot):
      (JSC::getStaticFunctionDescriptor):
      (JSC::getStaticValueSlot):
      (JSC::getStaticValueDescriptor):
      (JSC::lookupPut):
      * runtime/MathObject.cpp:
      (JSC::MathObject::getOwnPropertySlot):
      (JSC::MathObject::getOwnPropertyDescriptor):
      * runtime/MathObject.h:
      (MathObject):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC):
      (JSC::NumberConstructor::finishCreation):
      (JSC::NumberConstructor::getOwnPropertySlot):
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      (JSC::NumberConstructor::put):
      (JSC::numberConstructorNaNValue):
      (JSC::numberConstructorNegInfinity):
      (JSC::numberConstructorPosInfinity):
      (JSC::numberConstructorMaxValue):
      (JSC::numberConstructorMinValue):
      * runtime/NumberConstructor.h:
      (NumberConstructor):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::getOwnPropertySlot):
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      (NumberPrototype):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::finishCreation):
      (JSC::ObjectConstructor::getOwnPropertySlot):
      (JSC::ObjectConstructor::getOwnPropertyDescriptor):
      * runtime/ObjectConstructor.h:
      (ObjectConstructor):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::put):
      (JSC::ObjectPrototype::defineOwnProperty):
      (JSC::ObjectPrototype::getOwnPropertySlot):
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertySlot.h:
      (PropertySlot):
      (JSC::PropertySlot::getValue):
      * runtime/RegExpConstructor.cpp:
      (JSC):
      (JSC::RegExpConstructor::finishCreation):
      (JSC::RegExpConstructor::getOwnPropertySlot):
      (JSC::RegExpConstructor::getOwnPropertyDescriptor):
      (JSC::regExpConstructorDollar1):
      (JSC::regExpConstructorDollar2):
      (JSC::regExpConstructorDollar3):
      (JSC::regExpConstructorDollar4):
      (JSC::regExpConstructorDollar5):
      (JSC::regExpConstructorDollar6):
      (JSC::regExpConstructorDollar7):
      (JSC::regExpConstructorDollar8):
      (JSC::regExpConstructorDollar9):
      (JSC::regExpConstructorInput):
      (JSC::regExpConstructorMultiline):
      (JSC::regExpConstructorLastMatch):
      (JSC::regExpConstructorLastParen):
      (JSC::regExpConstructorLeftContext):
      (JSC::regExpConstructorRightContext):
      (JSC::RegExpConstructor::put):
      * runtime/RegExpConstructor.h:
      (RegExpConstructor):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertySlot):
      (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
      (JSC::RegExpMatchesArray::put):
      (JSC::RegExpMatchesArray::deleteProperty):
      (JSC::RegExpMatchesArray::defineOwnProperty):
      * runtime/RegExpObject.cpp:
      (JSC):
      (JSC::RegExpObject::getOwnPropertySlot):
      (JSC::RegExpObject::getOwnPropertyDescriptor):
      (JSC::RegExpObject::deleteProperty):
      (JSC::RegExpObject::defineOwnProperty):
      (JSC::regExpObjectGlobal):
      (JSC::regExpObjectIgnoreCase):
      (JSC::regExpObjectMultiline):
      (JSC::regExpObjectSource):
      (JSC::RegExpObject::put):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::getOwnPropertySlot):
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      (RegExpPrototype):
      * runtime/StrictEvalActivation.cpp:
      (JSC::StrictEvalActivation::deleteProperty):
      * runtime/StrictEvalActivation.h:
      (StrictEvalActivation):
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::finishCreation):
      (JSC::StringConstructor::getOwnPropertySlot):
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      (StringConstructor):
      * runtime/StringObject.cpp:
      (JSC::StringObject::getOwnPropertySlot):
      (JSC::StringObject::getOwnPropertyDescriptor):
      (JSC::StringObject::put):
      (JSC::StringObject::defineOwnProperty):
      (JSC::StringObject::deleteProperty):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::getOwnPropertySlot):
      (JSC::StringPrototype::getOwnPropertyDescriptor):
      * runtime/StringPrototype.h:
      (StringPrototype):
      * runtime/Structure.cpp:
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::get):
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::cssPropertyIDForJSCSSPropertyName):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertyDescriptorDelegate):
      (WebCore::JSCSSStyleDeclaration::putDelegate):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::findAtomicString):
      (WebCore::objectToStringFunctionGetter):
      * bindings/js/JSDOMBinding.h:
      (WebCore):
      (WebCore::propertyNameToString):
      (WebCore::propertyNameToAtomicString):
      * bindings/js/JSDOMMimeTypeArrayCustom.cpp:
      (WebCore::JSDOMMimeTypeArray::canGetItemsForName):
      (WebCore::JSDOMMimeTypeArray::nameGetter):
      * bindings/js/JSDOMPluginArrayCustom.cpp:
      (WebCore::JSDOMPluginArray::canGetItemsForName):
      (WebCore::JSDOMPluginArray::nameGetter):
      * bindings/js/JSDOMPluginCustom.cpp:
      (WebCore::JSDOMPlugin::canGetItemsForName):
      (WebCore::JSDOMPlugin::nameGetter):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::canGetItemsForName):
      (WebCore::JSDOMStringMap::nameGetter):
      (WebCore::JSDOMStringMap::deleteProperty):
      (WebCore::JSDOMStringMap::putDelegate):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::nonCachingStaticFunctionGetter):
      (WebCore::childFrameGetter):
      (WebCore::namedItemGetter):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindow::put):
      (WebCore::JSDOMWindow::deleteProperty):
      (WebCore::JSDOMWindow::defineOwnProperty):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlot):
      (WebCore::JSDOMWindowShell::getOwnPropertyDescriptor):
      (WebCore::JSDOMWindowShell::put):
      (WebCore::JSDOMWindowShell::putDirectVirtual):
      (WebCore::JSDOMWindowShell::defineOwnProperty):
      (WebCore::JSDOMWindowShell::deleteProperty):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHTMLAllCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::callHTMLAllCollection):
      (WebCore::JSHTMLAllCollection::canGetItemsForName):
      (WebCore::JSHTMLAllCollection::nameGetter):
      (WebCore::JSHTMLAllCollection::item):
      * bindings/js/JSHTMLAppletElementCustom.cpp:
      (WebCore::JSHTMLAppletElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLAppletElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLAppletElement::putDelegate):
      * bindings/js/JSHTMLCollectionCustom.cpp:
      (WebCore::getNamedItems):
      (WebCore::JSHTMLCollection::canGetItemsForName):
      (WebCore::JSHTMLCollection::nameGetter):
      * bindings/js/JSHTMLDocumentCustom.cpp:
      (WebCore::JSHTMLDocument::canGetItemsForName):
      (WebCore::JSHTMLDocument::nameGetter):
      * bindings/js/JSHTMLEmbedElementCustom.cpp:
      (WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLEmbedElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLEmbedElement::putDelegate):
      * bindings/js/JSHTMLFormElementCustom.cpp:
      (WebCore::JSHTMLFormElement::canGetItemsForName):
      (WebCore::JSHTMLFormElement::nameGetter):
      * bindings/js/JSHTMLFrameSetElementCustom.cpp:
      (WebCore::JSHTMLFrameSetElement::canGetItemsForName):
      (WebCore::JSHTMLFrameSetElement::nameGetter):
      * bindings/js/JSHTMLObjectElementCustom.cpp:
      (WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate):
      (WebCore::JSHTMLObjectElement::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHTMLObjectElement::putDelegate):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::nonCachingStaticBackFunctionGetter):
      (WebCore::nonCachingStaticForwardFunctionGetter):
      (WebCore::nonCachingStaticGoFunctionGetter):
      (WebCore::JSHistory::getOwnPropertySlotDelegate):
      (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
      (WebCore::JSHistory::putDelegate):
      (WebCore::JSHistory::deleteProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::nonCachingStaticReplaceFunctionGetter):
      (WebCore::nonCachingStaticReloadFunctionGetter):
      (WebCore::nonCachingStaticAssignFunctionGetter):
      (WebCore::JSLocation::getOwnPropertySlotDelegate):
      (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
      (WebCore::JSLocation::putDelegate):
      (WebCore::JSLocation::deleteProperty):
      (WebCore::JSLocation::defineOwnProperty):
      (WebCore::JSLocationPrototype::putDelegate):
      (WebCore::JSLocationPrototype::defineOwnProperty):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::canGetItemsForName):
      (WebCore::JSNamedNodeMap::nameGetter):
      * bindings/js/JSNodeListCustom.cpp:
      (WebCore::JSNodeList::canGetItemsForName):
      (WebCore::JSNodeList::nameGetter):
      * bindings/js/JSPluginElementFunctions.cpp:
      (WebCore::runtimeObjectPropertyGetter):
      (WebCore::runtimeObjectCustomGetOwnPropertySlot):
      (WebCore::runtimeObjectCustomGetOwnPropertyDescriptor):
      (WebCore::runtimeObjectCustomPut):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::canGetItemsForName):
      (WebCore::JSStorage::nameGetter):
      (WebCore::JSStorage::deleteProperty):
      (WebCore::JSStorage::putDelegate):
      * bindings/js/JSStyleSheetListCustom.cpp:
      (WebCore::JSStyleSheetList::canGetItemsForName):
      (WebCore::JSStyleSheetList::nameGetter):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::getOwnPropertySlotDelegate):
      (WebCore::JSWorkerContext::getOwnPropertyDescriptorDelegate):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertySlotBody):
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bridge/c/c_class.cpp:
      (JSC::Bindings::CClass::methodsNamed):
      (JSC::Bindings::CClass::fieldNamed):
      * bridge/c/c_class.h:
      (CClass):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      (JSC::Bindings::CInstance::getMethod):
      * bridge/c/c_instance.h:
      (CInstance):
      * bridge/jni/jsc/JavaClassJSC.cpp:
      (JavaClass::methodsNamed):
      (JavaClass::fieldNamed):
      * bridge/jni/jsc/JavaClassJSC.h:
      (JavaClass):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaRuntimeMethod::create):
      (JavaRuntimeMethod::finishCreation):
      * bridge/jni/jsc/JavaInstanceJSC.h:
      (JavaInstance):
      * bridge/jsc/BridgeJSC.h:
      (Class):
      (JSC::Bindings::Class::fallbackObject):
      (JSC::Bindings::Instance::setValueOfUndefinedField):
      (Instance):
      (JSC::Bindings::Instance::getOwnPropertySlot):
      (JSC::Bindings::Instance::getOwnPropertyDescriptor):
      (JSC::Bindings::Instance::put):
      * bridge/objc/objc_class.h:
      (ObjcClass):
      * bridge/objc/objc_class.mm:
      (JSC::Bindings::ObjcClass::methodsNamed):
      (JSC::Bindings::ObjcClass::fieldNamed):
      (JSC::Bindings::ObjcClass::fallbackObject):
      * bridge/objc/objc_instance.h:
      (ObjcInstance):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      (ObjCRuntimeMethod::finishCreation):
      (ObjcInstance::setValueOfUndefinedField):
      (ObjcInstance::getValueOfUndefinedField):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::create):
      (JSC::Bindings::ObjcFallbackObjectImp::propertyName):
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertyDescriptor):
      (JSC::Bindings::ObjcFallbackObjectImp::put):
      (JSC::Bindings::callObjCFallbackObject):
      (JSC::Bindings::ObjcFallbackObjectImp::deleteProperty):
      (JSC::Bindings::ObjcFallbackObjectImp::defaultValue):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::lengthGetter):
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertyDescriptor):
      (JSC::RuntimeArray::put):
      (JSC::RuntimeArray::deleteProperty):
      * bridge/runtime_array.h:
      (RuntimeArray):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      (JSC::RuntimeMethod::lengthGetter):
      (JSC::RuntimeMethod::getOwnPropertySlot):
      (JSC::RuntimeMethod::getOwnPropertyDescriptor):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      (RuntimeMethod):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
      (JSC::Bindings::RuntimeObject::fieldGetter):
      (JSC::Bindings::RuntimeObject::methodGetter):
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      (JSC::Bindings::RuntimeObject::getOwnPropertyDescriptor):
      (JSC::Bindings::RuntimeObject::put):
      (JSC::Bindings::RuntimeObject::deleteProperty):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/ProxyInstance.h:
      (ProxyInstance):
      * Plugins/Hosted/ProxyInstance.mm:
      (ProxyClass):
      (WebKit::ProxyClass::methodsNamed):
      (WebKit::ProxyClass::fieldNamed):
      (WebKit::ProxyRuntimeMethod::create):
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::getMethod):
      (WebKit::ProxyInstance::methodsNamed):
      (WebKit::ProxyInstance::fieldNamed):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
      (WebKit::JSNPMethod::finishCreation):
      * WebProcess/Plugins/Netscape/JSNPMethod.h:
      (WebKit::JSNPMethod::create):
      (JSNPMethod):
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::npIdentifierFromIdentifier):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::deleteProperty):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      (JSNPObject):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116828 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      38d3c75b
  25. 22 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      Add JSValue::isFunction · 484a9d31
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=81935
      
      Reviewed by Geoff Garen.
      
      This would be useful in the WebCore bindings code.
      Also, remove asFunction, replace with jsCast<JSFunction*>.
      
      Source/JavaScriptCore: 
      
      * API/JSContextRef.cpp:
      * debugger/Debugger.cpp:
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::functionName):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueOfFunctionConstant):
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::isInlineCallFrameSlow):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::jitCompileFor):
      (JSC::lazyLinkFor):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::setUpCall):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreation):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/Executable.h:
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncToString):
      * runtime/JSArray.cpp:
      (JSC::JSArray::sort):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::argumentsGetter):
      (JSC::JSFunction::callerGetter):
      (JSC::JSFunction::lengthGetter):
      * runtime/JSFunction.h:
      (JSC):
      (JSC::asJSFunction):
      (JSC::JSValue::isFunction):
      * runtime/JSGlobalData.cpp:
      (WTF::Recompiler::operator()):
      (JSC::JSGlobalData::releaseExecutableMemory):
      * runtime/JSValue.h:
      * runtime/StringPrototype.cpp:
      (JSC::replaceUsingRegExpSearch):
      
      Source/WebCore: 
      
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::JSInjectedScriptHost::functionDetails):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::createScriptCallStack):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@111739 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      484a9d31
  26. 06 Mar, 2012 1 commit
    • barraclough@apple.com's avatar
      putByIndex should throw in strict mode · b1db28d8
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80335
      
      Reviewed by Filip Pizlo.
      
      Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
      
      Source/JavaScriptCore: 
      
      This is a largely mechanical change, simply adding an extra parameter to a number
      of functions. Some call sites need perform additional exception checks, and
      operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
      
      This patch doesn't fix a missing throw from some cases of shift/unshift (this is
      an existing bug), I'll follow up with a third patch to handle that.
      
      * API/JSObjectRef.cpp:
      (JSObjectSetPropertyAtIndex):
      * JSCTypedArrayStubs.h:
      (JSC):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/Arguments.cpp:
      (JSC::Arguments::putByIndex):
      * runtime/Arguments.h:
      (Arguments):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      * runtime/ClassInfo.h:
      (MethodTable):
      * runtime/JSArray.cpp:
      (JSC::SparseArrayValueMap::put):
      (JSC::JSArray::put):
      (JSC::JSArray::putByIndex):
      (JSC::JSArray::putByIndexBeyondVectorLength):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      * runtime/JSArray.h:
      (SparseArrayValueMap):
      (JSArray):
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::putByIndex):
      * runtime/JSByteArray.h:
      (JSByteArray):
      * runtime/JSCell.cpp:
      (JSC::JSCell::putByIndex):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::putByIndex):
      * runtime/JSNotAnObject.h:
      (JSNotAnObject):
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putByIndex):
      * runtime/JSObject.h:
      (JSC::JSValue::putByIndex):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpMatchesArray::fillArrayInstance):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::putByIndex):
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncSplit):
      
      Source/WebCore: 
      
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::putProperty):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/NP_jsobject.cpp:
      (_NPN_SetProperty):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::setSlot):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::putByIndex):
      * bridge/runtime_array.h:
      (RuntimeArray):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::setProperty):
      
      LayoutTests: 
      
      * fast/js/Object-defineProperty-expected.txt:
      * fast/js/mozilla/strict/15.4.4.12-expected.txt:
      * fast/js/mozilla/strict/15.4.4.13-expected.txt:
      * fast/js/mozilla/strict/15.4.4.8-expected.txt:
      * fast/js/mozilla/strict/15.4.4.9-expected.txt:
      * fast/js/mozilla/strict/15.5.5.2-expected.txt:
      * fast/js/mozilla/strict/8.12.5-expected.txt:
      * fast/js/preventExtensions-expected.txt:
      * fast/js/primitive-property-access-edge-cases-expected.txt:
          - Checking in passing test results.
      * fast/js/script-tests/Object-defineProperty.js:
          - Added test cases for putting to numeric properties where property is read-only,
            length is read-only, or property is accessor with missing set function.
      * fast/js/script-tests/preventExtensions.js:
          - Added test case, putting numeric property to non-extensible array.
      * fast/js/script-tests/primitive-property-access-edge-cases.js:
          - Enabled test cases for putting numeric properties to primitive strings.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109866 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b1db28d8
  27. 23 Feb, 2012 1 commit
  28. 05 Jan, 2012 1 commit
  29. 19 Dec, 2011 1 commit
    • ggaren@apple.com's avatar
      Placement new does an unnecessary NULL check · 215589e0
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74676
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      We can define our own version, which skips the NULL check.
              
      Not a measurable speedup, but code inspection shows better code generated,
      and I believe this is a step toward turning off -fomit-frame-pointer.
      
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::create):
      * API/JSCallbackFunction.h:
      (JSC::JSCallbackFunction::create): Use the NotNull version of placement
      new to skip the NULL check.
      
      * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
      
      (JSC::JSCallbackObject::create):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::create):
      * heap/HandleHeap.cpp:
      (JSC::HandleHeap::grow):
      * heap/HandleHeap.h:
      (JSC::HandleHeap::allocate):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::recycle):
      * jit/JITCode.h:
      (JSC::JITCode::clear):
      * jsc.cpp:
      (GlobalObject::create):
      * profiler/CallIdentifier.h:
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::create):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::create):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::create):
      * runtime/BooleanObject.h:
      (JSC::BooleanObject::create):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::create):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::create):
      * runtime/DateInstance.h:
      (JSC::DateInstance::create):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::create):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::create):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::create):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::create):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::create):
      * runtime/ExceptionHelpers.h:
      (JSC::InterruptedExecutionError::create):
      (JSC::TerminatedExecutionError::create):
      * runtime/Executable.h:
      (JSC::NativeExecutable::create):
      (JSC::EvalExecutable::create):
      (JSC::ProgramExecutable::create):
      (JSC::FunctionExecutable::create):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::create):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::create):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::create):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::create):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      * runtime/JSArray.h:
      (JSC::JSArray::create):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::create):
      * runtime/JSByteArray.h:
      (JSC::JSByteArray::create): Use the NotNull version of placement
      new to skip the NULL check.
      
      * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
      
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::create):
      * runtime/JSFunction.h:
      (JSC::JSFunction::create):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::create):
      * runtime/JSGlobalThis.h:
      (JSC::JSGlobalThis::create):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::create):
      * runtime/JSONObject.h:
      (JSC::JSONObject::create):
      * runtime/JSObject.h:
      (JSC::JSFinalObject::create):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSStaticScopeObject.h:
      (JSC::JSStaticScopeObject::create):
      * runtime/JSString.cpp:
      (JSC::StringObject::create):
      * runtime/JSString.h:
      (JSC::RopeBuilder::createNull):
      (JSC::RopeBuilder::create):
      (JSC::RopeBuilder::createHasOtherOwner):
      * runtime/MathObject.h:
      (JSC::MathObject::create):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::create):
      * runtime/NativeErrorPrototype.h:
      (JSC::NativeErrorPrototype::create):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::create):
      * runtime/NumberObject.h:
      (JSC::NumberObject::create):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::create):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::create):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::create):
      * runtime/RegExp.cpp:
      (JSC::RegExp::createWithoutCaching):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::create):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::create):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::create):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::create):
      * runtime/ScopeChain.h:
      (JSC::ScopeChainNode::create):
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::create):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::create):
      * runtime/StringObject.h:
      (JSC::StringObject::create):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::create):
      * runtime/Structure.h:
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      * runtime/StructureChain.h:
      (JSC::StructureChain::create):
      * testRegExp.cpp:
      (GlobalObject::create):
      * wtf/BitVector.cpp:
      (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
      new to skip the NULL check.
      
      * wtf/BumpPointerAllocator.h:
      (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
      
      * wtf/ByteArray.cpp:
      (WTF::ByteArray::create):
      * wtf/Deque.h:
      (WTF::::append):
      (WTF::::prepend): Use NotNull, as above.
      
      * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
      hide the name of the global placement new.
      
      (WTF::fastNew): Standardized spacing. Most of these functions don't need
      NotNull, since they check for NULL, and the optimizer can see that.
      
      * wtf/HashTable.h:
      * wtf/HashTraits.h:
      (WTF::SimpleClassHashTraits::constructDeletedValue):
      * wtf/MetaAllocator.cpp:
      (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
      
      * wtf/StdLibExtras.h:
      (throw): This is our NotNull placement new. Declaring that we throw is
      the C++ way to say that operator new will not return NULL.
      
      * wtf/ThreadSpecific.h:
      (WTF::T):
      * wtf/Vector.h:
      (WTF::::append):
      (WTF::::tryAppend):
      (WTF::::uncheckedAppend):
      (WTF::::insert):
      * wtf/text/AtomicStringHash.h:
      * wtf/text/StringImpl.cpp:
      (WTF::StringImpl::createUninitialized):
      (WTF::StringImpl::reallocate):
      * wtf/text/StringImpl.h:
      (WTF::StringImpl::tryCreateUninitialized):
      * wtf/text/StringStatics.cpp:
      (WTF::AtomicString::init): Use NotNull, as above.
      
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::Interpreter::allocDisjunctionContext):
      (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
      (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
      spacing for easy grep.
      
      Source/WebCore: 
      
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::create):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateConstructorDeclaration):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::create):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::create):
      * bridge/jni/jsc/JavaInstanceJSC.cpp:
      (JavaRuntimeMethod::create):
      * bridge/jni/jsc/JavaRuntimeObject.h:
      (JSC::Bindings::JavaRuntimeObject::create):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::create):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::create):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::create):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::create):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::create):
      * dom/Document.h:
      (WebCore::FormElementKeyHashTraits::constructDeletedValue): Use NotNull
      placement new, as in JavaScriptCore.
      
      * platform/PODArena.h:
      (WebCore::PODArena::allocateObject): No need to check for NULL explicitly,
      since that's the built-in behavior of placement new.
      
      * platform/graphics/FontCache.cpp:
      (WebCore::FontDataCacheKeyTraits::constructDeletedValue):
      * platform/graphics/IntRectHash.h:
      * platform/graphics/IntSizeHash.h: More NotNull.
      
      * rendering/RenderObject.h: Declaring that we throw is the C++ way to say
      that operator new will not return NULL.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      215589e0
  30. 12 Dec, 2011 1 commit
    • ggaren@apple.com's avatar
      v8 benchmark takes 12-13 million function call slow paths due to extra arguments · 0af1468f
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74244
      
      Reviewed by Filip Pizlo.
              
      .arguments function of order the Reversed
              
      10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
      and SunSpider.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
      to this function is an argument number.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
      helper functions for computing offsets for arguments, rather than doing
      the math by hand.
              
      Switched to iterating argument offsets backwards (--) instead of forwards (++).
      
      * bytecompiler/BytecodeGenerator.h:
      (JSC::CallArguments::thisRegister):
      (JSC::CallArguments::argumentRegister):
      (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
      
      * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
      that just-in-time convert to bytecode operands (i.e., indexes in the register
      file) through helper functions. This means only one piece of code needs
      to know how arguments are laid out in the register file.
      
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump): Ditto.
      
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueProfileFor): Ditto.
      
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
      Treat too many arguments as an arity match.
      
      * dfg/DFGOSRExit.h:
      (JSC::DFG::OSRExit::variableForIndex):
      (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
      
      * dfg/DFGOperands.h:
      (JSC::DFG::operandToArgument):
      (JSC::DFG::argumentToOperand): These are now the only two lines of code in
      the DFG compiler that know how arguments are laid out in memory.
      
      (JSC::DFG::Operands::operand):
      (JSC::DFG::Operands::setOperand): Use helper functions, as above.
      
      * dfg/DFGOperations.cpp: The whole point of this patch:
      Treat too many arguments as an arity match.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
              
      Also, don't tag the caller frame slot as a cell, because it's not a cell.
      
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
      
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
      
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
      argument virtual register instead of recomputing by hand.
      
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callFrameSlot):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
      (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
      functions for dealing with callee arguments specifically. These still
      build on top of our other helper functions, and have no direct knowledge
      of how arguments are laid out in the register file.
      
      (JSC::DFG::SpeculativeJIT::resetCallArguments):
      (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
      argumentOffset to match CallFrame naming.
      
      (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
      functions, as above.
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::argumentOffset):
      (JSC::ExecState::argumentOffsetIncludingThis):
      (JSC::ExecState::argument):
      (JSC::ExecState::setArgument):
      (JSC::ExecState::thisArgumentOffset):
      (JSC::ExecState::thisValue):
      (JSC::ExecState::setThisValue):
      (JSC::ExecState::offsetFor):
      (JSC::ExecState::hostThisRegister):
      (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
      computing where an argument is in the register file. Anything in the
      runtime that needs to access arguments should use these helpers.
      
      * interpreter/CallFrameClosure.h:
      (JSC::CallFrameClosure::setThis):
      (JSC::CallFrameClosure::setArgument):
      (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
      that too many arguments counts as an arity match and doesn't require
      preserving two copies of our arguments.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
      special if the caller provided too few arguments.
              
      Key simplification: We never need to maintain two copies of our arguments
      anymore.
      
      (JSC::eval):
      (JSC::loadVarargs): Use helper functions.
      
      (JSC::Interpreter::unwindCallFrame): Updated for new interface.
      
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
      functions.
      
      (JSC::Interpreter::privateExecute): No need to check for stack overflow
      when calling host functions because they have zero callee registers.
      
      (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
      object, since there's no special constructor for this anymore.
      
      * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
      workers tests were hitting stack overflow in some of my testing. We should
      make this test more exact in future.
      
      * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
      location that does not belong to the CallFrame class!
      
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
              
      Also, the whole point of this patch: Treat too many arguments as an arity match.
      
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
      helper functions, for backwards-correctness. Removed the condition
      pertaining to declared argument count because, now that arguments are
      always in just one place, this optimization is valid for all functions.
      Standardized the if predicate for each line of the optimization. This might
      fix a bug, but I couldn't get the bug to crash in practice.
      
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emit_op_get_argument_by_val):
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emit_op_get_argument_by_val):
      (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
      optimization because it's no longer an optimization, now that arguments
      are always contiguous in a known location.
              
      Updated argument access opcode math for backwards-correctness.
      
      * jit/JITStubs.cpp:
      (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
      function is slightly different because it copies the call frame in
      addition to the arguments. (In the Interpreter, the call frame is not
      set up by this point.)
      
      (JSC::lazyLinkFor): The whole point of this patch: Treat too many
      arguments as an arity match.
      
      (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
      
      * jit/JITStubs.h:
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadDoubleArgument):
      (JSC::SpecializedThunkJIT::loadCellArgument):
      (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
      build strong bones and teeth!
      
      * runtime/ArgList.cpp:
      (JSC::ArgList::getSlice):
      (JSC::MarkedArgumentBuffer::slowAppend):
      * runtime/ArgList.h:
      (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
      (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
      (JSC::MarkedArgumentBuffer::at):
      (JSC::MarkedArgumentBuffer::clear):
      (JSC::MarkedArgumentBuffer::append):
      (JSC::MarkedArgumentBuffer::removeLast):
      (JSC::MarkedArgumentBuffer::last):
      (JSC::ArgList::ArgList):
      (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
      play nice with backwards-ness, so I changed to using manual allocation.
              
      Fixed a FIXME about not all values being marked in the case of out-of-line
      arguments. I had to rewrite the loop anyway, and I didn't feel like
      maintaining fidelity to its old bugs.
      
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      (JSC::Arguments::copyToArguments):
      (JSC::Arguments::fillArgList):
      (JSC::Arguments::getOwnPropertySlotByIndex):
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
      lots of tricky code designed to maintain two different copies of function
      arguments. Now that arguments are always contiguous in one place in memory,
      this complexity can go away.
              
      Reduced down to one create function for the Arguments class, from three.
      
      Moved tearOff() into an out-of-line function because it's huge.
              
      Moved logic about whether to tear off eagerly into the Arguments class,
      so we didn't have to duplicate it elsewhere.
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
      m_numCapturedArgs because if the value really were m_numParametersMinusThis
      we would be marking too much. (We shouldn't mark 'this' because it can't
      be captured.) Also, use helper functions.
      
      * runtime/JSActivation.h:
      (JSC::JSActivation::tearOff): Use helper functions.
      
      * runtime/JSArray.cpp:
      (JSC::JSArray::copyToArguments):
      * runtime/JSArray.h: Use helper functions, as above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@102545 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0af1468f
  31. 15 Nov, 2011 1 commit
    • ggaren@apple.com's avatar
      A little bit of arguments / activation cleanup · 64dd95ff
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=72339
      
      Reviewed by Gavin Barraclough.
              
      Renamed copyRegisters => tearOff to match bytecode and other terminology.
              
      Renamed setActivation => didTearOffActivation to indicate that this is a
      notification the object may choose to ignore. Moved "Should I ignore?"
      code into the arguments object to avoid duplication elsewhere.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::unwindCallFrame):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveArguments):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Arguments.h:
      (JSC::Arguments::createAndTearOff):
      (JSC::Arguments::didTearOffActivation):
      (JSC::Arguments::finishCreationButDontTearOff):
      (JSC::Arguments::finishCreation):
      (JSC::Arguments::finishCreationAndTearOff):
      (JSC::Arguments::tearOff):
      
      * runtime/JSActivation.h:
      (JSC::JSActivation::tearOff): Moved Activation's code into its own header
      because that's where it belongs.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100224 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      64dd95ff
  32. 14 Nov, 2011 1 commit
    • ggaren@apple.com's avatar
      Standardized the JS calling convention · 539d1bba
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=72221
              
      Reviewed by Oliver Hunt.
      
      This patch standardizes the calling convention so that the caller always
      sets up the callee's CallFrame. Adjustments for call type, callee type,
      argument count, etc. now always take place after that initial setup.
              
      This is a step toward reversing the argument order, but also has these
      immediate benefits (measured on x64):
              
      (1) 1% benchmark speedup across the board.
              
      (2) 50% code size reduction in baseline JIT function calls.
              
      (3) 1.5x speedup for single-dispatch .apply forwarding.
              
      (4) 1.1x speedup for multi-dispatch .apply forwarding.
      
      This change affected the baseline JIT most, since the baseline JIT had
      lots of ad hoc calling conventions for different caller / callee types.
      
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::branchPtr):
      (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
      a test, like other assemblers do. (I added some compares to 0, and didn't
      want them to be slow.)
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
      op_call_varargs could share code generation with other forms of op_call.
      This is also a small optimization, since op_*varargs no longer have to
      pass arguments to each other through the register file.
      
      (JSC::CallLinkInfo::unlink):
      * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
      us to link functions called through .apply syntax. We need to distinguish
      CallVarargs from Call because CallVarargs changes its argument count
      on each inovcation, so we must always link to the argument count checking
      version of the callee.
      
      * bytecode/Opcode.h:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitCallVarargs):
      * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
      
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
      some of this bytecode generation to remove redundant copies.
      
      * dfg/DFGJITCodeGenerator32_64.cpp:
      (JSC::DFG::JITCodeGenerator::emitCall):
      * dfg/DFGJITCodeGenerator64.cpp:
      (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
      DFG doesn't support this type, but its code needs to change slightly
      to accomodate a 3-state variable.
      
      Stopped passing the argument count in regT1 because this is non-standard.
      (The argument count goes in the CallFrame. This trades speed on the slow
      path for speed and code size on the fast path, and simplicity on all paths.
      A good trade, in my opinion.)
      
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
      setup more obvious when single-stepping. Also, updated for argument count
      not being in regT1.
      
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addJSCall):
      (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
      type: CallVarargs.
      
      * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
      doing anything else. Don't check for stack overflow because we have no callee
      registers, and our caller has already checked for its own registers.
      
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
      count doesn't match -- we just need to link to the argument count checking
      version.
      
      * interpreter/CallFrameClosure.h:
      (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
      arguments from C++, we need to supply a full copy of the arguments prior
      to the subset copy that matches our callee's argument count. (That is what
      the standard calling convention would have produced in JS.) I would have
      split this into its own patch, but I couldn't find a way to get the JIT
      to fail a regression test in this area without my patch applied.
      
      * interpreter/Interpreter.cpp: Let the true code bomb begin!
      
      (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
      and not eval()'s caller frame. We no longer leave the CallFrame pointing
      to eval()'s caller during a call to eval(), since that is not standard.
      
      (JSC::loadVarargs): Factored out a shared helper function for use by JIT
      and interpreter because half the code means one quarter the bugs -- in my
      programming, at least.
      
      (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
              
      (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
      putDirect, because it got in the way of my testing. (When putting a
      function, the cached base of a PutPropertySlot can be 0 to signify "do
      not optimize".)
              
      op_call_eval: Updated for new, standard eval calling convention.
              
      op_load_varargs: Merged op_load_varargs into op_call_varargs.
      
      op_call_varags: Updated for new, standard eval calling convention. Don't
      check for stack overflow because the loadVarargs helper function already
      checked.
      
      * interpreter/Interpreter.h:
      (JSC::Interpreter::execute): Headers are fun and educational!
      
      * interpreter/RegisterFile.cpp:
      (JSC::RegisterFile::growSlowCase):
      * interpreter/RegisterFile.h:
      (JSC::RegisterFile::grow): Factored out the slow case into a slow
      case because it was cramping the style of my fast case.
      
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile): Moved initialization of
      RegisterFile::CodeBlock to make it more obvious when debugging. Removed
      assumption that argument count is in regT1, as above. Removed call to
      restoreArgumentReference() because the JITStubCall abstraction does this for us.
      
      (JSC::JIT::linkFor): Link even if we miss on argument count, as above.
      
      * jit/JIT.h:
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emitSlow_op_call):
      (JSC::JIT::emitSlow_op_call_eval):
      (JSC::JIT::emitSlow_op_call_varargs):
      (JSC::JIT::emitSlow_op_construct):
      (JSC::JIT::emit_op_call_eval):
      (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
      Don't count call_eval when accounting for linkable function calls because
      eval doesn't link. (Its fast path is to perform the eval.)
      
      (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
      to our new calling convention. The key to this optimization is the
      observation that, in a function that declares no arguments, if any
      arguments are passed, they all end up right behind 'this'.
      
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
      
      (JSC::JIT::compileOpCall):
      (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
      this is the whole point of my patch. The caller now unconditionally moves
      the CallFrame forward and fills in the data it knows before taking any
      branches to deal with weird caller/callee pairs.
              
      This also means that there is almost no slow path for calls -- it all
      gets folded into the shared virtual call stub. The only things remaining
      in the slow path are the rare case counter and a call to the stub.
      
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
      different registers or in memory, based on our new standard calling
      convention.
              
      Added a shared path for calling out to CTI helper functions for non-JS
      calls.
      
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_method_check): method_check emits its own code and
      the following get_by_id's code, so it needs to add both when informing
      result chaining of its result. This is important because the standard
      calling convention can now take advantage of this chaining.
      
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCall):
      (JSC::JIT::compileOpCallSlowCase):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::emit_op_call_eval):
      (JSC::JIT::emit_op_call_varargs):
      (JSC::JIT::emitSlow_op_call):
      (JSC::JIT::emitSlow_op_call_eval):
      (JSC::JIT::emitSlow_op_call_varargs):
      (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
      second time, now with 64 bits.
      
      * jit/JITStubs.cpp:
      (JSC::throwExceptionFromOpCall):
      (JSC::jitCompileFor):
      (JSC::arityCheckFor):
      (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
      Exceptions thrown in the middle of a function call now use a shared helper
      function (throwExceptionFromOpCall). This function understands that the
      CallFrame currently points to the callEE, and the exception must be
      thrown by the callER. (The old calling convention would often still have
      the CallFrame pointing at the callER at the point of an exception. That
      is not the way of our new, standard calling convention.)
      
      (JSC::op_call_eval): Finish standard CallFrame setup before calling 
      our eval helper function, which now depends on that setup.
      
      * runtime/Arguments.h:
      (JSC::Arguments::length): Renamed numProvidedArguments() to length()
      because that's what other objects call it, and the difference made our
      new loadVarargs helper function hard to read.
      
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
      fixes.
      
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
      the .apply call_varargs optimization fails. (This bug appears on layout
      tests when you disable the optimization.)
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100165 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      539d1bba
  33. 09 Nov, 2011 1 commit
    • mhahnenberg@apple.com's avatar
      De-virtualize JSObject::getOwnPropertyDescriptor · 7f2f7e53
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71523
      
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
      virtual versions of getOwnPropertyDescriptor to static ones, and 
      changed all of the call sites to the corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertyDescriptor):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertyDescriptor):
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertyDescriptor):
      * runtime/Arguments.h:
      * runtime/ArrayConstructor.cpp:
      (JSC::ArrayConstructor::getOwnPropertyDescriptor):
      * runtime/ArrayConstructor.h:
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::getOwnPropertyDescriptor):
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::getOwnPropertyDescriptor):
      * runtime/BooleanPrototype.h:
      * runtime/ClassInfo.h:
      * runtime/DateConstructor.cpp:
      (JSC::DateConstructor::getOwnPropertyDescriptor):
      * runtime/DateConstructor.h:
      * runtime/DatePrototype.cpp:
      (JSC::DatePrototype::getOwnPropertyDescriptor):
      * runtime/DatePrototype.h:
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::getOwnPropertyDescriptor):
      * runtime/ErrorPrototype.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::getOwnPropertyDescriptor):
      * runtime/JSArray.h:
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::getOwnPropertyDescriptor):
      * runtime/JSByteArray.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnPropertyDescriptor):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertyDescriptor):
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::getOwnPropertyDescriptor):
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::getOwnPropertyDescriptor):
      * runtime/JSONObject.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::vtableAnchor):
      (JSC::JSObject::propertyIsEnumerable):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::JSObject::getPropertyDescriptor):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a 
      bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject.  There were 
      no call sites for this version of getOwnPropertyDescriptor in the entire project.
      * runtime/JSString.h:
      * runtime/Lookup.h:
      (JSC::getStaticPropertyDescriptor):
      (JSC::getStaticFunctionDescriptor):
      (JSC::getStaticValueDescriptor):
      * runtime/MathObject.cpp:
      (JSC::MathObject::getOwnPropertyDescriptor):
      * runtime/MathObject.h:
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::getOwnPropertyDescriptor):
      * runtime/NumberConstructor.h:
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::getOwnPropertyDescriptor):
      * runtime/NumberPrototype.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructor::getOwnPropertyDescriptor):
      (JSC::objectConstructorGetOwnPropertyDescriptor):
      * runtime/ObjectConstructor.h:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::getOwnPropertyDescriptor):
      * runtime/ObjectPrototype.h:
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::getOwnPropertyDescriptor):
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnPropertyDescriptor):
      * runtime/RegExpObject.h:
      * runtime/RegExpPrototype.cpp:
      (JSC::RegExpPrototype::getOwnPropertyDescriptor):
      * runtime/RegExpPrototype.h:
      * runtime/StringConstructor.cpp:
      (JSC::StringConstructor::getOwnPropertyDescriptor):
      * runtime/StringConstructor.h:
      * runtime/StringObject.cpp:
      (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
      (JSC::StringObject::getOwnPropertyDescriptor):
      * runtime/StringObject.h:
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::getOwnPropertyDescriptor):
      * runtime/StringPrototype.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
      virtual versions of getOwnPropertyDescriptor to static ones, and 
      changed all of the call sites to the corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertyDescriptor):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::getOwnPropertyDescriptorDelegate):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestInterface::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestInterface.h:
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestMediaQueryListListenerPrototype::getOwnPropertyDescriptor):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestObjPrototype::getOwnPropertyDescriptor):
      (WebCore::JSTestObj::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestObj.h:
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::getOwnPropertyDescriptor):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertyDescriptor):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertyDescriptor):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyDescriptor):
      (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyDescriptor):
      * bridge/qt/qt_runtime.h:
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::getOwnPropertyDescriptor):
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::vtableAnchor): Added to prevent a weak vtable.
      (JSC::RuntimeMethod::getOwnPropertyDescriptor):
      * bridge/runtime_method.h: Changed getOwnPropertyDescriptor from private to protected to allow 
      subclasses to use it in their MethodTables.
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::getOwnPropertyDescriptor):
      * bridge/runtime_object.h:
      
      Source/WebKit2: 
      
      Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
      virtual versions of getOwnPropertyDescriptor to static ones, and 
      changed all of the call sites to the corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99754 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7f2f7e53
  34. 03 Nov, 2011 2 commits
    • fpizlo@apple.com's avatar
      Source/JavaScriptCore: DFG inlining breaks function.arguments[something] if the argument being · 116a0899
      fpizlo@apple.com authored
      retrieved was subjected to DFG's unboxing optimizations
      https://bugs.webkit.org/show_bug.cgi?id=71436
      
      Reviewed by Oliver Hunt.
              
      This makes inlined arguments retrieval use some of the same machinery as
      OSR to determine where from, and how, to retrieve a value that the DFG
      might have somehow squirreled away while the old JIT would put it in its
      obvious location, using an obvious format.
              
      To that end, previously DFG-internal notions such as DataFormat,
      VirtualRegister, and ValueRecovery are now in bytecode/ since they are
      stored as part of InlineCallFrames.
      
      * bytecode/CodeOrigin.h:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGJITCompiler32_64.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGNode.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::inlineCallFrame):
      * interpreter/Register.h:
      (JSC::Register::asInlineCallFrame):
      (JSC::Register::unboxedInt32):
      (JSC::Register::unboxedBoolean):
      (JSC::Register::unboxedCell):
      * runtime/Arguments.h:
      (JSC::Arguments::finishCreationAndCopyRegisters):
      
      LayoutTests: DFG inlining breaks function.arguments[something] if the argument being
      retrieved was subjected to DFG's unboxing optimizations
      https://bugs.webkit.org/show_bug.cgi?id=71436        
      
      Reviewed by Oliver Hunt.
      
      * fast/js/dfg-inline-arguments-int32-expected.txt: Added.
      * fast/js/dfg-inline-arguments-int32.html: Added.
      * fast/js/script-tests/dfg-inline-arguments-int32.js: Added.
      (foo):
      (bar):
      (baz):
      (argsToStr):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99148 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      116a0899
    • mhahnenberg@apple.com's avatar
      De-virtualize JSObject::getOwnPropertyNames · 5726238d
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71307
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore: 
      
      Added getOwnPropertyNames to the MethodTable, changed all the virtual 
      implementations of getOwnPropertyNames to static ones, and replaced 
      all call sites with corresponding lookups in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertyNames):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertyNames):
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertyNames):
      * runtime/Arguments.h:
      * runtime/ClassInfo.h:
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::getOwnPropertyNames):
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::getOwnPropertyNames):
      * runtime/JSArray.h:
      * runtime/JSByteArray.cpp:
      (JSC::JSByteArray::getOwnPropertyNames):
      * runtime/JSByteArray.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnPropertyNames):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertyNames):
      * runtime/JSFunction.h:
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::getOwnPropertyNames):
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::getPropertyNames):
      (JSC::JSObject::getOwnPropertyNames):
      * runtime/JSObject.h:
      * runtime/JSVariableObject.cpp:
      (JSC::JSVariableObject::~JSVariableObject):
      (JSC::JSVariableObject::getOwnPropertyNames):
      * runtime/JSVariableObject.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::objectConstructorGetOwnPropertyNames):
      (JSC::objectConstructorKeys):
      (JSC::defineProperties):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::getOwnPropertyNames):
      * runtime/StringObject.cpp:
      (JSC::StringObject::getOwnPropertyNames):
      * runtime/StringObject.h:
      * runtime/Structure.h:
      
      Source/JavaScriptGlue: 
      
      Added getOwnPropertyNames to the MethodTable, changed all the virtual 
      implementations of getOwnPropertyNames to static ones, and replaced 
      all call sites with corresponding lookups in the MethodTable.
      
      * UserObjectImp.cpp:
      (UserObjectImp::getOwnPropertyNames):
      * UserObjectImp.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Added getOwnPropertyNames to the MethodTable, changed all the virtual 
      implementations of getOwnPropertyNames to static ones, and replaced 
      all call sites with corresponding lookups in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::getOwnPropertyNames):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertyNames):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertyNames):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::getOwnPropertyNames):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::getOwnPropertyNames):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::getOwnPropertyNames):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::serialize):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyNames):
      (JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyNames):
      * bridge/qt/qt_runtime.h:
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::getOwnPropertyNames):
      * bridge/runtime_array.h:
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::getOwnPropertyNames):
      * bridge/runtime_object.h:
      
      Source/WebKit2: 
      
      Added getOwnPropertyNames to the MethodTable, changed all the virtual 
      implementations of getOwnPropertyNames to static ones, and replaced 
      all call sites with corresponding lookups in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getOwnPropertyNames):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99126 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5726238d
  35. 01 Nov, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG inlining breaks function.arguments · 03586591
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71329
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      The DFG was forgetting to store code origin mappings for inlined
      call sites. Some of the fast-path optimizations for
      CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
      was wrong.
              
      I also took the opportunity to decrease code duplication between
      DFG64 and DFG32_64, because I didn't feel like writing the same
      code twice.
      
      * bytecode/CodeBlock.h:
      (JSC::ExecState::isInlineCallFrame):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler32_64.cpp:
      * dfg/DFGNode.h:
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      * runtime/Arguments.h:
      (JSC::Arguments::getArgumentsData):
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
              
      Test that using bar.arguments, where bar was inlined into baz,
      works correctly.
      
      * fast/js/dfg-inline-arguments-simple-expected.txt: Added.
      * fast/js/dfg-inline-arguments-simple.html: Added.
      * fast/js/script-tests/dfg-inline-arguments-simple.js: Added.
      (foo):
      (bar):
      (baz):
      (argsToStr):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99009 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      03586591
  36. 26 Oct, 2011 3 commits
    • mhahnenberg@apple.com's avatar
      Remove getOwnPropertySlotVirtual · 5c103b05
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=70741
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertyDescriptor):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::getOwnPropertySlot):
      * debugger/DebuggerActivation.h:
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConstructor.h:
      * runtime/ArrayPrototype.cpp:
      * runtime/ArrayPrototype.h:
      * runtime/BooleanPrototype.cpp:
      * runtime/BooleanPrototype.h:
      * runtime/DateConstructor.cpp:
      * runtime/DateConstructor.h:
      * runtime/DatePrototype.cpp:
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::create):
      * runtime/ErrorPrototype.cpp:
      * runtime/ErrorPrototype.h:
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::getOwnPropertySlotByIndex):
      * runtime/JSArray.h:
      * runtime/JSByteArray.cpp:
      * runtime/JSByteArray.h:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnPropertyNames):
      (JSC::JSFunction::put):
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSONObject.h:
      * runtime/JSObject.cpp:
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::hasOwnProperty):
      * runtime/JSObject.h:
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSObject::getPropertySlot):
      (JSC::JSValue::get):
      * runtime/JSStaticScopeObject.cpp:
      * runtime/JSStaticScopeObject.h:
      * runtime/JSString.cpp:
      (JSC::JSString::getOwnPropertySlot):
      * runtime/JSString.h:
      * runtime/MathObject.cpp:
      * runtime/MathObject.h:
      (JSC::MathObject::create):
      * runtime/NumberConstructor.cpp:
      * runtime/NumberConstructor.h:
      * runtime/NumberPrototype.cpp:
      * runtime/NumberPrototype.h:
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectConstructor.h:
      * runtime/ObjectPrototype.cpp:
      * runtime/ObjectPrototype.h:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      * runtime/RegExpObject.h:
      * runtime/RegExpPrototype.cpp:
      * runtime/RegExpPrototype.h:
      * runtime/StringConstructor.cpp:
      * runtime/StringConstructor.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
      * runtime/StringPrototype.cpp:
      * runtime/StringPrototype.h:
      
      Source/JavaScriptGlue: 
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * UserObjectImp.cpp:
      * UserObjectImp.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::DialogHandler::returnValue):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlot):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::getSparseIndex):
      (WebCore::CloneSerializer::getProperty):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorDefinition):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      * bridge/qt/qt_runtime.cpp:
      * bridge/qt/qt_runtime.h:
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      * bridge/runtime_method.h:
      * bridge/runtime_object.cpp:
      * bridge/runtime_object.h:
      
      Source/WebKit2: 
      
      Removed all declarations and definitions of getOwnPropertySlotVirtual.
      Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98501 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5c103b05
    • mhahnenberg@apple.com's avatar
      Remove deletePropertyVirtual · c0f87c17
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=70738
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      (JSC::::deletePropertyByIndex):
      * API/JSObjectRef.cpp:
      (JSObjectDeleteProperty):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::deleteProperty):
      * debugger/DebuggerActivation.h:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncPop):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::deletePropertyByIndex):
      * runtime/JSArray.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::deleteProperty):
      (JSC::JSCell::deletePropertyByIndex):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      * runtime/JSVariableObject.cpp:
      * runtime/JSVariableObject.h:
      * runtime/RegExpMatchesArray.h:
      * runtime/StrictEvalActivation.cpp:
      * runtime/StrictEvalActivation.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
      
      Source/WebCore: 
      
      No new tests.
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deleteProperty):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::deleteProperty):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::deleteProperty):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deleteProperty):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deleteProperty):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deleteProperty):
      * bindings/js/ScriptObject.cpp:
      (WebCore::ScriptGlobalObject::remove):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject removeWebScriptKey:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      * bridge/NP_jsobject.cpp:
      (_NPN_RemoveProperty):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::removeMember):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      * bridge/runtime_object.cpp:
      * bridge/runtime_object.h:
      
      Source/WebKit/mac: 
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::removeProperty):
      
      Source/WebKit2: 
      
      Removed all declarations and definitions of deletePropertyVirtual.
      Also replaced all call sites to deletePropertyVirtual with a 
      corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::removeProperty):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98422 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c0f87c17
    • mhahnenberg@apple.com's avatar
      Remove putVirtual · 39512785
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=70740
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * API/JSCallbackObject.h:
      * API/JSCallbackObjectFunctions.h:
      * API/JSObjectRef.cpp:
      (JSObjectSetProperty):
      (JSObjectSetPropertyAtIndex):
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::put):
      * debugger/DebuggerActivation.h:
      * dfg/DFGOperations.cpp:
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      * runtime/Arguments.cpp:
      * runtime/Arguments.h:
      * runtime/ArrayPrototype.cpp:
      (JSC::putProperty):
      (JSC::arrayProtoFuncConcat):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncReverse):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSlice):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      * runtime/JSActivation.cpp:
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      (JSC::JSArray::putSlowCase):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      * runtime/JSArray.h:
      * runtime/JSByteArray.cpp:
      * runtime/JSByteArray.h:
      * runtime/JSCell.cpp:
      (JSC::JSCell::put):
      (JSC::JSCell::putByIndex):
      * runtime/JSCell.h:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSNotAnObject.h:
      * runtime/JSONObject.cpp:
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      (JSC::JSValue::put):
      * runtime/JSStaticScopeObject.cpp:
      * runtime/JSStaticScopeObject.h:
      * runtime/ObjectPrototype.cpp:
      * runtime/ObjectPrototype.h:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpConstructor.h:
      * runtime/RegExpMatchesArray.h:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpObject.h:
      * runtime/StringObject.cpp:
      * runtime/StringObject.h:
      * runtime/StringPrototype.cpp:
      (JSC::stringProtoFuncSplit):
      
      Source/JavaScriptGlue:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * JSValueWrapper.cpp:
      (JSValueWrapper::JSObjectSetProperty):
      * UserObjectImp.cpp:
      * UserObjectImp.h:
      
      Source/WebCore:
      
      No new tests.
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::put):
      * bindings/js/JSDOMWindowShell.h:
      * bindings/js/JSPluginElementFunctions.cpp:
      (WebCore::runtimeObjectCustomPut):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneDeserializer::putProperty):
      * bindings/objc/WebScriptObject.mm:
      (-[WebScriptObject setValue:forKey:]):
      (-[WebScriptObject setWebScriptValueAtIndex:value:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/NP_jsobject.cpp:
      (_NPN_SetProperty):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::setMember):
      (JavaJSObject::setSlot):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::convertQVariantToValue):
      * bridge/runtime_array.cpp:
      * bridge/runtime_array.h:
      * bridge/runtime_object.cpp:
      * bridge/runtime_object.h:
      * bridge/testqtbindings.cpp:
      (main):
      
      Source/WebKit/efl:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * ewk/ewk_view.cpp:
      (ewk_view_js_object_add):
      
      Source/WebKit/mac:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::setProperty):
      
      Source/WebKit/qt:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * Api/qwebframe.cpp:
      (QWebFrame::addToJavaScriptWindowObject):
      
      Source/WebKit2:
      
      Removed all declarations and definitions of putVirtual.
      Also replaced all call sites to putVirtual with a
      corresponding lookup in the MethodTable.
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      * WebProcess/Plugins/Netscape/JSNPObject.h:
      * WebProcess/Plugins/Netscape/NPJSObject.cpp:
      (WebKit::NPJSObject::setProperty):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98415 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      39512785