1. 18 Sep, 2013 3 commits
    • fpizlo@apple.com's avatar
      DFG should support Int52 for local variables · 6921b29b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121064
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
      programs that have local int32 overflows but where a larger int representation can
      prevent us from having to convert all the way up to double.
              
      It's a small speed-up for now. But we're just supporting Int52 for a handful of
      operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
      the groundwork for adding Int52 to JSValue, which will probably be a bigger
      speed-up.
              
      The basic approach is:
              
      - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
        or HeapTop - i.e. it doesn't arise from JSValues.
              
      - DFG treats Int52 as being part of its FullTop and will treat it as being a
        subtype of double unless instructed otherwise.
              
      - Prediction propagator creates Int52s whenever we have a node going doubly but due
        to large values rather than fractional values, and that node is known to be able
        to produce Int52 natively in the DFG backend.
              
      - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
        to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
        input.
              
      - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
        are left-shifted by 16 (great for overflow checks) and ones that are
        sign-extended. Both backends know how to convert between Int52s and the other
        representations.
      
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::rshift64):
      (JSC::MacroAssemblerX86_64::mul64):
      (JSC::MacroAssemblerX86_64::branchMul64):
      (JSC::MacroAssemblerX86_64::branchNeg64):
      (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::imulq_rr):
      (JSC::X86Assembler::cvtsi2sdq_rr):
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      * bytecode/ExitKind.h:
      * bytecode/OperandsInlines.h:
      (JSC::::dumpInContext):
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromValue):
      * bytecode/SpeculatedType.h:
      (JSC::isInt32SpeculationForArithmetic):
      (JSC::isInt52Speculation):
      (JSC::isMachineIntSpeculationForArithmetic):
      (JSC::isInt52AsDoubleSpeculation):
      (JSC::isBytecodeRealNumberSpeculation):
      (JSC::isFullRealNumberSpeculation):
      (JSC::isBytecodeNumberSpeculation):
      (JSC::isFullNumberSpeculation):
      (JSC::isBytecodeNumberSpeculationExpectingDefined):
      (JSC::isFullNumberSpeculationExpectingDefined):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
      (JSC::ValueRecovery::inGPR):
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::isAlreadyInJSStack):
      (JSC::ValueRecovery::gpr):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAbstractInterpreter.h:
      (JSC::DFG::AbstractInterpreter::needsTypeCheck):
      (JSC::DFG::AbstractInterpreter::filterByType):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::checkConsistency):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::couldBeType):
      (JSC::DFG::AbstractValue::isType):
      (JSC::DFG::AbstractValue::checkConsistency):
      (JSC::DFG::AbstractValue::validateType):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::boxInt52):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGCommon.h:
      (JSC::DFG::enableInt52):
      * dfg/DFGDCEPhase.cpp:
      (JSC::DFG::DCEPhase::fixupBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      (JSC::DFG::FixupPhase::fixEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
      * dfg/DFGFlushFormat.cpp:
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h:
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::initInt52):
      (JSC::DFG::GenerationInfo::initStrictInt52):
      (JSC::DFG::GenerationInfo::isFormat):
      (JSC::DFG::GenerationInfo::isInt52):
      (JSC::DFG::GenerationInfo::isStrictInt52):
      (JSC::DFG::GenerationInfo::fillInt52):
      (JSC::DFG::GenerationInfo::fillStrictInt52):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addShouldSpeculateMachineInt):
      (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
      (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGMinifiedNode.h:
      (JSC::DFG::belongsInMinifiedGraph):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      (JSC::DFG::Node::canSpeculateInt52):
      * dfg/DFGNodeFlags.h:
      (JSC::DFG::nodeCanSpeculateInt52):
      * dfg/DFGNodeType.h:
      (JSC::DFG::permitsOSRBackwardRewiring):
      (JSC::DFG::forwardRewiringSelectionScore):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      (JSC::DFG::safeToExecute):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::speculateMachineInt):
      (JSC::DFG::SpeculativeJIT::speculateNumber):
      (JSC::DFG::SpeculativeJIT::speculateRealNumber):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::int52Result):
      (JSC::DFG::SpeculativeJIT::strictInt52Result):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
      (JSC::DFG::SpeculativeJIT::generationInfo):
      (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::edge):
      (JSC::DFG::SpeculateInt52Operand::node):
      (JSC::DFG::SpeculateInt52Operand::gpr):
      (JSC::DFG::SpeculateInt52Operand::use):
      (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::edge):
      (JSC::DFG::SpeculateStrictInt52Operand::node):
      (JSC::DFG::SpeculateStrictInt52Operand::gpr):
      (JSC::DFG::SpeculateStrictInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
      (JSC::DFG::SpeculateWhicheverInt52Operand::node):
      (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
      (JSC::DFG::SpeculateWhicheverInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::format):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::boxInt52):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileInt52Compare):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isNumerical):
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::ValueSource::forFlushFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::flushFormat):
      * ftl/FTLCArgumentGetter.cpp:
      (JSC::FTL::CArgumentGetter::loadNextAndBox):
      * ftl/FTLCArgumentGetter.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      * ftl/FTLExitValue.h:
      (JSC::FTL::ExitValue::inJSStackAsInt52):
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
      (JSC::FTL::LowerDFGToLLVM::compilePhi):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileAdd):
      (JSC::FTL::LowerDFGToLLVM::compileArithSub):
      (JSC::FTL::LowerDFGToLLVM::compileArithMul):
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
      (JSC::FTL::LowerDFGToLLVM::lowInt32):
      (JSC::FTL::LowerDFGToLLVM::lowInt52):
      (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
      (JSC::FTL::LowerDFGToLLVM::opposite):
      (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
      (JSC::FTL::LowerDFGToLLVM::lowCell):
      (JSC::FTL::LowerDFGToLLVM::lowBoolean):
      (JSC::FTL::LowerDFGToLLVM::lowDouble):
      (JSC::FTL::LowerDFGToLLVM::lowJSValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
      (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
      (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::setInt52):
      (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::addWithOverflow64):
      (JSC::FTL::Output::subWithOverflow64):
      (JSC::FTL::Output::mulWithOverflow64):
      * ftl/FTLValueFormat.cpp:
      (WTF::printInternal):
      * ftl/FTLValueFormat.h:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      * interpreter/Register.h:
      (JSC::Register::unboxedInt52):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::isMachineInt):
      (JSC::JSValue::asMachineInt):
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
      
      * wtf/PrintStream.h:
      (WTF::ValueIgnoringContext::ValueIgnoringContext):
      (WTF::ValueIgnoringContext::dump):
      (WTF::ignoringContext):
      
      Tools: 
      
      Reviewed by Oliver Hunt.
      
      * Scripts/run-jsc-stress-tests:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * js/dfg-int-overflow-large-constants-in-a-line-expected.txt:
      * js/regress/large-int-captured-expected.txt: Added.
      * js/regress/large-int-captured.html: Added.
      * js/regress/large-int-expected.txt: Added.
      * js/regress/large-int-neg-expected.txt: Added.
      * js/regress/large-int-neg.html: Added.
      * js/regress/large-int.html: Added.
      * js/regress/marsaglia-larger-ints-expected.txt: Added.
      * js/regress/marsaglia-larger-ints.html: Added.
      * js/regress/script-tests/large-int-captured.js: Added.
      (.bar):
      (foo):
      * js/regress/script-tests/large-int-neg.js: Added.
      (foo):
      * js/regress/script-tests/large-int.js: Added.
      (foo):
      * js/regress/script-tests/marsaglia-larger-ints.js: Added.
      (uint):
      (marsaglia):
      * js/script-tests/dfg-int-overflow-large-constants-in-a-line.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156047 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6921b29b
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r156019 and r156020. · 92c67000
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/156019
      http://trac.webkit.org/changeset/156020
      https://bugs.webkit.org/show_bug.cgi?id=121540
      
      Broke tests (Requested by ap on #webkit).
      
      Source/JavaScriptCore:
      
      * assembler/MacroAssemblerX86_64.h:
      * assembler/X86Assembler.h:
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      * bytecode/ExitKind.h:
      * bytecode/OperandsInlines.h:
      (JSC::::dumpInContext):
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromValue):
      * bytecode/SpeculatedType.h:
      (JSC::isInt32SpeculationForArithmetic):
      (JSC::isInt48Speculation):
      (JSC::isMachineIntSpeculationForArithmetic):
      (JSC::isInt48AsDoubleSpeculation):
      (JSC::isRealNumberSpeculation):
      (JSC::isNumberSpeculation):
      (JSC::isNumberSpeculationExpectingDefined):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::inGPR):
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::isAlreadyInJSStack):
      (JSC::ValueRecovery::gpr):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAbstractInterpreter.h:
      (JSC::DFG::AbstractInterpreter::needsTypeCheck):
      (JSC::DFG::AbstractInterpreter::filterByType):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::checkConsistency):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::validateType):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::unboxDouble):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::canonicalize):
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGCommon.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      (JSC::DFG::FixupPhase::fixEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
      * dfg/DFGFlushFormat.cpp:
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h:
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::initInt32):
      (JSC::DFG::GenerationInfo::fillInt32):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addShouldSpeculateMachineInt):
      (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
      (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGMinifiedNode.h:
      (JSC::DFG::belongsInMinifiedGraph):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      (JSC::DFG::Node::canSpeculateInt48):
      * dfg/DFGNodeFlags.h:
      (JSC::DFG::nodeCanSpeculateInt48):
      * dfg/DFGNodeType.h:
      (JSC::DFG::forwardRewiringSelectionScore):
      * dfg/DFGOSRExitCompiler.cpp:
      (JSC::DFG::shortOperandsDump):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      (JSC::DFG::safeToExecute):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::speculateNumber):
      (JSC::DFG::SpeculativeJIT::speculateRealNumber):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::boxDouble):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::int32Result):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isNumerical):
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::ValueSource::forFlushFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::flushFormat):
      * ftl/FTLCArgumentGetter.cpp:
      (JSC::FTL::CArgumentGetter::loadNextAndBox):
      * ftl/FTLCArgumentGetter.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      * ftl/FTLExitValue.h:
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
      (JSC::FTL::LowerDFGToLLVM::compilePhi):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileAdd):
      (JSC::FTL::LowerDFGToLLVM::compileArithSub):
      (JSC::FTL::LowerDFGToLLVM::compileArithMul):
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
      (JSC::FTL::LowerDFGToLLVM::lowInt32):
      (JSC::FTL::LowerDFGToLLVM::lowCell):
      (JSC::FTL::LowerDFGToLLVM::lowBoolean):
      (JSC::FTL::LowerDFGToLLVM::lowDouble):
      (JSC::FTL::LowerDFGToLLVM::lowJSValue):
      (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::setInt32):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::mulWithOverflow32):
      * ftl/FTLValueFormat.cpp:
      (WTF::printInternal):
      * ftl/FTLValueFormat.h:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      * interpreter/Register.h:
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      
      Source/WTF:
      
      * wtf/PrintStream.h:
      
      Tools:
      
      * Scripts/run-jsc-stress-tests:
      
      LayoutTests:
      
      * js/regress/large-int-captured-expected.txt: Removed.
      * js/regress/large-int-captured.html: Removed.
      * js/regress/large-int-expected.txt: Removed.
      * js/regress/large-int-neg-expected.txt: Removed.
      * js/regress/large-int-neg.html: Removed.
      * js/regress/large-int.html: Removed.
      * js/regress/marsaglia-larger-ints-expected.txt: Removed.
      * js/regress/marsaglia-larger-ints.html: Removed.
      * js/regress/script-tests/large-int-captured.js: Removed.
      * js/regress/script-tests/large-int-neg.js: Removed.
      * js/regress/script-tests/large-int.js: Removed.
      * js/regress/script-tests/marsaglia-larger-ints.js: Removed.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156029 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      92c67000
    • fpizlo@apple.com's avatar
      DFG should support Int52 for local variables · 4c466ec6
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121064
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
      programs that have local int32 overflows but where a larger int representation can
      prevent us from having to convert all the way up to double.
              
      It's a small speed-up for now. But we're just supporting Int52 for a handful of
      operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
      the groundwork for adding Int52 to JSValue, which will probably be a bigger
      speed-up.
              
      The basic approach is:
              
      - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
        or HeapTop - i.e. it doesn't arise from JSValues.
              
      - DFG treats Int52 as being part of its FullTop and will treat it as being a
        subtype of double unless instructed otherwise.
              
      - Prediction propagator creates Int52s whenever we have a node going doubly but due
        to large values rather than fractional values, and that node is known to be able
        to produce Int52 natively in the DFG backend.
              
      - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
        to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
        input.
              
      - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
        are left-shifted by 16 (great for overflow checks) and ones that are
        sign-extended. Both backends know how to convert between Int52s and the other
        representations.
      
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::rshift64):
      (JSC::MacroAssemblerX86_64::mul64):
      (JSC::MacroAssemblerX86_64::branchMul64):
      (JSC::MacroAssemblerX86_64::branchNeg64):
      (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::imulq_rr):
      (JSC::X86Assembler::cvtsi2sdq_rr):
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * bytecode/OperandsInlines.h:
      (JSC::::dumpInContext):
      * bytecode/SpeculatedType.cpp:
      (JSC::dumpSpeculation):
      (JSC::speculationToAbbreviatedString):
      (JSC::speculationFromValue):
      * bytecode/SpeculatedType.h:
      (JSC::isInt32SpeculationForArithmetic):
      (JSC::isMachineIntSpeculationForArithmetic):
      (JSC::isBytecodeRealNumberSpeculation):
      (JSC::isFullRealNumberSpeculation):
      (JSC::isBytecodeNumberSpeculation):
      (JSC::isFullNumberSpeculation):
      (JSC::isBytecodeNumberSpeculationExpectingDefined):
      (JSC::isFullNumberSpeculationExpectingDefined):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
      (JSC::ValueRecovery::inGPR):
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::isAlreadyInJSStack):
      (JSC::ValueRecovery::gpr):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAbstractInterpreter.h:
      (JSC::DFG::AbstractInterpreter::needsTypeCheck):
      (JSC::DFG::AbstractInterpreter::filterByType):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::set):
      (JSC::DFG::AbstractValue::checkConsistency):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::couldBeType):
      (JSC::DFG::AbstractValue::isType):
      (JSC::DFG::AbstractValue::checkConsistency):
      (JSC::DFG::AbstractValue::validateType):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::refine):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::boxInt52):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGCommon.h:
      (JSC::DFG::enableInt52):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
      (JSC::DFG::FixupPhase::observeUseKindOnNode):
      (JSC::DFG::FixupPhase::fixEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
      * dfg/DFGFlushFormat.cpp:
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h:
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::initInt52):
      (JSC::DFG::GenerationInfo::initStrictInt52):
      (JSC::DFG::GenerationInfo::isFormat):
      (JSC::DFG::GenerationInfo::isInt52):
      (JSC::DFG::GenerationInfo::isStrictInt52):
      (JSC::DFG::GenerationInfo::fillInt52):
      (JSC::DFG::GenerationInfo::fillStrictInt52):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addShouldSpeculateMachineInt):
      (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
      (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGMinifiedNode.h:
      (JSC::DFG::belongsInMinifiedGraph):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      * dfg/DFGNodeFlags.h:
      * dfg/DFGNodeType.h:
      (JSC::DFG::forwardRewiringSelectionScore):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::SafeToExecuteEdge::operator()):
      (JSC::DFG::safeToExecute):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::speculateMachineInt):
      (JSC::DFG::SpeculativeJIT::speculateNumber):
      (JSC::DFG::SpeculativeJIT::speculateRealNumber):
      (JSC::DFG::SpeculativeJIT::speculate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::int52Result):
      (JSC::DFG::SpeculativeJIT::strictInt52Result):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
      (JSC::DFG::SpeculativeJIT::generationInfo):
      (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
      (JSC::DFG::SpeculateInt52Operand::edge):
      (JSC::DFG::SpeculateInt52Operand::node):
      (JSC::DFG::SpeculateInt52Operand::gpr):
      (JSC::DFG::SpeculateInt52Operand::use):
      (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
      (JSC::DFG::SpeculateStrictInt52Operand::edge):
      (JSC::DFG::SpeculateStrictInt52Operand::node):
      (JSC::DFG::SpeculateStrictInt52Operand::gpr):
      (JSC::DFG::SpeculateStrictInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
      (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
      (JSC::DFG::SpeculateWhicheverInt52Operand::node):
      (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
      (JSC::DFG::SpeculateWhicheverInt52Operand::use):
      (JSC::DFG::SpeculateWhicheverInt52Operand::format):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::boxInt52):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileInt52Compare):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGUseKind.cpp:
      (WTF::printInternal):
      * dfg/DFGUseKind.h:
      (JSC::DFG::typeFilterFor):
      (JSC::DFG::isNumerical):
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::ValueSource::forFlushFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      (JSC::DFG::VariableAccessData::flushFormat):
      * ftl/FTLCArgumentGetter.cpp:
      (JSC::FTL::CArgumentGetter::loadNextAndBox):
      * ftl/FTLCArgumentGetter.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      * ftl/FTLExitValue.h:
      (JSC::FTL::ExitValue::inJSStackAsInt52):
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
      (JSC::FTL::LowerDFGToLLVM::compilePhi):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileAdd):
      (JSC::FTL::LowerDFGToLLVM::compileArithSub):
      (JSC::FTL::LowerDFGToLLVM::compileArithMul):
      (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
      (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
      (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
      (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
      (JSC::FTL::LowerDFGToLLVM::lowInt32):
      (JSC::FTL::LowerDFGToLLVM::lowInt52):
      (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
      (JSC::FTL::LowerDFGToLLVM::opposite):
      (JSC::FTL::LowerDFGToLLVM::Int52s::operator[]):
      (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
      (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52s):
      (JSC::FTL::LowerDFGToLLVM::lowOpposingInt52s):
      (JSC::FTL::LowerDFGToLLVM::lowCell):
      (JSC::FTL::LowerDFGToLLVM::lowBoolean):
      (JSC::FTL::LowerDFGToLLVM::lowDouble):
      (JSC::FTL::LowerDFGToLLVM::lowJSValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
      (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
      (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
      (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
      (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::setInt52):
      (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::addWithOverflow64):
      (JSC::FTL::Output::subWithOverflow64):
      (JSC::FTL::Output::mulWithOverflow64):
      * ftl/FTLValueFormat.cpp:
      (WTF::printInternal):
      * ftl/FTLValueFormat.h:
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      * interpreter/Register.h:
      (JSC::Register::unboxedInt52):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/IndexingType.cpp:
      (JSC::leastUpperBoundOfIndexingTypeAndType):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::isMachineInt):
      (JSC::JSValue::asMachineInt):
      
      Source/WTF: 
      
      Reviewed by Oliver Hunt.
      
      * wtf/PrintStream.h:
      (WTF::ValueIgnoringContext::ValueIgnoringContext):
      (WTF::ValueIgnoringContext::dump):
      (WTF::ignoringContext):
      
      Tools: 
      
      Reviewed by Oliver Hunt.
      
      * Scripts/run-jsc-stress-tests:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt.
      
      * js/regress/large-int-captured-expected.txt: Added.
      * js/regress/large-int-captured.html: Added.
      * js/regress/large-int-expected.txt: Added.
      * js/regress/large-int-neg-expected.txt: Added.
      * js/regress/large-int-neg.html: Added.
      * js/regress/large-int.html: Added.
      * js/regress/marsaglia-larger-ints-expected.txt: Added.
      * js/regress/marsaglia-larger-ints.html: Added.
      * js/regress/script-tests/large-int-captured.js: Added.
      (.bar):
      (foo):
      * js/regress/script-tests/large-int-neg.js: Added.
      (foo):
      * js/regress/script-tests/large-int.js: Added.
      (foo):
      * js/regress/script-tests/marsaglia-larger-ints.js: Added.
      (uint):
      (marsaglia):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156019 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4c466ec6
  2. 30 Aug, 2013 1 commit
    • oliver@apple.com's avatar
      Make JSValue bool conversion less dangerous · 02fe0141
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120505
      
      Reviewed by Darin Adler.
      
      Source/JavaScriptCore:
      
      Replaces JSValue::operator bool() with a operator UnspecifiedBoolType* as
      we do elsewhere.  Then fix the places where terrible type coercion was
      happening.  All of the changes made had no fundamental behavioural impact
      as they were coercion results that were ignored (returning undefined
      after an exception).
      
      * dfg/DFGOperations.cpp:
      * interpreter/CallFrame.h:
      (JSC::ExecState::hadException):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::operator UnspecifiedBoolType*):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncEval):
      * runtime/PropertyDescriptor.cpp:
      (JSC::PropertyDescriptor::equalTo)
      
      Source/WTF:
      
      Make LIKELY and UNLIKELY macros coerce to bool before
      passing to expect.
      
      * wtf/Compiler.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02fe0141
  3. 14 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      Foo::s_info should be Foo::info(), so that you can change how the s_info is actually linked · 10ae2d0d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119770
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp:
      (JSC::JSCallbackConstructor::finishCreation):
      * API/JSCallbackConstructor.h:
      (JSC::JSCallbackConstructor::createStructure):
      * API/JSCallbackFunction.cpp:
      (JSC::JSCallbackFunction::finishCreation):
      * API/JSCallbackFunction.h:
      (JSC::JSCallbackFunction::createStructure):
      * API/JSCallbackObject.cpp:
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSC::JSCallbackObject::visitChildren):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::asCallbackObject):
      (JSC::::finishCreation):
      * API/JSObjectRef.cpp:
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp:
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp:
      * API/ObjCCallbackFunction.h:
      (JSC::ObjCCallbackFunction::createStructure):
      * JSCTypedArrayStubs.h:
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::CallLinkStatus):
      (JSC::CallLinkStatus::function):
      (JSC::CallLinkStatus::internalFunction):
      * bytecode/CodeBlock.h:
      (JSC::baselineCodeBlockForInlineCallFrame):
      * bytecode/SpeculatedType.cpp:
      (JSC::speculationFromClassInfo):
      * bytecode/UnlinkedCodeBlock.cpp:
      (JSC::UnlinkedFunctionExecutable::visitChildren):
      (JSC::UnlinkedCodeBlock::visitChildren):
      (JSC::UnlinkedProgramCodeBlock::visitChildren):
      * bytecode/UnlinkedCodeBlock.h:
      (JSC::UnlinkedFunctionExecutable::createStructure):
      (JSC::UnlinkedProgramCodeBlock::createStructure):
      (JSC::UnlinkedEvalCodeBlock::createStructure):
      (JSC::UnlinkedFunctionCodeBlock::createStructure):
      * debugger/Debugger.cpp:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      * debugger/DebuggerActivation.h:
      (JSC::DebuggerActivation::createStructure):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::functionName):
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::isInternalFunctionConstant):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileNewStringObject):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::virtualForThunkGenerator):
      * interpreter/Interpreter.cpp:
      (JSC::loadVarargs):
      * jsc.cpp:
      (GlobalObject::createStructure):
      * profiler/LegacyProfiler.cpp:
      (JSC::LegacyProfiler::createCallIdentifier):
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      * runtime/Arguments.h:
      (JSC::Arguments::createStructure):
      (JSC::asArguments):
      (JSC::Arguments::finishCreation):
      * runtime/ArrayConstructor.cpp:
      (JSC::arrayConstructorIsArray):
      * runtime/ArrayConstructor.h:
      (JSC::ArrayConstructor::createStructure):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::finishCreation):
      (JSC::arrayProtoFuncConcat):
      (JSC::attemptFastSort):
      * runtime/ArrayPrototype.h:
      (JSC::ArrayPrototype::createStructure):
      * runtime/BooleanConstructor.h:
      (JSC::BooleanConstructor::createStructure):
      * runtime/BooleanObject.cpp:
      (JSC::BooleanObject::finishCreation):
      * runtime/BooleanObject.h:
      (JSC::BooleanObject::createStructure):
      (JSC::asBooleanObject):
      * runtime/BooleanPrototype.cpp:
      (JSC::BooleanPrototype::finishCreation):
      (JSC::booleanProtoFuncToString):
      (JSC::booleanProtoFuncValueOf):
      * runtime/BooleanPrototype.h:
      (JSC::BooleanPrototype::createStructure):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateConstructor.h:
      (JSC::DateConstructor::createStructure):
      * runtime/DateInstance.cpp:
      (JSC::DateInstance::finishCreation):
      * runtime/DateInstance.h:
      (JSC::DateInstance::createStructure):
      (JSC::asDateInstance):
      * runtime/DatePrototype.cpp:
      (JSC::formateDateInstance):
      (JSC::DatePrototype::finishCreation):
      (JSC::dateProtoFuncToISOString):
      (JSC::dateProtoFuncToLocaleString):
      (JSC::dateProtoFuncToLocaleDateString):
      (JSC::dateProtoFuncToLocaleTimeString):
      (JSC::dateProtoFuncGetTime):
      (JSC::dateProtoFuncGetFullYear):
      (JSC::dateProtoFuncGetUTCFullYear):
      (JSC::dateProtoFuncGetMonth):
      (JSC::dateProtoFuncGetUTCMonth):
      (JSC::dateProtoFuncGetDate):
      (JSC::dateProtoFuncGetUTCDate):
      (JSC::dateProtoFuncGetDay):
      (JSC::dateProtoFuncGetUTCDay):
      (JSC::dateProtoFuncGetHours):
      (JSC::dateProtoFuncGetUTCHours):
      (JSC::dateProtoFuncGetMinutes):
      (JSC::dateProtoFuncGetUTCMinutes):
      (JSC::dateProtoFuncGetSeconds):
      (JSC::dateProtoFuncGetUTCSeconds):
      (JSC::dateProtoFuncGetMilliSeconds):
      (JSC::dateProtoFuncGetUTCMilliseconds):
      (JSC::dateProtoFuncGetTimezoneOffset):
      (JSC::dateProtoFuncSetTime):
      (JSC::setNewValueFromTimeArgs):
      (JSC::setNewValueFromDateArgs):
      (JSC::dateProtoFuncSetYear):
      (JSC::dateProtoFuncGetYear):
      * runtime/DatePrototype.h:
      (JSC::DatePrototype::createStructure):
      * runtime/Error.h:
      (JSC::StrictModeTypeErrorFunction::createStructure):
      * runtime/ErrorConstructor.h:
      (JSC::ErrorConstructor::createStructure):
      * runtime/ErrorInstance.cpp:
      (JSC::ErrorInstance::finishCreation):
      * runtime/ErrorInstance.h:
      (JSC::ErrorInstance::createStructure):
      * runtime/ErrorPrototype.cpp:
      (JSC::ErrorPrototype::finishCreation):
      * runtime/ErrorPrototype.h:
      (JSC::ErrorPrototype::createStructure):
      * runtime/ExceptionHelpers.cpp:
      (JSC::isTerminatedExecutionException):
      * runtime/ExceptionHelpers.h:
      (JSC::TerminatedExecutionError::createStructure):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      (JSC::ExecutableBase::hashFor):
      * runtime/Executable.h:
      (JSC::ExecutableBase::createStructure):
      (JSC::NativeExecutable::createStructure):
      (JSC::EvalExecutable::createStructure):
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::compileFor):
      (JSC::FunctionExecutable::compileOptimizedFor):
      (JSC::FunctionExecutable::createStructure):
      * runtime/FunctionConstructor.h:
      (JSC::FunctionConstructor::createStructure):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncToString):
      (JSC::functionProtoFuncApply):
      (JSC::functionProtoFuncBind):
      * runtime/FunctionPrototype.h:
      (JSC::FunctionPrototype::createStructure):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::createStructure):
      * runtime/InternalFunction.cpp:
      (JSC::InternalFunction::finishCreation):
      * runtime/InternalFunction.h:
      (JSC::InternalFunction::createStructure):
      (JSC::asInternalFunction):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::argumentsGetter):
      * runtime/JSActivation.h:
      (JSC::JSActivation::createStructure):
      (JSC::asActivation):
      * runtime/JSArray.h:
      (JSC::JSArray::createStructure):
      (JSC::asArray):
      (JSC::isJSArray):
      * runtime/JSBoundFunction.cpp:
      (JSC::JSBoundFunction::finishCreation):
      (JSC::JSBoundFunction::visitChildren):
      * runtime/JSBoundFunction.h:
      (JSC::JSBoundFunction::createStructure):
      * runtime/JSCJSValue.cpp:
      (JSC::JSValue::dumpInContext):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::isFunction):
      * runtime/JSCell.h:
      (JSC::jsCast):
      (JSC::jsDynamicCast):
      * runtime/JSCellInlines.h:
      (JSC::allocateCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::finishCreation):
      (JSC::JSFunction::visitChildren):
      (JSC::skipOverBoundFunctions):
      (JSC::JSFunction::callerGetter):
      * runtime/JSFunction.h:
      (JSC::JSFunction::createStructure):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      (JSC::slowValidateCell):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::createStructure):
      * runtime/JSNameScope.cpp:
      (JSC::JSNameScope::visitChildren):
      * runtime/JSNameScope.h:
      (JSC::JSNameScope::createStructure):
      * runtime/JSNotAnObject.h:
      (JSC::JSNotAnObject::createStructure):
      * runtime/JSONObject.cpp:
      (JSC::JSONObject::finishCreation):
      (JSC::unwrapBoxedPrimitive):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::appendStringifiedValue):
      (JSC::Stringifier::Holder::Holder):
      (JSC::Walker::walk):
      (JSC::JSONProtoFuncStringify):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::getCallableObjectSlow):
      (JSC::JSObject::visitChildren):
      (JSC::JSObject::copyBackingStore):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::ensureInt32Slow):
      (JSC::JSObject::ensureDoubleSlow):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::finishCreation):
      (JSC::JSObject::createStructure):
      (JSC::JSNonFinalObject::createStructure):
      (JSC::JSFinalObject::createStructure):
      (JSC::isJSFinalObject):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      (JSC::JSPropertyNameIterator::createStructure):
      * runtime/JSProxy.cpp:
      (JSC::JSProxy::visitChildren):
      * runtime/JSProxy.h:
      (JSC::JSProxy::createStructure):
      * runtime/JSScope.cpp:
      (JSC::JSScope::visitChildren):
      * runtime/JSSegmentedVariableObject.cpp:
      (JSC::JSSegmentedVariableObject::visitChildren):
      * runtime/JSString.h:
      (JSC::JSString::createStructure):
      (JSC::isJSString):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::visitChildren):
      * runtime/JSVariableObject.h:
      * runtime/JSWithScope.cpp:
      (JSC::JSWithScope::visitChildren):
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::createStructure):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/JSWrapperObject.h:
      (JSC::JSWrapperObject::createStructure):
      * runtime/MathObject.cpp:
      (JSC::MathObject::finishCreation):
      * runtime/MathObject.h:
      (JSC::MathObject::createStructure):
      * runtime/NameConstructor.h:
      (JSC::NameConstructor::createStructure):
      * runtime/NameInstance.h:
      (JSC::NameInstance::createStructure):
      (JSC::NameInstance::finishCreation):
      * runtime/NamePrototype.cpp:
      (JSC::NamePrototype::finishCreation):
      (JSC::privateNameProtoFuncToString):
      * runtime/NamePrototype.h:
      (JSC::NamePrototype::createStructure):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/NativeErrorConstructor.h:
      (JSC::NativeErrorConstructor::createStructure):
      (JSC::NativeErrorConstructor::finishCreation):
      * runtime/NumberConstructor.cpp:
      (JSC::NumberConstructor::finishCreation):
      * runtime/NumberConstructor.h:
      (JSC::NumberConstructor::createStructure):
      * runtime/NumberObject.cpp:
      (JSC::NumberObject::finishCreation):
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/NumberPrototype.cpp:
      (JSC::NumberPrototype::finishCreation):
      * runtime/NumberPrototype.h:
      (JSC::NumberPrototype::createStructure):
      * runtime/ObjectConstructor.h:
      (JSC::ObjectConstructor::createStructure):
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::finishCreation):
      * runtime/ObjectPrototype.h:
      (JSC::ObjectPrototype::createStructure):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyTable::createStructure):
      * runtime/PropertyTable.cpp:
      (JSC::PropertyTable::visitChildren):
      * runtime/RegExp.h:
      (JSC::RegExp::createStructure):
      * runtime/RegExpConstructor.cpp:
      (JSC::RegExpConstructor::finishCreation):
      (JSC::RegExpConstructor::visitChildren):
      (JSC::constructRegExp):
      * runtime/RegExpConstructor.h:
      (JSC::RegExpConstructor::createStructure):
      (JSC::asRegExpConstructor):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::visitChildren):
      * runtime/RegExpMatchesArray.h:
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::finishCreation):
      (JSC::RegExpObject::visitChildren):
      * runtime/RegExpObject.h:
      (JSC::RegExpObject::createStructure):
      (JSC::asRegExpObject):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncTest):
      (JSC::regExpProtoFuncExec):
      (JSC::regExpProtoFuncCompile):
      (JSC::regExpProtoFuncToString):
      * runtime/RegExpPrototype.h:
      (JSC::RegExpPrototype::createStructure):
      * runtime/SparseArrayValueMap.cpp:
      (JSC::SparseArrayValueMap::createStructure):
      * runtime/SparseArrayValueMap.h:
      * runtime/StrictEvalActivation.h:
      (JSC::StrictEvalActivation::createStructure):
      * runtime/StringConstructor.h:
      (JSC::StringConstructor::createStructure):
      * runtime/StringObject.cpp:
      (JSC::StringObject::finishCreation):
      * runtime/StringObject.h:
      (JSC::StringObject::createStructure):
      (JSC::asStringObject):
      * runtime/StringPrototype.cpp:
      (JSC::StringPrototype::finishCreation):
      (JSC::stringProtoFuncReplace):
      (JSC::stringProtoFuncToString):
      (JSC::stringProtoFuncMatch):
      (JSC::stringProtoFuncSearch):
      (JSC::stringProtoFuncSplit):
      * runtime/StringPrototype.h:
      (JSC::StringPrototype::createStructure):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::get):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::typeInfo):
      (JSC::Structure::previousID):
      (JSC::Structure::outOfLineSize):
      (JSC::Structure::totalStorageCapacity):
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      (JSC::StructureChain::createStructure):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      * runtime/StructureRareData.cpp:
      (JSC::StructureRareData::createStructure):
      (JSC::StructureRareData::visitChildren):
      * runtime/StructureRareData.h:
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::createStructure):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::StackPreservingRecompiler::operator()):
      (JSC::VM::releaseExecutableMemory):
      * runtime/WriteBarrier.h:
      (JSC::validateCell):
      * testRegExp.cpp:
      (GlobalObject::createStructure):
      
      Source/WebCore: 
      
      No new tests because no new behavior.
      
      * bindings/js/IDBBindingUtilities.cpp:
      (WebCore::createIDBKeyFromValue):
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioTrackCustom.cpp:
      (WebCore::JSAudioTrack::visitChildren):
      * bindings/js/JSAudioTrackListCustom.cpp:
      (WebCore::JSAudioTrackList::visitChildren):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      (WebCore::JSCSSStyleDeclaration::getOwnPropertyNames):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::toHTMLCanvasStyle):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::valueToDate):
      * bindings/js/JSDOMBinding.h:
      (WebCore::DOMConstructorObject::createStructure):
      (WebCore::getDOMStructure):
      (WebCore::toRefPtrNativeArray):
      (WebCore::getStaticValueSlotEntryWithoutCaching):
      * bindings/js/JSDOMFormDataCustom.cpp:
      (WebCore::toHTMLFormElement):
      (WebCore::JSDOMFormData::append):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::finishCreation):
      (WebCore::JSDOMGlobalObject::scriptExecutionContext):
      (WebCore::JSDOMGlobalObject::visitChildren):
      * bindings/js/JSDOMGlobalObject.h:
      (WebCore::JSDOMGlobalObject::info):
      (WebCore::JSDOMGlobalObject::createStructure):
      (WebCore::getDOMConstructor):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::finishCreation):
      (WebCore::toJSDOMWindow):
      * bindings/js/JSDOMWindowBase.h:
      (WebCore::JSDOMWindowBase::createStructure):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
      (WebCore::toDOMWindow):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::finishCreation):
      * bindings/js/JSDOMWindowShell.h:
      (WebCore::JSDOMWindowShell::createStructure):
      * bindings/js/JSEventTargetCustom.cpp:
      (WebCore::toEventTarget):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::getOwnPropertySlotDelegate):
      (WebCore::JSHistory::getOwnPropertyDescriptorDelegate):
      * bindings/js/JSImageConstructor.cpp:
      (WebCore::JSImageConstructor::finishCreation):
      * bindings/js/JSImageConstructor.h:
      (WebCore::JSImageConstructor::createStructure):
      * bindings/js/JSInjectedScriptHostCustom.cpp:
      (WebCore::JSInjectedScriptHost::isHTMLAllCollection):
      (WebCore::JSInjectedScriptHost::type):
      (WebCore::JSInjectedScriptHost::functionDetails):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::getOwnPropertySlotDelegate):
      (WebCore::JSLocation::getOwnPropertyDescriptorDelegate):
      (WebCore::JSLocation::putDelegate):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::pushEventHandlerScope):
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      (WebCore::toNodeFilter):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSPluginElementFunctions.h:
      (WebCore::pluginElementCustomGetOwnPropertySlot):
      (WebCore::pluginElementCustomGetOwnPropertyDescriptor):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTextTrackCueCustom.cpp:
      (WebCore::JSTextTrackCue::visitChildren):
      * bindings/js/JSTextTrackCustom.cpp:
      (WebCore::JSTextTrack::visitChildren):
      * bindings/js/JSTextTrackListCustom.cpp:
      (WebCore::JSTextTrackList::visitChildren):
      * bindings/js/JSTrackCustom.cpp:
      (WebCore::toTrack):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSVideoTrackCustom.cpp:
      (WebCore::JSVideoTrack::visitChildren):
      * bindings/js/JSVideoTrackListCustom.cpp:
      (WebCore::JSVideoTrackList::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      (WebCore::JSWebGLRenderingContext::getAttachedShaders):
      (WebCore::JSWebGLRenderingContext::getProgramParameter):
      (WebCore::JSWebGLRenderingContext::getShaderParameter):
      (WebCore::JSWebGLRenderingContext::getUniform):
      (WebCore::dataFunctionf):
      (WebCore::dataFunctioni):
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSWorkerGlobalScopeBase.cpp:
      (WebCore::JSWorkerGlobalScopeBase::finishCreation):
      (WebCore::toJSDedicatedWorkerGlobalScope):
      (WebCore::toJSSharedWorkerGlobalScope):
      * bindings/js/JSWorkerGlobalScopeBase.h:
      (WebCore::JSWorkerGlobalScopeBase::createStructure):
      * bindings/js/JSWorkerGlobalScopeCustom.cpp:
      (WebCore::JSWorkerGlobalScope::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      (WebCore::JSXMLHttpRequest::send):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::dispatchDidPause):
      * bindings/js/ScriptState.cpp:
      (WebCore::domWindowFromScriptState):
      (WebCore::scriptExecutionContextFromScriptState):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::isArray):
      (WebCore::CloneSerializer::dumpArrayBufferView):
      (WebCore::CloneSerializer::dumpIfTerminal):
      (WebCore::CloneSerializer::serialize):
      (WebCore::CloneDeserializer::CloneDeserializer):
      (WebCore::CloneDeserializer::readArrayBufferView):
      * bindings/objc/DOM.mm:
      (+[DOMNode _nodeFromJSWrapper:]):
      * bindings/objc/DOMUtility.mm:
      (JSC::createDOMWrapper):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:JSC::originRootObject:rootObject:]):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateGetOwnPropertySlotBody):
      (GenerateGetOwnPropertyDescriptorBody):
      (GenerateHeader):
      (GenerateParametersCheckExpression):
      (GenerateImplementation):
      (GenerateParametersCheck):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bindings/scripts/test/JS/JSFloat64Array.cpp:
      (WebCore::JSFloat64ArrayConstructor::finishCreation):
      (WebCore::JSFloat64Array::finishCreation):
      (WebCore::JSFloat64Array::getOwnPropertySlot):
      (WebCore::JSFloat64Array::getOwnPropertyDescriptor):
      (WebCore::JSFloat64Array::getOwnPropertySlotByIndex):
      (WebCore::JSFloat64Array::put):
      (WebCore::JSFloat64Array::putByIndex):
      (WebCore::JSFloat64Array::getOwnPropertyNames):
      (WebCore::jsFloat64ArrayPrototypeFunctionFoo):
      (WebCore::jsFloat64ArrayPrototypeFunctionSet):
      (WebCore::JSFloat64Array::getByIndex):
      (WebCore::toFloat64Array):
      * bindings/scripts/test/JS/JSFloat64Array.h:
      (WebCore::JSFloat64Array::createStructure):
      (WebCore::JSFloat64ArrayPrototype::createStructure):
      (WebCore::JSFloat64ArrayConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
      (WebCore::JSTestActiveDOMObjectConstructor::finishCreation):
      (WebCore::JSTestActiveDOMObject::finishCreation):
      (WebCore::JSTestActiveDOMObject::getOwnPropertySlot):
      (WebCore::JSTestActiveDOMObject::getOwnPropertyDescriptor):
      (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):
      (WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage):
      (WebCore::toTestActiveDOMObject):
      * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
      (WebCore::JSTestActiveDOMObject::createStructure):
      (WebCore::JSTestActiveDOMObjectPrototype::createStructure):
      (WebCore::JSTestActiveDOMObjectConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
      (WebCore::JSTestCustomNamedGetterConstructor::finishCreation):
      (WebCore::JSTestCustomNamedGetter::finishCreation):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertySlot):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertyDescriptor):
      (WebCore::JSTestCustomNamedGetter::getOwnPropertySlotByIndex):
      (WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction):
      (WebCore::toTestCustomNamedGetter):
      * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
      (WebCore::JSTestCustomNamedGetter::createStructure):
      (WebCore::JSTestCustomNamedGetterPrototype::createStructure):
      (WebCore::JSTestCustomNamedGetterConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
      (WebCore::JSTestEventConstructorConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::finishCreation):
      (WebCore::JSTestEventConstructor::getOwnPropertySlot):
      (WebCore::JSTestEventConstructor::getOwnPropertyDescriptor):
      (WebCore::toTestEventConstructor):
      * bindings/scripts/test/JS/JSTestEventConstructor.h:
      (WebCore::JSTestEventConstructor::createStructure):
      (WebCore::JSTestEventConstructorPrototype::createStructure):
      (WebCore::JSTestEventConstructorConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestEventTarget.cpp:
      (WebCore::JSTestEventTargetConstructor::finishCreation):
      (WebCore::JSTestEventTarget::finishCreation):
      (WebCore::JSTestEventTarget::getOwnPropertySlot):
      (WebCore::JSTestEventTarget::getOwnPropertyDescriptor):
      (WebCore::JSTestEventTarget::getOwnPropertySlotByIndex):
      (WebCore::JSTestEventTarget::getOwnPropertyNames):
      (WebCore::jsTestEventTargetPrototypeFunctionItem):
      (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
      (WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
      (WebCore::JSTestEventTarget::visitChildren):
      (WebCore::JSTestEventTarget::indexGetter):
      (WebCore::toTestEventTarget):
      * bindings/scripts/test/JS/JSTestEventTarget.h:
      (WebCore::JSTestEventTarget::createStructure):
      (WebCore::JSTestEventTargetPrototype::createStructure):
      (WebCore::JSTestEventTargetConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestException.cpp:
      (WebCore::JSTestExceptionConstructor::finishCreation):
      (WebCore::JSTestException::finishCreation):
      (WebCore::JSTestException::getOwnPropertySlot):
      (WebCore::JSTestException::getOwnPropertyDescriptor):
      (WebCore::toTestException):
      * bindings/scripts/test/JS/JSTestException.h:
      (WebCore::JSTestException::createStructure):
      (WebCore::JSTestExceptionPrototype::createStructure):
      (WebCore::JSTestExceptionConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestInterface.cpp:
      (WebCore::JSTestInterfaceConstructor::finishCreation):
      (WebCore::JSTestInterface::finishCreation):
      (WebCore::JSTestInterface::getOwnPropertySlot):
      (WebCore::JSTestInterface::getOwnPropertyDescriptor):
      (WebCore::JSTestInterface::put):
      (WebCore::JSTestInterface::putByIndex):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod1):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod2):
      (WebCore::jsTestInterfacePrototypeFunctionImplementsMethod3):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
      (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod3):
      (WebCore::toTestInterface):
      * bindings/scripts/test/JS/JSTestInterface.h:
      (WebCore::JSTestInterface::createStructure):
      (WebCore::JSTestInterfacePrototype::createStructure):
      (WebCore::JSTestInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
      (WebCore::JSTestMediaQueryListListenerConstructor::finishCreation):
      (WebCore::JSTestMediaQueryListListener::finishCreation):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertySlot):
      (WebCore::JSTestMediaQueryListListener::getOwnPropertyDescriptor):
      (WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
      (WebCore::toTestMediaQueryListListener):
      * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
      (WebCore::JSTestMediaQueryListListener::createStructure):
      (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
      (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
      (WebCore::JSTestNamedConstructorConstructor::finishCreation):
      (WebCore::JSTestNamedConstructorNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::finishCreation):
      (WebCore::JSTestNamedConstructor::getOwnPropertySlot):
      (WebCore::JSTestNamedConstructor::getOwnPropertyDescriptor):
      (WebCore::toTestNamedConstructor):
      * bindings/scripts/test/JS/JSTestNamedConstructor.h:
      (WebCore::JSTestNamedConstructor::createStructure):
      (WebCore::JSTestNamedConstructorPrototype::createStructure):
      (WebCore::JSTestNamedConstructorConstructor::createStructure):
      (WebCore::JSTestNamedConstructorNamedConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestNode.cpp:
      (WebCore::JSTestNodeConstructor::finishCreation):
      (WebCore::JSTestNode::finishCreation):
      (WebCore::JSTestNode::getOwnPropertySlot):
      (WebCore::JSTestNode::getOwnPropertyDescriptor):
      (WebCore::JSTestNode::visitChildren):
      * bindings/scripts/test/JS/JSTestNode.h:
      (WebCore::JSTestNode::createStructure):
      (WebCore::JSTestNodePrototype::createStructure):
      (WebCore::JSTestNodeConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestObj.cpp:
      (WebCore::JSTestObjConstructor::finishCreation):
      (WebCore::JSTestObj::finishCreation):
      (WebCore::JSTestObj::getOwnPropertySlot):
      (WebCore::JSTestObj::getOwnPropertyDescriptor):
      (WebCore::JSTestObj::put):
      (WebCore::jsTestObjPrototypeFunctionVoidMethod):
      (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionByteMethod):
      (WebCore::jsTestObjPrototypeFunctionByteMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionOctetMethod):
      (WebCore::jsTestObjPrototypeFunctionOctetMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionLongMethod):
      (WebCore::jsTestObjPrototypeFunctionLongMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionObjMethod):
      (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg):
      (WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
      (WebCore::jsTestObjPrototypeFunctionMethodWithEnumArg):
      (WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
      (WebCore::jsTestObjPrototypeFunctionSerializedValue):
      (WebCore::jsTestObjPrototypeFunctionOptionsObject):
      (WebCore::jsTestObjPrototypeFunctionMethodWithException):
      (WebCore::jsTestObjPrototypeFunctionCustomMethod):
      (WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
      (WebCore::jsTestObjPrototypeFunctionAddEventListener):
      (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoid):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContext):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptState):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateObjException):
      (WebCore::jsTestObjPrototypeFunctionWithScriptExecutionContextAndScriptStateWithSpaces):
      (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalString):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsUndefined):
      (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNullString):
      (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
      (WebCore::jsTestObjPrototypeFunctionMethodWithCallbackAndOptionalArg):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod1):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod2):
      (WebCore::jsTestObjPrototypeFunctionConditionalMethod3):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
      (WebCore::jsTestObjPrototypeFunctionOverloadedMethod):
      (WebCore::jsTestObjPrototypeFunctionClassMethodWithClamp):
      (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
      (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
      (WebCore::jsTestObjPrototypeFunctionDomStringListFunction):
      (WebCore::jsTestObjPrototypeFunctionGetSVGDocument):
      (WebCore::jsTestObjPrototypeFunctionConvert1):
      (WebCore::jsTestObjPrototypeFunctionConvert2):
      (WebCore::jsTestObjPrototypeFunctionConvert4):
      (WebCore::jsTestObjPrototypeFunctionConvert5):
      (WebCore::jsTestObjPrototypeFunctionMutablePointFunction):
      (WebCore::jsTestObjPrototypeFunctionImmutablePointFunction):
      (WebCore::jsTestObjPrototypeFunctionOrange):
      (WebCore::jsTestObjPrototypeFunctionStrictFunction):
      (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
      (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
      (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
      (WebCore::JSTestObj::visitChildren):
      (WebCore::toTestObj):
      * bindings/scripts/test/JS/JSTestObj.h:
      (WebCore::JSTestObj::createStructure):
      (WebCore::JSTestObjPrototype::createStructure):
      (WebCore::JSTestObjConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
      (WebCore::JSTestOverloadedConstructorsConstructor::constructJSTestOverloadedConstructors):
      (WebCore::JSTestOverloadedConstructorsConstructor::finishCreation):
      (WebCore::JSTestOverloadedConstructors::finishCreation):
      (WebCore::JSTestOverloadedConstructors::getOwnPropertySlot):
      (WebCore::JSTestOverloadedConstructors::getOwnPropertyDescriptor):
      (WebCore::toTestOverloadedConstructors):
      * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
      (WebCore::JSTestOverloadedConstructors::createStructure):
      (WebCore::JSTestOverloadedConstructorsPrototype::createStructure):
      (WebCore::JSTestOverloadedConstructorsConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::finishCreation):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertySlot):
      (WebCore::JSTestSerializedScriptValueInterface::getOwnPropertyDescriptor):
      (WebCore::JSTestSerializedScriptValueInterface::put):
      (WebCore::JSTestSerializedScriptValueInterface::visitChildren):
      (WebCore::toTestSerializedScriptValueInterface):
      * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
      (WebCore::JSTestSerializedScriptValueInterface::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
      (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
      * bindings/scripts/test/JS/JSTestTypedefs.cpp:
      (WebCore::JSTestTypedefsConstructor::finishCreation):
      (WebCore::JSTestTypedefs::finishCreation):
      (WebCore::JSTestTypedefs::getOwnPropertySlot):
      (WebCore::JSTestTypedefs::getOwnPropertyDescriptor):
      (WebCore::JSTestTypedefs::put):
      (WebCore::jsTestTypedefsPrototypeFunctionFunc):
      (WebCore::jsTestTypedefsPrototypeFunctionSetShadow):
      (WebCore::jsTestTypedefsPrototypeFunctionMethodWithSequenceArg):
      (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
      (WebCore::jsTestTypedefsPrototypeFunctionFuncWithClamp):
      (WebCore::jsTestTypedefsPrototypeFunctionImmutablePointFunction):
      (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
      (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
      (WebCore::jsTestTypedefsPrototypeFunctionMethodWithException):
      (WebCore::toTestTypedefs):
      * bindings/scripts/test/JS/JSTestTypedefs.h:
      (WebCore::JSTestTypedefs::createStructure):
      (WebCore::JSTestTypedefsPrototype::createStructure):
      (WebCore::JSTestTypedefsConstructor::createStructure):
      * bridge/c/CRuntimeObject.cpp:
      (JSC::Bindings::CRuntimeObject::finishCreation):
      * bridge/c/CRuntimeObject.h:
      (JSC::Bindings::CRuntimeObject::createStructure):
      * bridge/c/c_instance.cpp:
      (JSC::Bindings::CRuntimeMethod::createStructure):
      (JSC::Bindings::CRuntimeMethod::finishCreation):
      (JSC::Bindings::CInstance::invokeMethod):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/objc/ObjCRuntimeObject.h:
      (JSC::Bindings::ObjCRuntimeObject::createStructure):
      * bridge/objc/objc_instance.mm:
      (ObjCRuntimeMethod::finishCreation):
      (ObjcInstance::invokeMethod):
      * bridge/objc/objc_runtime.h:
      (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
      (JSC::Bindings::callObjCFallbackObject):
      * bridge/qt/qt_instance.cpp:
      (JSC::Bindings::QtRuntimeObject::createStructure):
      (JSC::Bindings::QtInstance::getInstance):
      * bridge/qt/qt_pixmapruntime.cpp:
      (JSC::Bindings::assignToHTMLImageElement):
      (JSC::Bindings::QtPixmapRuntime::toQt):
      * bridge/qt/qt_runtime.cpp:
      (JSC::Bindings::isJSUint8Array):
      (JSC::Bindings::isJSArray):
      (JSC::Bindings::isJSDate):
      (JSC::Bindings::isQtObject):
      (JSC::Bindings::unwrapBoxedPrimitive):
      (JSC::Bindings::convertQVariantToValue):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::finishCreation):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::finishCreation):
      (JSC::callRuntimeMethod):
      * bridge/runtime_method.h:
      (JSC::RuntimeMethod::createStructure):
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::finishCreation):
      (JSC::Bindings::callRuntimeObject):
      (JSC::Bindings::callRuntimeConstructor):
      * bridge/runtime_object.h:
      (JSC::Bindings::RuntimeObject::createStructure):
      
      Source/WebKit/mac: 
      
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::getObjectID):
      (WebKit::NetscapePluginInstanceProxy::retainLocalObject):
      (WebKit::NetscapePluginInstanceProxy::releaseLocalObject):
      * Plugins/Hosted/ProxyInstance.mm:
      (WebKit::ProxyRuntimeMethod::finishCreation):
      (WebKit::ProxyInstance::invokeMethod):
      * Plugins/Hosted/ProxyRuntimeObject.h:
      (WebKit::ProxyRuntimeObject::createStructure):
      * WebView/WebView.mm:
      (aeDescFromJSValue):
      
      Source/WebKit/qt: 
      
      * Api/qwebelement.cpp:
      (convertJSValueToWebElementVariant):
      * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
      (convertJSValueToNodeVariant):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      10ae2d0d
  4. 31 Jul, 2013 1 commit
    • barraclough@apple.com's avatar
      Some cleanup in JSValue::get · ab7b6096
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=119343
      
      Reviewed by Geoff Garen.
      
      Source/JavaScriptCore: 
      
      JSValue::get is implemented to:
          1) Check if the value is a cell – if not, synthesize a prototype to search,
          2) call getOwnPropertySlot on the cell,
          3) if this returns false, cast to JSObject to get the prototype, and walk the prototype chain.
      By all rights this should crash when passed a string and accessing a property that does not exist, because
      the string is a cell, getOwnPropertySlot should return false, and the cast to JSObject should be unsafe.
      To work around this, JSString::getOwnPropertySlot actually implements 'get' functionality - searching the
      prototype chain, and faking out a return value of undefined if no property is found.
      
      This is a huge hazard, since fixing JSString::getOwnPropertySlot or calling getOwnPropertySlot on cells
      from elsewhere would introduce bugs. Fortunately it is only ever called in this one place.
      
      The fix here is to move getOwnPropertySlot onto JSObjecte and end this madness - cells don't have property
      slots anyway.
      
      Interesting changes are in JSCJSValueInlines.h, JSString.cpp - the rest is pretty much all JSCell -> JSObject.
      
      Source/WebCore: 
      
      * WebCore.exp.in:
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDeclaration):
      (GenerateConstructorHelperMethods):
      * bridge/objc/objc_runtime.h:
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::ObjcFallbackObjectImp::getOwnPropertySlot):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::getOwnPropertySlot):
      (JSC::RuntimeArray::getOwnPropertySlotByIndex):
      * bridge/runtime_array.h:
      * bridge/runtime_method.cpp:
      (JSC::RuntimeMethod::getOwnPropertySlot):
      * bridge/runtime_method.h:
      * bridge/runtime_object.cpp:
      (JSC::Bindings::RuntimeObject::getOwnPropertySlot):
      * bridge/runtime_object.h:
          - getOwnPropertySlot, JSCell -> JSObject
      
      Source/WebKit2: 
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::getOwnPropertySlot):
      * WebProcess/Plugins/Netscape/JSNPObject.h:
          - getOwnPropertySlot, JSCell -> JSObject
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153532 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ab7b6096
  5. 25 Jul, 2013 2 commits
    • oliver@apple.com's avatar
      fourthTier: Add CFG simplification for Switch · 6ce44688
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=117677
      
      Source/JavaScriptCore:
      
      Reviewed by Mark Hahnenberg.
      
      This is for completeness. It only speeds up a microbenchmark at this point.
      Broadly, we want all control constructs to be known to the CFG simplifier.
      
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::convertToJump):
      (CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::noBlocks):
      (JSC::DFG::CFGSimplificationPhase::oneBlock):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * runtime/JSCJSValue.h:
      (JSValue):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::pureStrictEqual):
      (JSC):
      
      Source/WTF:
      
      Reviewed by Mark Hahnenberg.
      
      * wtf/TriState.h:
      * wtf/text/StringImpl.h:
      
      LayoutTests:
      
      Reviewed by Mark Hahnenberg.
      
      * fast/js/regress/script-tests/switch-constant.js: Added.
      (foo):
      (bar):
      * fast/js/regress/script-tests/switch.js: Added.
      (foo):
      (bar):
      * fast/js/regress/switch-constant-expected.txt: Added.
      * fast/js/regress/switch-constant.html: Added.
      * fast/js/regress/switch-expected.txt: Added.
      * fast/js/regress/switch.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153229 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6ce44688
    • oliver@apple.com's avatar
      fourthTier: Rationalized 'this' conversion, includes subsequent FTL branch fixes · e2fe4ceb
      oliver@apple.com authored
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
          This fixes a bunch of Sputnik tests, and some bad pointer access.
      
          The new model is that the callee always performs 'this' value conversion.
      
          My ultimate goal is to break up resolve_with_this into single-result
          opcodes. This step avoids having to add a special form of convert_this
          that distinguishes callers vs callees.
      
          Only the callee knows whether it uses 'this' and/or whether 'this'
          conversion should use StrictMode, so it's most natural to perform
          convert_this in the callee.
      
          * API/JSCallbackFunction.cpp:
          (JSC::JSCallbackFunction::call): Perform 'this' value conversion for
          our callee, since it may observe 'this'.
      
          * API/JSCallbackObjectFunctions.h:
          (JSC::::call): Ditto.
      
          * API/JSContextRef.cpp:
          (JSGlobalContextCreateInGroup): Use a proxy 'this' object in global scope
          even when we're not in the browser. This eliminates some odd cases where
          API clients used to be able to get a direct reference to an environment
          record. Now, any reference to an environment record unambiguously means
          that the VM resolved that record in the scope chain.
      
          (JSContextGetGlobalObject): Removed an incorrect comment. Now that JSC
          participates in the proxy 'this' object scheme, the behavior is not
          WebCore-only.
      
          * API/JSObjectRef.cpp:
          (JSObjectSetPrototype):
          (JSObjectCallAsFunction): Don't perform 'this' value conversion in the
          caller; the callee will do it if needed.
      
          * JavaScriptCore.order: Order!
      
          * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
          * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
          What are the chances that this will work?
      
          * bytecode/CodeBlock.cpp:
          (JSC::CodeBlock::dumpBytecode):
          (JSC::CodeBlock::CodeBlock): Renamed convert_this to to_this, to match our
          other conversion opcodes.
      
          * bytecode/CodeOrigin.h:
          (CodeOrigin):
          (InlineCallFrame):
          (JSC::CodeOrigin::codeOriginOwner): Use the more precise type for our
          executable, so compilation can discover where we're in strict mode.
      
          * bytecode/Opcode.h:
          (JSC::padOpcodeName): Updated for rename.
      
          * bytecompiler/BytecodeGenerator.cpp:
          (JSC::BytecodeGenerator::BytecodeGenerator): Always emit to_this when
          'this' is in use -- strict mode still needs to convert environment
          records to 'undefined'.
      
          * dfg/DFGAbstractState.cpp:
          (JSC::DFG::AbstractState::executeEffects):
          * dfg/DFGByteCodeParser.cpp:
          (JSC::DFG::ByteCodeParser::parseBlock):
          * dfg/DFGCapabilities.h:
          (JSC::DFG::canCompileOpcode): Updated for renames.
      
          * dfg/DFGFixupPhase.cpp:
          (JSC::DFG::FixupPhase::fixupNode): Tightened up this code to consider
          strict mode (a new requirement) and to consider the global object (which
          was always a requirement).
      
          * dfg/DFGGraph.h:
          (JSC::DFG::Graph::globalThisObjectFor):
          (JSC::DFG::Graph::executableFor):
          * dfg/DFGNodeType.h:
          * dfg/DFGOperations.cpp:
          * dfg/DFGOperations.h:
          * dfg/DFGPredictionPropagationPhase.cpp:
          (JSC::DFG::PredictionPropagationPhase::propagate):
          * dfg/DFGSpeculativeJIT32_64.cpp:
          (JSC::DFG::SpeculativeJIT::compile):
          * dfg/DFGSpeculativeJIT64.cpp:
          (JSC::DFG::SpeculativeJIT::compile): Ditto.
      
          * interpreter/Interpreter.cpp:
          (JSC::eval):
          (JSC::Interpreter::execute):
          (JSC::Interpreter::executeCall):
          * interpreter/Interpreter.h: Don't ASSERT about 'this' -- it's our job
          to fix it up if needed.
      
          * jit/JIT.cpp:
          (JSC::JIT::privateCompileMainPass):
          (JSC::JIT::privateCompileSlowCases):
          * jit/JIT.h:
          (JIT):
          * jit/JITOpcodes.cpp:
          (JSC::JIT::emit_op_to_this):
          (JSC::JIT::emitSlow_op_to_this):
          * jit/JITOpcodes32_64.cpp:
          (JSC::JIT::emit_op_to_this):
          (JSC::JIT::emitSlow_op_to_this):
          * jit/JITStubs.cpp:
          (JSC::DEFINE_STUB_FUNCTION):
          * jit/JITStubs.h: Removed special-case code for various kinds of
          conversions. The baseline fast path is now final objects only. It hurt
          my brain to think through how to keep the other fast paths working, and
          our benchmarks do not object.
      
          * llint/LLIntData.cpp:
          (JSC::LLInt::Data::performAssertions):
          * llint/LLIntSlowPaths.cpp:
          (JSC::LLInt::LLINT_SLOW_PATH_DECL):
          * llint/LLIntSlowPaths.h:
          (LLInt):
          * llint/LowLevelInterpreter.asm:
          * llint/LowLevelInterpreter32_64.asm:
          * llint/LowLevelInterpreter64.asm: Updated for renames. Removed some
          special case code, as in the JIT above.
      
          * profiler/ProfileGenerator.cpp:
          (JSC::ProfileGenerator::addParentForConsoleStart):
          * runtime/CallData.cpp:
          (JSC::call):
          * runtime/ClassInfo.h:
          (MethodTable):
          * runtime/Completion.cpp:
          (JSC::evaluate):
          * runtime/DatePrototype.cpp:
          (JSC::dateProtoFuncToJSON): The callee performs 'this' conversion, not
          the caller.
      
          * runtime/GetterSetter.cpp:
          (JSC::callGetter):
          (JSC::callSetter):
          * runtime/GetterSetter.h: Added helper functions for invoking getters
          and setters from C++ code, since this was duplicated in a bunch of
          places.
      
          * runtime/JSActivation.cpp:
          (JSC::JSActivation::toThis):
          * runtime/JSActivation.h:
          (JSActivation):
          * runtime/JSCJSValue.cpp:
          (JSC::JSValue::toThisSlowCase):
          (JSC::JSValue::putToPrimitive):
          * runtime/JSCJSValue.h:
          (JSValue):
          * runtime/JSCJSValueInlines.h:
          (JSC::JSValue::toThis):
          * runtime/JSCell.cpp:
          (JSC::JSCell::toThis):
          * runtime/JSCell.h:
          (JSCell):
          * runtime/JSGlobalObject.cpp:
          (JSC::JSGlobalObject::toThis):
          * runtime/JSGlobalObject.h:
          (JSGlobalObject): Filled out runtime support for converting 'this'
          values as needed, according to the appropriate strictness, using
          helper functions where getter/setter code was duplicated.
      
          * runtime/JSGlobalObjectFunctions.cpp:
          (JSC::globalFuncProtoGetter):
          (JSC::globalFuncProtoSetter): Perform 'this' value conversion, since we
          observe 'this'.
      
          * runtime/JSNameScope.cpp:
          (JSC::JSNameScope::toThis):
          * runtime/JSNameScope.h:
          (JSNameScope): Same as JSActivation.
      
          * runtime/JSObject.cpp:
          (JSC::JSObject::put):
          (JSC::JSObject::setPrototypeWithCycleCheck): Bug fix. Don't peform
          'this' value conversion in this helper function. The __proto__
          setter does this for us, since it's the function that logically observes
          'this' -- and we can ASSERT so. Also, the previous code used
          "globalExec()->thisValue()", which is a read past the beginning of a
          buffer! I don't think this ever worked on purpose.
      
          (JSC::JSObject::toThis):
          (JSC::JSObject::fillGetterPropertySlot):
          * runtime/JSObject.h:
          (JSC::JSObject::inlineGetOwnPropertySlot):
          * runtime/JSScope.cpp:
          (JSC::JSScope::resolveWithThis):
          * runtime/JSString.cpp:
          (JSC::JSString::toThis):
          * runtime/JSString.h:
          (JSString):
          * runtime/PropertySlot.cpp:
          (JSC::PropertySlot::functionGetter):
          * runtime/PropertySlot.h:
          (JSC):
          (JSC::PropertySlot::setGetterSlot):
          (JSC::PropertySlot::setCacheableGetterSlot):
          * runtime/SparseArrayValueMap.cpp:
          (JSC::SparseArrayEntry::get):
          (JSC::SparseArrayEntry::put):
          * runtime/StrictEvalActivation.cpp:
          (JSC::StrictEvalActivation::toThis):
          * runtime/StrictEvalActivation.h:
          (StrictEvalActivation): Ditto.
      
      Source/WebCore:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      Source/WebKit/mac:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      Source/WebKit2:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      LayoutTests:
      
          Rationalized 'this' value conversion
          https://bugs.webkit.org/show_bug.cgi?id=115542
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153145 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e2fe4ceb
  6. 24 May, 2013 1 commit
    • fpizlo@apple.com's avatar
      We broke !(0/0) · 2cc10477
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=116736
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::createLogicalNot):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::pureToBoolean):
      
      Source/WTF: 
      
      * wtf/MathExtras.h:
      (isNotZeroAndOrdered):
      (isZeroOrUnordered):
      
      LayoutTests: 
      
      * fast/js/constant-fold-not-nan.html: Added.
      * fast/js/constant-fold-not-nan-expected.txt: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/constant-fold-not-nan.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@150659 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2cc10477
  7. 27 Apr, 2013 1 commit
  8. 26 Apr, 2013 1 commit
    • fpizlo@apple.com's avatar
      Unreviewed, roll out http://trac.webkit.org/changeset/148999 · 335ba39b
      fpizlo@apple.com authored
      It broke http://kripken.github.io/ammo.js/examples/new/ammo.html
      
      Source/JavaScriptCore: 
      
      * JavaScriptCore.order:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitNewArray):
      (JSC::BytecodeGenerator::emitThrowReferenceError):
      (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::shouldEmitProfileHooks):
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC):
      (JSC::NullNode::emitBytecode):
      (JSC::BooleanNode::emitBytecode):
      (JSC::NumberNode::emitBytecode):
      (JSC::StringNode::emitBytecode):
      (JSC::IfNode::emitBytecode):
      (JSC::IfElseNode::emitBytecode):
      * parser/ASTBuilder.h:
      (JSC::ASTBuilder::createIfStatement):
      (ASTBuilder):
      * parser/NodeConstructors.h:
      (JSC):
      (JSC::NullNode::NullNode):
      (JSC::BooleanNode::BooleanNode):
      (JSC::NumberNode::NumberNode):
      (JSC::StringNode::StringNode):
      (JSC::IfNode::IfNode):
      (JSC::IfElseNode::IfElseNode):
      * parser/Nodes.h:
      (JSC::ExpressionNode::isPure):
      (JSC::ExpressionNode::isSubtract):
      (StatementNode):
      (NullNode):
      (JSC::NullNode::isNull):
      (BooleanNode):
      (JSC::BooleanNode::isPure):
      (NumberNode):
      (JSC::NumberNode::value):
      (JSC::NumberNode::isPure):
      (StringNode):
      (JSC::StringNode::isPure):
      (JSC::StringNode::isString):
      (BinaryOpNode):
      (IfNode):
      (JSC):
      (IfElseNode):
      (ContinueNode):
      (BreakNode):
      * parser/Parser.cpp:
      (JSC::::parseIfStatement):
      * parser/ResultType.h:
      (ResultType):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::pureToBoolean):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSCellInlines.h:
      (JSC):
      
      Source/WTF: 
      
      * wtf/TriState.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@149158 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      335ba39b
  9. 23 Apr, 2013 1 commit
    • ggaren@apple.com's avatar
      Source/JavaScriptCore: Filled out more cases of branch folding in bytecode when emitting · ec40baf6
      ggaren@apple.com authored
      expressions into a branching context
      https://bugs.webkit.org/show_bug.cgi?id=115057
      
      Reviewed by Filip Pizlo.
      
      This covers a few cases like:
      
          - while (true) { }
          - while (1) { }
          - if (x) break;
          - if (x) continue;
          - if (boolean_expr == boolean_const) { }
          - if (boolean_expr == 1_or_0) { }
          - if (bitop == 1_or_0) { }
      
      This also works, but will bring shame on your family:
      
          - while ("hello world") { }
      
      No change on the benchmarks we track, but a 2.5X speedup on a microbenchmark
      that uses these techniques.
      
      * JavaScriptCore.order: Order!
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitNewArray):
      (JSC::BytecodeGenerator::emitThrowReferenceError):
      (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::shouldEmitDebugHooks): Updated ancillary code
      for interface simplifications.
      
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ConstantNode::emitBytecodeInConditionContext): Constants can
      jump unconditionally when used within a condition context.
      
      (JSC::ConstantNode::emitBytecode):
      (JSC::StringNode::jsValue): Gave constants a common base class so I
      could implement their codegen just once.
      
      (JSC::BinaryOpNode::emitBytecodeInConditionContext):
      (JSC::canFoldToBranch):
      (JSC::BinaryOpNode::tryFoldToBranch): Fold (!/=)= and (!/=)== where
      appropriate. A lot of cases are not appropriate because of the surprising
      type conversion semantics of ==. For example, if (number == true) { } is
      not the same as if (number) { } because the former will up-convert true
      to number and then do numeric comparison.
      
      (JSC::singleStatement):
      (JSC::IfElseNode::tryFoldBreakAndContinue):
      (JSC::IfElseNode::emitBytecode):
      (JSC::ContinueNode::trivialTarget):
      (JSC::BreakNode::trivialTarget): Fold "if (expression) break" and
      "if (expression) continue" into direct jumps from expression.
      
      * parser/ASTBuilder.h:
      (ASTBuilder):
      (JSC::ASTBuilder::createIfStatement):
      * parser/NodeConstructors.h:
      (JSC::ConstantNode::ConstantNode):
      (JSC):
      (JSC::NullNode::NullNode):
      (JSC::BooleanNode::BooleanNode):
      (JSC::NumberNode::NumberNode):
      (JSC::StringNode::StringNode):
      (JSC::IfElseNode::IfElseNode):
      * parser/Nodes.h:
      (JSC::ExpressionNode::isConstant):
      (JSC::ExpressionNode::isBoolean):
      (JSC::StatementNode::isBreak):
      (JSC::StatementNode::isContinue):
      (ConstantNode):
      (JSC::ConstantNode::isPure):
      (JSC::ConstantNode::isConstant):
      (NullNode):
      (JSC::NullNode::jsValue):
      (JSC::BooleanNode::value):
      (JSC::BooleanNode::isBoolean):
      (JSC::BooleanNode::jsValue):
      (JSC::NumberNode::value):
      (NumberNode):
      (JSC::NumberNode::jsValue):
      (StringNode):
      (BinaryOpNode):
      (IfElseNode):
      (ContinueNode):
      (JSC::ContinueNode::isContinue):
      (BreakNode):
      (JSC::BreakNode::isBreak):
      * parser/Parser.cpp:
      (JSC::::parseIfStatement):
      * parser/ResultType.h:
      (JSC::ResultType::definitelyIsBoolean):
      (ResultType):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::pureToBoolean):
      * runtime/JSCell.h:
      * runtime/JSCellInlines.h:
      (JSC::JSCell::pureToBoolean): Updated for interface changes above.
      
      Source/WTF: Filled out more cases of branch folding in bytecode when emitting expressions into a branching context
      https://bugs.webkit.org/show_bug.cgi?id=115057
      
      Reviewed by Filip Pizlo.
      
      Added a helper constructor for TriState so clients can make one without
      branching or making assumptions about the integer values of TriStates.
      
      * wtf/TriState.h:
      (WTF::triState):
      (WTF):
      
      LayoutTests: Filled out more cases of branch folding in bytecode when emitting expressions into a branching context
      https://bugs.webkit.org/show_bug.cgi?id=115057
      
      Reviewed by Filip Pizlo.
      
      Added a performance test for interesting branch types.
      
      * fast/js/regress/branch-fold-expected.txt: Added.
      * fast/js/regress/branch-fold.html: Added.
      * fast/js/regress/script-tests/branch-fold.js: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148999 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ec40baf6
  10. 18 Feb, 2013 1 commit
    • zandobersek@gmail.com's avatar
      Stop placing std::isfinite and std::signbit inside the global scope · 8c24b7a5
      zandobersek@gmail.com authored
      https://bugs.webkit.org/show_bug.cgi?id=109817
      
      Reviewed by Darin Adler.
      
      Prefix calls to the isfinite and signbit methods with std:: as the two
      methods are no longer being imported into the global scope.
      
      Source/JavaScriptCore: 
      
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::shouldBlindDouble):
      * offlineasm/cloop.rb:
      * runtime/BigInteger.h:
      (JSC::BigInteger::BigInteger):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DatePrototype.cpp:
      (JSC::fillStructuresUsingTimeArgs):
      (JSC::fillStructuresUsingDateArgs):
      (JSC::dateProtoFuncToISOString):
      (JSC::dateProtoFuncSetYear):
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::JSValue):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncIsFinite):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::appendStringifiedValue):
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax): Also include an opportunistic style fix.
      (JSC::mathProtoFuncMin): Ditto.
      * runtime/NumberPrototype.cpp:
      (JSC::toStringWithRadix):
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      * runtime/Uint16WithFraction.h:
      (JSC::Uint16WithFraction::Uint16WithFraction):
      
      Source/WebCore: 
      
      No new tests as there's no change in functionality.
      
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::jsDateOrNull):
      * bindings/js/JSDOMBinding.h:
      (WebCore::finiteInt32Value):
      * bindings/v8/V8Binding.h:
      (WebCore::v8DateOrNull):
      * css/CSSPrimitiveValue.cpp:
      (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
      * html/BaseDateAndTimeInputType.cpp:
      (WebCore::BaseDateAndTimeInputType::parseToNumber):
      * html/HTMLInputElement.cpp:
      (WebCore::HTMLInputElement::setValueAsNumber):
      * html/HTMLMeterElement.cpp:
      (WebCore::HTMLMeterElement::setMin):
      (WebCore::HTMLMeterElement::setMax):
      (WebCore::HTMLMeterElement::setValue):
      (WebCore::HTMLMeterElement::setLow):
      (WebCore::HTMLMeterElement::setHigh):
      (WebCore::HTMLMeterElement::setOptimum):
      * html/HTMLProgressElement.cpp:
      (WebCore::HTMLProgressElement::value):
      (WebCore::HTMLProgressElement::setValue):
      (WebCore::HTMLProgressElement::max):
      (WebCore::HTMLProgressElement::setMax):
      * html/MonthInputType.cpp:
      (WebCore::MonthInputType::valueAsDate):
      (WebCore::MonthInputType::defaultValueForStepUp):
      (WebCore::MonthInputType::parseToNumber):
      * html/NumberInputType.cpp:
      (WebCore::NumberInputType::typeMismatchFor):
      (WebCore::NumberInputType::sanitizeValue):
      (WebCore::NumberInputType::hasBadInput):
      * html/RangeInputType.cpp:
      (WebCore::RangeInputType::typeMismatchFor):
      * html/TimeInputType.cpp:
      (WebCore::TimeInputType::defaultValueForStepUp):
      * html/canvas/CanvasPathMethods.cpp:
      (WebCore::CanvasPathMethods::moveTo):
      (WebCore::CanvasPathMethods::lineTo):
      (WebCore::CanvasPathMethods::quadraticCurveTo):
      (WebCore::CanvasPathMethods::bezierCurveTo):
      (WebCore::CanvasPathMethods::arcTo):
      (WebCore::CanvasPathMethods::arc):
      (WebCore::CanvasPathMethods::rect):
      * html/canvas/CanvasRenderingContext2D.cpp:
      (WebCore::CanvasRenderingContext2D::setLineWidth):
      (WebCore::CanvasRenderingContext2D::setMiterLimit):
      (WebCore::CanvasRenderingContext2D::setShadowOffsetX):
      (WebCore::CanvasRenderingContext2D::setShadowOffsetY):
      (WebCore::CanvasRenderingContext2D::setShadowBlur):
      (WebCore::lineDashSequenceIsValid):
      (WebCore::CanvasRenderingContext2D::setLineDashOffset):
      (WebCore::CanvasRenderingContext2D::scale):
      (WebCore::CanvasRenderingContext2D::rotate):
      (WebCore::CanvasRenderingContext2D::translate):
      (WebCore::CanvasRenderingContext2D::transform):
      (WebCore::CanvasRenderingContext2D::setTransform):
      (WebCore::validateRectForCanvas):
      (WebCore::CanvasRenderingContext2D::isPointInPath):
      (WebCore::CanvasRenderingContext2D::isPointInStroke):
      (WebCore::CanvasRenderingContext2D::drawImage):
      (WebCore::CanvasRenderingContext2D::createLinearGradient):
      (WebCore::CanvasRenderingContext2D::createRadialGradient):
      (WebCore::CanvasRenderingContext2D::createImageData):
      (WebCore::CanvasRenderingContext2D::getImageData):
      (WebCore::CanvasRenderingContext2D::putImageData):
      (WebCore::CanvasRenderingContext2D::drawTextInternal):
      * html/parser/HTMLParserIdioms.cpp:
      (WebCore::parseToDoubleForNumberType):
      * html/shadow/MediaControlElements.cpp:
      (WebCore::MediaControlTimelineElement::setDuration):
      * html/shadow/MediaControls.cpp:
      (WebCore::MediaControls::reset):
      * html/shadow/MediaControlsApple.cpp:
      (WebCore::MediaControlsApple::reset):
      * html/shadow/MediaControlsBlackBerry.cpp:
      (WebCore::MediaControlFullscreenTimelineElement::setDuration):
      (WebCore::MediaControlsBlackBerry::reset):
      * inspector/InspectorValues.cpp:
      (WebCore::InspectorBasicValue::writeJSON):
      * loader/cache/CachedResource.cpp:
      (WebCore::CachedResource::currentAge):
      (WebCore::CachedResource::freshnessLifetime):
      * page/DOMWindow.cpp:
      (WebCore::DOMWindow::adjustWindowRect):
      * platform/DateComponents.cpp:
      (WebCore::DateComponents::setMillisecondsSinceEpochForDate):
      (WebCore::DateComponents::setMillisecondsSinceEpochForDateTime):
      (WebCore::DateComponents::setMillisecondsSinceEpochForMonth):
      (WebCore::DateComponents::setMillisecondsSinceMidnight):
      (WebCore::DateComponents::setMonthsSinceEpoch):
      (WebCore::DateComponents::setMillisecondsSinceEpochForWeek):
      * platform/Decimal.cpp:
      (WebCore::Decimal::fromDouble):
      * platform/FileSystem.h:
      (WebCore::isValidFileTime):
      * platform/LocalizedStrings.cpp:
      (WebCore::localizedMediaTimeDescription):
      * platform/graphics/cairo/CairoUtilities.cpp:
      (WebCore::drawPatternToCairoContext):
      * platform/graphics/cairo/PathCairo.cpp:
      (WebCore::Path::addArc):
      (WebCore::Path::contains):
      * platform/graphics/cg/PathCG.cpp:
      (WebCore::Path::addArc):
      * platform/graphics/gstreamer/FullscreenVideoControllerGStreamer.cpp:
      (WebCore::FullscreenVideoControllerGStreamer::timeToString):
      * platform/graphics/openvg/PathOpenVG.cpp:
      (WebCore::Path::addArc):
      * platform/graphics/skia/SkiaUtils.h:
      (WebCore::WebCoreFloatToSkScalar):
      (WebCore::WebCoreDoubleToSkScalar):
      * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
      (WebCore::MediaPlayerPrivateQuickTimeVisualContext::maxTimeSeekable):
      * platform/gtk/LocalizedStringsGtk.cpp:
      (WebCore::localizedMediaTimeDescription):
      * platform/mac/WebVideoFullscreenHUDWindowController.mm:
      (timeToString):
      * platform/network/ResourceResponseBase.cpp:
      (WebCore::parseDateValueInHeader):
      * platform/qt/LocalizedStringsQt.cpp:
      (WebCore::localizedMediaTimeDescription):
      * rendering/RenderFlexibleBox.cpp:
      (WebCore::RenderFlexibleBox::resolveFlexibleLengths):
      * rendering/RenderMediaControlsChromium.cpp:
      (WebCore::formatChromiumMediaControlsTime):
      * rendering/RenderTheme.cpp:
      (WebCore::RenderTheme::formatMediaControlsTime):
      * rendering/style/RenderStyle.cpp:
      (WebCore::RenderStyle::setFontSize):
      * svg/SVGPathParser.cpp:
      (WebCore::SVGPathParser::decomposeArcToCubic):
      * xml/XPathFunctions.cpp:
      (WebCore::XPath::FunRound::round):
      * xml/XPathValue.cpp:
      (WebCore::XPath::Value::toString):
      
      Source/WebKit/win: 
      
      * FullscreenVideoController.cpp:
      (timeToString):
      
      Source/WTF: 
      
      On Solaris and OpenBSD platforms or when using Visual C++ the two methods
      are now defined (as incompatibility workarounds) inside the std namespace.
      
      * wtf/DateMath.cpp:
      (WTF::timeClip):
      * wtf/DecimalNumber.h:
      (WTF::DecimalNumber::DecimalNumber):
      * wtf/MathExtras.h:
      (std):
      (std::isfinite):
      (std::signbit):
      (lrint):
      (wtf_pow):
      (decomposeDouble):
      * wtf/MediaTime.cpp:
      (WTF::MediaTime::createWithFloat):
      (WTF::MediaTime::createWithDouble):
      * wtf/dtoa.cpp:
      (WTF::dtoa):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143232 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8c24b7a5
  11. 07 Feb, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG::ByteCodeParser should do surgical constant folding to reduce load on the optimization fixpoint · cb6fd793
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=109000
      
      Reviewed by Oliver Hunt.
              
      Previously our source parser's ASTBuilder did some surgical constant folding, but it
      didn't cover some cases.  It was particularly incapable of doing constant folding for
      cases where we do some minimal loop peeling in the bytecode generator - since it
      didn't "see" those constants prior to the peeling.  Example:
      
      for (var i = 0; i < 4; ++i)
          things;
      
      This will get peeled just a bit by the bytecode generator, so that the "i < 4" is
      duplicated both at the top of the loop and the bottom.  This means that we have a
      constant comparison: "0 < 4", which the bytecode generator emits without any further
      thought.
      
      The DFG optimization fixpoint of course folds this and simplifies the CFG 
      accordingly, but this incurs a compile-time cost.  The purpose of this change is to
      do some surgical constant folding in the DFG's bytecode parser, so that such
      constructs reduce load on the CFG simplifier and the optimization fixpoint.  The goal
      is not to cover all cases, since the DFG CFA and CFG simplifier have a powerful
      sparse conditional constant propagation that we can always fall back on. Instead the
      goal is to cover enough cases that for common small functions we don't have to
      perform such transformations, thereby reducing compile times.
              
      This also refactors m_inlineStackEntry->m_inlineCallFrame to be a handy method call
      and also adds the notion of a TriState-based JSValue::pureToBoolean(). Both of these
      things are used by the folder.
              
      As well, care has been taken to make sure that the bytecode parser only does folding
      that is statically provable, and that doesn't arise out of speculation. This means
      we cannot fold on data flow that crosses inlining boundaries. On the other hand, the
      folding that the bytecode parser uses doesn't require phantoming anything. Such is
      the trade-off: for anything that we do need phantoming, we defer it to the
      optimization fixpoint.
              
      Slight SunSpider speed-up.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables):
      (JSC::DFG::ByteCodeParser::toInt32):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::inlineCallFrame):
      (JSC::DFG::ByteCodeParser::currentCodeOrigin):
      (JSC::DFG::ByteCodeParser::canFold):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::getScope):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::isStronglyProvedConstantIn):
      (Node):
      * runtime/JSCJSValue.h:
      * runtime/JSCJSValueInlines.h:
      (JSC::JSValue::pureToBoolean):
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142162 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cb6fd793
  12. 24 Jan, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      Objective-C API: Rename JSValue.h/APIJSValue.h to JSCJSValue.h/JSValue.h · c1bc9d39
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=107327
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      We're renaming these two files, so we have to replace the names everywhere.
      
      * API/APICast.h:
      * API/APIJSValue.h: Removed.
      * API/JSBlockAdaptor.mm:
      * API/JSStringRefCF.cpp:
      * API/JSValue.h: Copied from Source/JavaScriptCore/API/APIJSValue.h.
      * API/JSValue.mm:
      * API/JSValueInternal.h:
      * API/JSValueRef.cpp:
      * API/JSWeakObjectMapRefPrivate.cpp:
      * API/JavaScriptCore.h:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CallLinkStatus.h:
      * bytecode/CodeBlock.cpp:
      * bytecode/MethodOfGettingAValueProfile.h:
      * bytecode/ResolveGlobalStatus.cpp:
      * bytecode/ResolveGlobalStatus.h:
      * bytecode/SpeculatedType.h:
      * bytecode/ValueRecovery.h:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGNode.h:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT64.cpp:
      * heap/CopiedBlock.h:
      * heap/HandleStack.cpp:
      * heap/HandleTypes.h:
      * heap/WeakImpl.h:
      * interpreter/Interpreter.h:
      * interpreter/Register.h:
      * interpreter/VMInspector.h:
      * jit/HostCallReturnValue.cpp:
      * jit/HostCallReturnValue.h:
      * jit/JITCode.h:
      * jit/JITExceptions.cpp:
      * jit/JITExceptions.h:
      * jit/JSInterfaceJIT.h:
      * llint/LLIntCLoop.h:
      * llint/LLIntData.h:
      * llint/LLIntSlowPaths.cpp:
      * profiler/ProfilerBytecode.h:
      * profiler/ProfilerBytecodeSequence.h:
      * profiler/ProfilerBytecodes.h:
      * profiler/ProfilerCompilation.h:
      * profiler/ProfilerCompiledBytecode.h:
      * profiler/ProfilerDatabase.h:
      * profiler/ProfilerOSRExit.h:
      * profiler/ProfilerOSRExitSite.h:
      * profiler/ProfilerOrigin.h:
      * profiler/ProfilerOriginStack.h:
      * runtime/ArgList.cpp:
      * runtime/CachedTranscendentalFunction.h:
      * runtime/CallData.h:
      * runtime/Completion.h:
      * runtime/ConstructData.h:
      * runtime/DateConstructor.cpp:
      * runtime/DateInstance.cpp:
      * runtime/DatePrototype.cpp:
      * runtime/JSAPIValueWrapper.h:
      * runtime/JSCJSValue.cpp: Copied from Source/JavaScriptCore/runtime/JSValue.cpp.
      * runtime/JSCJSValue.h: Copied from Source/JavaScriptCore/runtime/JSValue.h.
      (JSValue):
      * runtime/JSCJSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlines.h.
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObjectFunctions.h:
      * runtime/JSStringJoiner.h:
      * runtime/JSValue.cpp: Removed.
      * runtime/JSValue.h: Removed.
      * runtime/JSValueInlines.h: Removed.
      * runtime/LiteralParser.h:
      * runtime/Operations.h:
      * runtime/PropertyDescriptor.h:
      * runtime/PropertySlot.h:
      * runtime/Protect.h:
      * runtime/RegExpPrototype.cpp:
      * runtime/Structure.h:
      
      Source/WebCore:
      
      No new tests.
      
      We're renaming these two files, so we have to replace the names everywhere.
      
      * ForwardingHeaders/runtime/JSCJSValue.h: Copied from Source/WebCore/ForwardingHeaders/runtime/JSValue.h.
      * ForwardingHeaders/runtime/JSValue.h: Removed.
      * WebCore.vcproj/WebCore.vcproj:
      * bindings/js/JSArrayBufferViewHelper.h:
      * bindings/js/JSCustomXPathNSResolver.h:
      * bindings/js/JSHTMLAllCollectionCustom.cpp:
      * bindings/js/JSIntentConstructor.cpp:
      * bindings/js/JSMessagePortCustom.h:
      * bindings/js/JSNodeFilterCondition.h:
      * bindings/js/JavaScriptCallFrame.cpp:
      * bindings/js/ScriptCallStackFactory.cpp:
      * bindings/js/ScriptValue.h:
      * bindings/js/SerializedScriptValue.h:
      * bindings/objc/WebScriptObjectPrivate.h:
      * bridge/c/c_utility.h:
      * bridge/testbindings.cpp:
      * bridge/testbindings.mm:
      * bridge/testqtbindings.cpp:
      * plugins/PluginView.cpp:
      * plugins/blackberry/PluginViewBlackBerry.cpp:
      * plugins/gtk/PluginViewGtk.cpp:
      * plugins/mac/PluginViewMac.mm:
      * plugins/qt/PluginViewQt.cpp:
      * plugins/win/PluginViewWin.cpp:
      
      Source/WebKit/gtk:
      
      We're renaming these two files, so we have to replace the names everywhere.
      
      * WebCoreSupport/DumpRenderTreeSupportGtk.cpp:
      
      Source/WebKit/mac:
      
      We're renaming these two files, so we have to replace the names everywhere.
      
      * DOM/WebDOMOperations.mm:
      * ForwardingHeaders/runtime/JSCJSValue.h: Copied from Source/WebKit/mac/ForwardingHeaders/runtime/JSValue.h.
      * ForwardingHeaders/runtime/JSValue.h: Removed.
      * WebView/WebFrame.mm:
      * WebView/WebView.mm:
      
      Source/WebKit/win:
      
      We're renaming these two files, so we have to replace the names everywhere.
      
      * WebFrame.cpp:
      * WebView.cpp:
      
      Source/WebKit/wx:
      
      We're renaming these two files, so we have to replace the names everywhere.
      
      * WebFrame.cpp:
      * WebView.cpp:
      
      Source/WebKit2:
      
      We're renaming these two files, so we have to replace the names everywhere.
      
      * WebProcess/WebPage/WebPage.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@140718 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c1bc9d39
  13. 12 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      The JITThunks class should be in its own file, and doing so should not break the build · a4b4cbe9
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=105696
      
      Source/JavaScriptCore: 
      
      Rubber stamped by Sam Weinig and Geoffrey Garen.
              
      This patch was supposed to just move JITThunks into its own file. But then I
      realized that there is a horrible circular dependency chain between JSCell,
      JSGlobalData, CallFrame, and Weak, which only works because of magical include
      order in JITStubs.h, and the fact that JSGlobalData.h includes JITStubs.h
      before it includes JSCell or JSValue.
              
      I first tried to just get JITThunks.h to just magically do the same pointless
      includes that JITStubs.h had, but then I decided to actually fix the underflying
      problem, which was that JSCell needed CallFrame, CallFrame needed JSGlobalData,
      JSGlobalData needed JITThunks, JITThunks needed Weak, and Weak needed JSCell.
      Now, all of JSCell's outgoing dependencies are placed in JSCellInlines.h. This
      also gave me an opportunity to move JSValue inline methods from JSCell.h into
      JSValueInlines.h. But to make this really work, I needed to remove includes of
      *Inlines.h from other headers (CodeBlock.h for example included JSValueInlines.h,
      which defeats the whole entire purpose of having an Inlines.h file), and I needed
      to add includes of *Inlines.h into a bunch of .cpp files. I did this mostly by
      having .cpp files include Operations.h. In future, if you're adding a .cpp file
      to JSC, you'll almost certainly have to include Operations.h unless you enjoy
      link errors.
      
      * API/JSBase.cpp:
      * API/JSCallbackConstructor.cpp:
      * API/JSCallbackFunction.cpp:
      * API/JSCallbackObject.cpp:
      * API/JSClassRef.cpp:
      * API/JSContextRef.cpp:
      * API/JSObjectRef.cpp:
      * API/JSScriptRef.cpp:
      * API/JSWeakObjectMapRefPrivate.cpp:
      * JSCTypedArrayStubs.h:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ArrayAllocationProfile.cpp:
      * bytecode/CodeBlock.cpp:
      * bytecode/GetByIdStatus.cpp:
      * bytecode/LazyOperandValueProfile.cpp:
      * bytecode/ResolveGlobalStatus.cpp:
      * bytecode/SpeculatedType.cpp:
      * bytecode/UnlinkedCodeBlock.cpp:
      * bytecompiler/BytecodeGenerator.cpp:
      * debugger/Debugger.cpp:
      * debugger/DebuggerActivation.cpp:
      * debugger/DebuggerCallFrame.cpp:
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      * dfg/DFGArrayMode.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGConstantFoldingPhase.cpp:
      * dfg/DFGDriver.cpp:
      * dfg/DFGFixupPhase.cpp:
      * dfg/DFGGraph.cpp:
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGOSREntry.cpp:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      * dfg/DFGOSRExitCompiler64.cpp:
      * dfg/DFGPredictionPropagationPhase.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (DFG):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      * dfg/DFGSpeculativeJIT64.cpp:
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      * dfg/DFGVariableEventStream.cpp:
      * heap/CopiedBlock.h:
      * heap/CopiedSpace.cpp:
      * heap/HandleSet.cpp:
      * heap/Heap.cpp:
      * heap/HeapStatistics.cpp:
      * heap/SlotVisitor.cpp:
      * heap/WeakBlock.cpp:
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * jit/ClosureCallStubRoutine.cpp:
      * jit/GCAwareJITStubRoutine.cpp:
      * jit/JIT.cpp:
      * jit/JITArithmetic.cpp:
      * jit/JITArithmetic32_64.cpp:
      * jit/JITCall.cpp:
      * jit/JITCall32_64.cpp:
      * jit/JITCode.h:
      * jit/JITExceptions.cpp:
      * jit/JITStubs.h:
      * jit/JITThunks.h:
      * jsc.cpp:
      * llint/LLIntExceptions.cpp:
      * profiler/LegacyProfiler.cpp:
      * profiler/ProfileGenerator.cpp:
      * profiler/ProfilerBytecode.cpp:
      * profiler/ProfilerBytecodeSequence.cpp:
      * profiler/ProfilerBytecodes.cpp:
      * profiler/ProfilerCompilation.cpp:
      * profiler/ProfilerCompiledBytecode.cpp:
      * profiler/ProfilerDatabase.cpp:
      * profiler/ProfilerOSRExit.cpp:
      * profiler/ProfilerOSRExitSite.cpp:
      * profiler/ProfilerOrigin.cpp:
      * profiler/ProfilerOriginStack.cpp:
      * profiler/ProfilerProfiledBytecodes.cpp:
      * runtime/ArgList.cpp:
      * runtime/Arguments.cpp:
      * runtime/ArrayConstructor.cpp:
      * runtime/BooleanConstructor.cpp:
      * runtime/BooleanObject.cpp:
      * runtime/BooleanPrototype.cpp:
      * runtime/CallData.cpp:
      * runtime/CodeCache.cpp:
      * runtime/Completion.cpp:
      * runtime/ConstructData.cpp:
      * runtime/DateConstructor.cpp:
      * runtime/DateInstance.cpp:
      * runtime/DatePrototype.cpp:
      * runtime/Error.cpp:
      * runtime/ErrorConstructor.cpp:
      * runtime/ErrorInstance.cpp:
      * runtime/ErrorPrototype.cpp:
      * runtime/ExceptionHelpers.cpp:
      * runtime/Executable.cpp:
      * runtime/FunctionConstructor.cpp:
      * runtime/FunctionPrototype.cpp:
      * runtime/GetterSetter.cpp:
      * runtime/Identifier.cpp:
      * runtime/InternalFunction.cpp:
      * runtime/JSActivation.cpp:
      * runtime/JSBoundFunction.cpp:
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC):
      * runtime/JSCellInlines.h: Added.
      (JSC):
      (JSC::JSCell::JSCell):
      (JSC::JSCell::finishCreation):
      (JSC::JSCell::structure):
      (JSC::JSCell::visitChildren):
      (JSC::allocateCell):
      (JSC::isZapped):
      (JSC::JSCell::isObject):
      (JSC::JSCell::isString):
      (JSC::JSCell::isGetterSetter):
      (JSC::JSCell::isProxy):
      (JSC::JSCell::isAPIValueWrapper):
      (JSC::JSCell::setStructure):
      (JSC::JSCell::methodTable):
      (JSC::JSCell::inherits):
      (JSC::JSCell::fastGetOwnPropertySlot):
      (JSC::JSCell::fastGetOwnProperty):
      (JSC::JSCell::toBoolean):
      * runtime/JSDateMath.cpp:
      * runtime/JSFunction.cpp:
      * runtime/JSFunction.h:
      (JSC):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSLock.cpp:
      * runtime/JSNameScope.cpp:
      * runtime/JSNotAnObject.cpp:
      * runtime/JSONObject.cpp:
      * runtime/JSObject.h:
      (JSC):
      * runtime/JSProxy.cpp:
      * runtime/JSScope.cpp:
      * runtime/JSSegmentedVariableObject.cpp:
      * runtime/JSString.h:
      (JSC):
      * runtime/JSStringJoiner.cpp:
      * runtime/JSSymbolTableObject.cpp:
      * runtime/JSValue.cpp:
      * runtime/JSValueInlines.h:
      (JSC::JSValue::toInt32):
      (JSC::JSValue::toUInt32):
      (JSC):
      (JSC::JSValue::isUInt32):
      (JSC::JSValue::asUInt32):
      (JSC::JSValue::asNumber):
      (JSC::jsNaN):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::encode):
      (JSC::JSValue::decode):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::JSValue::isEmpty):
      (JSC::JSValue::isUndefined):
      (JSC::JSValue::isNull):
      (JSC::JSValue::isUndefinedOrNull):
      (JSC::JSValue::isCell):
      (JSC::JSValue::isInt32):
      (JSC::JSValue::isDouble):
      (JSC::JSValue::isTrue):
      (JSC::JSValue::isFalse):
      (JSC::JSValue::tag):
      (JSC::JSValue::payload):
      (JSC::JSValue::asInt32):
      (JSC::JSValue::asDouble):
      (JSC::JSValue::asCell):
      (JSC::JSValue::isNumber):
      (JSC::JSValue::isBoolean):
      (JSC::JSValue::asBoolean):
      (JSC::reinterpretDoubleToInt64):
      (JSC::reinterpretInt64ToDouble):
      (JSC::JSValue::isString):
      (JSC::JSValue::isPrimitive):
      (JSC::JSValue::isGetterSetter):
      (JSC::JSValue::isObject):
      (JSC::JSValue::getString):
      (JSC::::getString):
      (JSC::JSValue::getObject):
      (JSC::JSValue::getUInt32):
      (JSC::JSValue::toPrimitive):
      (JSC::JSValue::getPrimitiveNumber):
      (JSC::JSValue::toNumber):
      (JSC::JSValue::toObject):
      (JSC::JSValue::isFunction):
      (JSC::JSValue::inherits):
      (JSC::JSValue::toThisObject):
      (JSC::JSValue::get):
      (JSC::JSValue::put):
      (JSC::JSValue::putByIndex):
      (JSC::JSValue::structureOrUndefined):
      (JSC::JSValue::equal):
      (JSC::JSValue::equalSlowCaseInline):
      (JSC::JSValue::strictEqualSlowCaseInline):
      (JSC::JSValue::strictEqual):
      * runtime/JSVariableObject.cpp:
      * runtime/JSWithScope.cpp:
      * runtime/JSWrapperObject.cpp:
      * runtime/LiteralParser.cpp:
      * runtime/Lookup.cpp:
      * runtime/NameConstructor.cpp:
      * runtime/NameInstance.cpp:
      * runtime/NamePrototype.cpp:
      * runtime/NativeErrorConstructor.cpp:
      * runtime/NativeErrorPrototype.cpp:
      * runtime/NumberConstructor.cpp:
      * runtime/NumberObject.cpp:
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      * runtime/Operations.h:
      (JSC):
      * runtime/PropertySlot.cpp:
      * runtime/RegExp.cpp:
      * runtime/RegExpCache.cpp:
      * runtime/RegExpCachedResult.cpp:
      * runtime/RegExpConstructor.cpp:
      * runtime/RegExpMatchesArray.cpp:
      * runtime/RegExpObject.cpp:
      * runtime/RegExpPrototype.cpp:
      * runtime/SmallStrings.cpp:
      * runtime/SparseArrayValueMap.cpp:
      * runtime/StrictEvalActivation.cpp:
      * runtime/StringConstructor.cpp:
      * runtime/StringObject.cpp:
      * runtime/StringRecursionChecker.cpp:
      * runtime/Structure.h:
      (JSC):
      * runtime/StructureChain.cpp:
      * runtime/TimeoutChecker.cpp:
      * testRegExp.cpp:
      
      Source/WebCore: 
      
      Rubber stamped by Sam Weinig.
      
      All .cpp files that use the JSC internal API must now transitively include
      Operations.h, and none of the major JSC headers do it for you to avoid
      circularity. WebCore doesn't have to worry about circularity with JSC, so
      this changes all of the major WebCore JSC base headers to include
      Operations.h.
      
      * bindings/js/BindingState.h:
      * bindings/js/JSArrayBufferViewHelper.h:
      * bindings/js/JSCustomXPathNSResolver.h:
      * bindings/js/JSDOMBinding.h:
      * bindings/js/JSDOMGlobalObject.h:
      * bindings/js/JSDictionary.h:
      * bindings/js/JSMessagePortCustom.h:
      * bindings/js/JSNodeFilterCondition.h:
      * bindings/js/ScriptValue.h:
      * bindings/js/ScriptWrappable.h:
      * bindings/js/SerializedScriptValue.cpp:
      * bridge/c/c_utility.h:
      * bridge/jsc/BridgeJSC.h:
      * dom/Node.cpp:
      * html/HTMLCanvasElement.cpp:
      * html/HTMLImageLoader.cpp:
      * plugins/efl/PluginViewEfl.cpp:
      * xml/XMLHttpRequest.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139541 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4b4cbe9
  14. 09 Nov, 2012 1 commit
    • mark.lam@apple.com's avatar
      Renamed ...InlineMethods.h files to ...Inlines.h. · a4fe7abf
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101145.
      
      Reviewed by Geoffrey Garen.
      
      This is only a refactoring effort to rename the files. There are no
      functionality changes.
      
      Source/JavaScriptCore: 
      
      * API/JSObjectRef.cpp:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      * dfg/DFGOperations.cpp:
      * heap/ConservativeRoots.cpp:
      * heap/CopiedBlock.h:
      * heap/CopiedSpace.cpp:
      * heap/CopiedSpaceInlineMethods.h: Removed.
      * heap/CopiedSpaceInlines.h: Copied from Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h.
      * heap/CopyVisitor.cpp:
      * heap/CopyVisitorInlineMethods.h: Removed.
      * heap/CopyVisitorInlines.h: Copied from Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h.
      * heap/GCThread.cpp:
      * heap/GCThreadSharedData.cpp:
      * heap/HandleStack.cpp:
      * heap/Heap.cpp:
      * heap/HeapRootVisitor.h:
      * heap/MarkStack.cpp:
      * heap/MarkStackInlineMethods.h: Removed.
      * heap/MarkStackInlines.h: Copied from Source/JavaScriptCore/heap/MarkStackInlineMethods.h.
      * heap/SlotVisitor.cpp:
      * heap/SlotVisitor.h:
      * heap/SlotVisitorInlineMethods.h: Removed.
      * heap/SlotVisitorInlines.h: Copied from Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h.
      * jit/HostCallReturnValue.cpp:
      * jit/JIT.cpp:
      * jit/JITArithmetic.cpp:
      * jit/JITArithmetic32_64.cpp:
      * jit/JITCall.cpp:
      * jit/JITCall32_64.cpp:
      * jit/JITInlineMethods.h: Removed.
      * jit/JITInlines.h: Copied from Source/JavaScriptCore/jit/JITInlineMethods.h.
      * jit/JITOpcodes.cpp:
      * jit/JITOpcodes32_64.cpp:
      * jit/JITPropertyAccess.cpp:
      * jit/JITPropertyAccess32_64.cpp:
      * jsc.cpp:
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayPrototype.cpp:
      * runtime/ButterflyInlineMethods.h: Removed.
      * runtime/ButterflyInlines.h: Copied from Source/JavaScriptCore/runtime/ButterflyInlineMethods.h.
      * runtime/IndexingHeaderInlineMethods.h: Removed.
      * runtime/IndexingHeaderInlines.h: Copied from Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h.
      * runtime/JSActivation.h:
      * runtime/JSArray.cpp:
      * runtime/JSArray.h:
      * runtime/JSCell.h:
      * runtime/JSObject.cpp:
      * runtime/JSValueInlineMethods.h: Removed.
      * runtime/JSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlineMethods.h.
      * runtime/LiteralParser.cpp:
      * runtime/ObjectConstructor.cpp:
      * runtime/Operations.h:
      * runtime/RegExpMatchesArray.cpp:
      * runtime/RegExpObject.cpp:
      * runtime/StringPrototype.cpp:
      
      Source/WebCore: 
      
      No new tests.
      
      * GNUmakefile.list.am:
      * Target.pri:
      * WebCore.gypi:
      * WebCore.vcproj/WebCore.vcproj:
      * WebCore.xcodeproj/project.pbxproj:
      * html/parser/HTMLEntityParser.cpp:
      * html/parser/HTMLTokenizer.cpp:
      * html/track/WebVTTTokenizer.cpp:
      * xml/parser/CharacterReferenceParserInlineMethods.h: Removed.
      * xml/parser/CharacterReferenceParserInlines.h: Copied from Source/WebCore/xml/parser/CharacterReferenceParserInlineMethods.h.
      * xml/parser/MarkupTokenizerInlineMethods.h: Removed.
      * xml/parser/MarkupTokenizerInlines.h: Copied from Source/WebCore/xml/parser/MarkupTokenizerInlineMethods.h.
      * xml/parser/XMLCharacterReferenceParser.cpp:
      * xml/parser/XMLTokenizer.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133995 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a4fe7abf
  15. 05 Nov, 2012 1 commit
    • fpizlo@apple.com's avatar
      Reduce the verbosity of referring to QNaN in JavaScriptCore · 3494d02f
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101174
      
      Reviewed by Geoffrey Garen.
      
      Introduces a #define QNaN in JSValue.h, and replaces all previous uses of
      std::numeric_limits<double>::quiet_NaN() with QNaN.
      
      * API/JSValueRef.cpp:
      (JSValueMakeNumber):
      (JSValueToNumber):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      * runtime/CachedTranscendentalFunction.h:
      (JSC::CachedTranscendentalFunction::initialize):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateInstanceCache.h:
      (JSC::DateInstanceData::DateInstanceData):
      (JSC::DateInstanceCache::reset):
      * runtime/ExceptionHelpers.cpp:
      (JSC::InterruptedExecutionError::defaultValue):
      (JSC::TerminatedExecutionError::defaultValue):
      * runtime/JSCell.h:
      (JSC::JSValue::getPrimitiveNumber):
      * runtime/JSDateMath.cpp:
      (JSC::parseDateFromNullTerminatedCharacters):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::resetDateCache):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::parseInt):
      (JSC::jsStrDecimalLiteral):
      (JSC::toDouble):
      (JSC::jsToNumber):
      (JSC::parseFloat):
      * runtime/JSValue.cpp:
      (JSC::JSValue::toNumberSlowCase):
      * runtime/JSValue.h:
      (JSC):
      * runtime/JSValueInlineMethods.h:
      (JSC::jsNaN):
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax):
      (JSC::mathProtoFuncMin):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133493 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3494d02f
  16. 19 Oct, 2012 1 commit
    • yuqiang.xian@intel.com's avatar
      Refactor MacroAssembler interfaces to differentiate the pointer operands from... · 5b1cb734
      yuqiang.xian@intel.com authored
      Refactor MacroAssembler interfaces to differentiate the pointer operands from the 64-bit integer operands
      https://bugs.webkit.org/show_bug.cgi?id=99154
      
      Reviewed by Gavin Barraclough.
      
      In current JavaScriptCore implementation for JSVALUE64 platform (i.e.,
      the X64 platform), we assume that the JSValue size is same to the
      pointer size, and thus EncodedJSValue is simply type defined as a
      "void*". In the JIT compiler, we also take this assumption and invoke
      the same macro assembler interfaces for both JSValue and pointer
      operands. We need to differentiate the operations on pointers from the
      operations on JSValues, and let them invoking different macro
      assembler interfaces. For example, we now use the interface of
      "loadPtr" to load either a pointer or a JSValue, and we need to switch
      to using "loadPtr" to load a pointer and some new "load64" interface
      to load a JSValue. This would help us supporting other JSVALUE64
      platforms where pointer size is not necessarily 64-bits, for example
      x32 (bug #99153).
      
      The major modification I made is to introduce the "*64" interfaces in
      the MacroAssembler for those operations on JSValues, keep the "*Ptr"
      interfaces for those operations on real pointers, and go through all
      the JIT compiler code to correct the usage.
      
      This is the second part of the work, i.e, to correct the usage of the
      new MacroAssembler interfaces in the JIT compilers, which also means
      that now EncodedJSValue is defined as a 64-bit integer, and the "*64"
      interfaces are used for it.
      
      * assembler/MacroAssembler.h: JSValue immediates should be in Imm64 instead of ImmPtr.
      (MacroAssembler):
      (JSC::MacroAssembler::shouldBlind):
      * dfg/DFGAssemblyHelpers.cpp: Correct the JIT compilers usage of the new interfaces.
      (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
      (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
      (JSC::DFG::AssemblyHelpers::branchIfNotCell):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::boxDouble):
      (JSC::DFG::AssemblyHelpers::unboxDouble):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      * dfg/DFGScratchRegisterAllocator.h:
      (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
      (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
      (JSC::DFG::SpeculativeJIT::compileInstanceOf):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::spill):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::branch64):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::convertToDouble):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::virtualForThunkGenerator):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JIT):
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emit_op_negate):
      (JSC::JIT::emitSlow_op_negate):
      (JSC::JIT::emit_op_rshift):
      (JSC::JIT::emitSlow_op_urshift):
      (JSC::JIT::emit_compareAndJumpSlow):
      (JSC::JIT::emit_op_bitand):
      (JSC::JIT::compileBinaryArithOpSlowCase):
      (JSC::JIT::emit_op_div):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCall):
      * jit/JITInlineMethods.h: Have some clean-up work as well.
      (JSC):
      (JSC::JIT::emitPutCellToCallFrameHeader):
      (JSC::JIT::emitPutIntToCallFrameHeader):
      (JSC::JIT::emitPutToCallFrameHeader):
      (JSC::JIT::emitGetFromCallFrameHeader32):
      (JSC::JIT::emitGetFromCallFrameHeader64):
      (JSC::JIT::emitAllocateJSArray):
      (JSC::JIT::emitValueProfilingSite):
      (JSC::JIT::emitGetJITStubArg):
      (JSC::JIT::emitGetVirtualRegister):
      (JSC::JIT::emitPutVirtualRegister):
      (JSC::JIT::emitInitRegister):
      (JSC::JIT::emitJumpIfJSCell):
      (JSC::JIT::emitJumpIfBothJSCells):
      (JSC::JIT::emitJumpIfNotJSCell):
      (JSC::JIT::emitLoadInt32ToDouble):
      (JSC::JIT::emitJumpIfImmediateInteger):
      (JSC::JIT::emitJumpIfNotImmediateInteger):
      (JSC::JIT::emitJumpIfNotImmediateIntegers):
      (JSC::JIT::emitFastArithReTagImmediate):
      (JSC::JIT::emitFastArithIntToImmNoCheck):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_mov):
      (JSC::JIT::emit_op_instanceof):
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_is_boolean):
      (JSC::JIT::emit_op_is_number):
      (JSC::JIT::emit_op_tear_off_activation):
      (JSC::JIT::emit_op_not):
      (JSC::JIT::emit_op_jfalse):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_jtrue):
      (JSC::JIT::emit_op_bitxor):
      (JSC::JIT::emit_op_bitor):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_next_pname):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_throw_reference_error):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      (JSC::JIT::emit_op_create_activation):
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emit_op_init_lazy_reg):
      (JSC::JIT::emitSlow_op_convert_this):
      (JSC::JIT::emitSlow_op_not):
      (JSC::JIT::emit_op_get_argument_by_val):
      (JSC::JIT::emit_op_put_to_base):
      (JSC::JIT::emit_resolve_operations):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_get_by_pname):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitIntTypedArrayGetByVal):
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      (JSC::JIT::emitFloatTypedArrayPutByVal):
      * jit/JITStubCall.h:
      (JITStubCall):
      (JSC::JITStubCall::JITStubCall):
      (JSC::JITStubCall::addArgument):
      (JSC::JITStubCall::call):
      (JSC::JITStubCall::callWithValueProfiling):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::emitJumpIfImmediateNumber):
      (JSC::JSInterfaceJIT::emitJumpIfNotImmediateNumber):
      (JSC::JSInterfaceJIT::emitLoadJSCell):
      (JSC::JSInterfaceJIT::emitLoadInt32):
      (JSC::JSInterfaceJIT::emitLoadDouble):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::returnDouble):
      (JSC::SpecializedThunkJIT::tagReturnAsInt32):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h: Define JSVALUE64 EncodedJSValue as int64_t, which is also unified with JSVALUE32_64.
      (JSC):
      * runtime/JSValueInlineMethods.h: New implementation of some JSValue methods to make them more conformant
      with the new rule that "JSValue is a 64-bit integer rather than a pointer" for JSVALUE64 platforms.
      (JSC):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::reinterpretDoubleToInt64):
      (JSC::reinterpretInt64ToDouble):
      (JSC::JSValue::asDouble):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131858 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5b1cb734
  17. 01 Sep, 2012 1 commit
    • commit-queue@webkit.org's avatar
      LLInt C loop backend. · e13567fb
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=91052.
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-09-01
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::bytecodeOffset):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC):
      * interpreter/Interpreter.h:
      * jit/JITStubs.h:
      (JITStackFrame):
      (JSC):
      * llint/LLIntCLoop.cpp: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::CLoop::initialize):
      (JSC::LLInt::CLoop::catchRoutineFor):
      (JSC::LLInt::CLoop::hostCodeEntryFor):
      (JSC::LLInt::CLoop::jsCodeEntryWithArityCheckFor):
      (JSC::LLInt::CLoop::jsCodeEntryFor):
      * llint/LLIntCLoop.h: Added.
      (JSC):
      (LLInt):
      (CLoop):
      * llint/LLIntData.cpp:
      (JSC::LLInt::initialize):
      * llint/LLIntData.h:
      (JSC):
      * llint/LLIntOfflineAsmConfig.h:
      * llint/LLIntOpcode.h:
      * llint/LLIntThunks.cpp:
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      (LLInt):
      (JSC::LLInt::Ints2Double):
      (JSC):
      (JSC::CLoop::execute):
      * llint/LowLevelInterpreter.h:
      (JSC):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/asm.rb:
      * offlineasm/backends.rb:
      * offlineasm/cloop.rb: Added.
      * offlineasm/instructions.rb:
      * runtime/Executable.h:
      (ExecutableBase):
      (JSC::ExecutableBase::hostCodeEntryFor):
      (JSC::ExecutableBase::jsCodeEntryFor):
      (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
      (JSC::ExecutableBase::catchRoutineFor):
      (NativeExecutable):
      * runtime/JSValue.h:
      (JSC):
      (LLInt):
      (JSValue):
      * runtime/JSValueInlineMethods.h:
      (JSC):
      (JSC::JSValue::JSValue):
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      
      Source/WTF:
      
      Added configs for the llint C loop backend.
      
      * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e13567fb
  18. 31 Aug, 2012 1 commit
    • commit-queue@webkit.org's avatar
      Refactor LLInt and supporting code in preparation for the C Loop backend. · eebad5de
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=95531.
      
      Patch by Mark Lam <mark.lam@apple.com> on 2012-08-31
      Reviewed by Filip Pizlo.
      
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      * jit/JITExceptions.cpp:
      (JSC::genericThrow): Use ExecutableBase::catchRoutineFor() to fetch
          fetch the catch routine for a thrown exception.  This will allow
          us to redefine that for the C loop later, and still keep this
          code readable.
      * llint/LLIntOfflineAsmConfig.h: Moved ASM macros to
          LowLevelInterpreter.cpp which is the only place they are used. This
          will make it more convenient to redefine them for the C loop later.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::setUpCall): Use ExecutableBase's hostCodeEntry()
          jsCodeEntryFor(), and jsCodeWithArityCheckEntryFor() for computing
          the entry points to functions being called.
      * llint/LLIntSlowPaths.h:
      (SlowPathReturnType):
      (JSC::LLInt::encodeResult):
      (LLInt):
      (JSC::LLInt::decodeResult): Added.  Needed by LLInt C Loop later.
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter.cpp:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/asm.rb: Disambiguate between opcodes and other labels.
      * offlineasm/config.rb:
      * runtime/Executable.h:
      (JSC::ExecutableBase::hostCodeEntryFor): Added.
      (ExecutableBase):
      (JSC::ExecutableBase::jsCodeEntryFor): Added.
      (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor): Added.
      (JSC::ExecutableBase::catchRoutineFor): Added.
      * runtime/JSValueInlineMethods.h:
      (JSC):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127333 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      eebad5de
  19. 01 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should fold double-to-int conversions · 0c31ace9
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=77532
      
      Reviewed by Oliver Hunt.
              
      Performance neutral on major benchmarks. But it makes calling V8's
      Math.random() 4x faster.
      
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::addOrFindConstant):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::addConstant):
      (CodeBlock):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::toInt32):
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getJSConstantForValue):
      (JSC::DFG::ByteCodeParser::isInt32Constant):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::addShouldSpeculateInteger):
      (Graph):
      (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::doRoundOfDoubleVoting):
      (JSC::DFG::Propagator::fixupNode):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::asDouble):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106502 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0c31ace9
  20. 28 Oct, 2011 1 commit
    • haraken@chromium.org's avatar
      Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL · 105c0681
      haraken@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=70215
      
      Reviewed by Adam Barth.
      
      Source/JavaScriptCore:
      
      Added a method that judges if a given JSValue is empty.
      
      Tests: transforms/svg-vs-css.xhtml
             transforms/cssmatrix-2d-interface.xhtml
             transforms/cssmatrix-3d-interface.xhtml
      
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::isEmpty):
      
      Source/WebCore:
      
      This patch implements [Optional=CallWithNullValue] IDL for JSC.
      While a parameter specified as [Optional=CallWithDefaultValue] is
      handled as a string "undefined", a parameter specified as
      [Optional=CallWithNullValue] is handled as a null string.
      (Note: not a string "null", but a null string).
      
      c.f. [Optional=CallWithNullValue] is implemented in V8 in bug 67458.
      
      Tests: fast/dom/global-constructors.html
             transforms/svg-vs-css.xhtml
             transforms/cssmatrix-2d-interface.xhtml
             transforms/cssmatrix-3d-interface.xhtml
      
      * GNUmakefile.list.am: Removed JSWebKitCSSMatrixCustom.cpp.
      * UseJSC.cmake: Ditto.
      * WebCore.gypi: Ditto.
      * WebCore.pro: Ditto.
      * WebCore.xcodeproj/project.pbxproj: Ditto.
      * bindings/js/JSBindingsAllInOne.cpp: Ditto.
      * bindings/js/JSDOMBinding.h: MAYBE_MISSING_PARAMETER(exec, index, policy) returns the index-th parameter, if the parameter exists. It returns an undefined value, if the index-th parameter is missing and the policy is MissingIsUndefined. It returns an empty value, otherwise (i.e. if the index-th parameter is missing and the policy is MissingIsEmpty).
      * bindings/js/JSWebKitCSSMatrixCustom.cpp: Removed.
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateParametersCheck): Supported [Optional=CallWithNullValue].
      (GenerateConstructorDefinition): Supported [Optional=CallWithNullValue].
      * css/WebKitCSSMatrix.idl: Removed [JSCustomConstructor].
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@98679 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      105c0681
  21. 05 Oct, 2011 2 commits
    • ggaren@apple.com's avatar
      Removed JSValue::toJSNumber · 4e3039d5
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69399
      
      No perf. change.
      
      toJSNumber() used to provide an implicit fast path for immediate numbers,
      but those fast paths are all explicit now, so it's just cruft.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96717 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4e3039d5
    • ggaren@apple.com's avatar
      Some JSValue cleanup · 7831f0c3
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69320
      
      ../JavaScriptCore: 
      
      Reviewed by Darin Adler.
              
      No measurable performance change.
      
      Removed some JSValue::get* functions. get* used to be an optimization
      when every value operation was a virtual function call: get* would combine
      two virtual calls into one. Now, with non-virtual, inlined functions, get*
      isn't faster, and may be slightly slower.
      
      Merged getBoolean(bool&) and getBoolean() into asBoolean().
      
      Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
      asNumber().
      
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::asNumber):
      (JSC::JSValue::asBoolean): As promised!
      
      * runtime/NumberPrototype.cpp:
      (JSC::toThisNumber):
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      (JSC::numberProtoFuncToLocaleString):
      (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
      by switching to toThisNumber().
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::toNumber):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueOfNumberConstant):
      (JSC::DFG::Graph::valueOfBooleanConstant):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/DateInstance.h:
      (JSC::DateInstance::internalNumber):
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncBind):
      * runtime/JSArray.cpp:
      (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
      getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
      
      * runtime/JSCell.cpp:
      * runtime/JSCell.h: Nixed getJSNumber().
      
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncParseInt):
      * runtime/JSONObject.cpp:
      (JSC::gap):
      (JSC::Stringifier::Stringifier):
      (JSC::Stringifier::appendStringifiedValue):
      * runtime/NumberObject.cpp:
      * runtime/NumberObject.h:
      (JSC::NumberObject::createStructure):
      * runtime/Operations.h:
      (JSC::JSValue::equalSlowCaseInline):
      (JSC::JSValue::strictEqual):
      (JSC::jsLess):
      (JSC::jsLessEq):
      (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
      getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
      
      ../WebCore: 
      
      Reviewed by Darin Adler.
      
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::valueToDate):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JSSQLTransactionCustom.cpp:
      (WebCore::JSSQLTransaction::executeSql):
      * bindings/js/JSSQLTransactionSyncCustom.cpp:
      (WebCore::JSSQLTransactionSync::executeSql):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::dumpIfTerminal):
      * bindings/objc/WebScriptObject.mm:
      (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
      * bridge/jni/jsc/JNIUtilityPrivate.cpp:
      (JSC::Bindings::convertValueToJValue): Updated for JSC changes.
      
      ../WebKit/mac: 
      
      Reviewed by Darin Adler.
      
      * WebView/WebView.mm:
      (aeDescFromJSValue): Updated for JSC changes.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96673 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7831f0c3
  22. 30 Jul, 2011 1 commit
    • fpizlo@apple.com's avatar
      JSC GC zombie support no longer works, and is likely no longer needed. · 2f1f3943
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=65404
      
      Reviewed by Darin Adler.
      
      This removes zombies, because they no longer work, are not tested, are
      probably not needed, and are getting in the way of GC optimization
      work.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/Handle.h:
      (JSC::HandleConverter::operator->):
      (JSC::HandleConverter::operator*):
      * heap/HandleHeap.cpp:
      (JSC::HandleHeap::isValidWeakNode):
      * heap/Heap.cpp:
      (JSC::Heap::destroy):
      (JSC::Heap::collect):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweep):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::clearMarks):
      * interpreter/Register.h:
      (JSC::Register::Register):
      (JSC::Register::operator=):
      * runtime/ArgList.h:
      (JSC::MarkedArgumentBuffer::append):
      (JSC::ArgList::ArgList):
      * runtime/JSCell.cpp:
      (JSC::isZombie):
      * runtime/JSCell.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::clearBuiltinStructures):
      * runtime/JSGlobalData.h:
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::JSValue):
      * runtime/JSZombie.cpp: Removed.
      * runtime/JSZombie.h: Removed.
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::setEarlyValue):
      (JSC::WriteBarrierBase::operator*):
      (JSC::WriteBarrierBase::setWithoutWriteBarrier):
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@92046 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2f1f3943
  23. 11 Jun, 2011 1 commit
    • barraclough@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=16777 · f1fa579d
      barraclough@apple.com authored
      Eliminate JSC::NaN and JSC::Inf
      
      Reviewed by Sam Weinig.
      
      There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
      The ones in std::numeric_limits are perfectly good.
      Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackObjectFunctions.h:
      (JSC::::toNumber):
      * API/JSValueRef.cpp:
      (JSValueMakeNumber):
      (JSValueToNumber):
      * JavaScriptCore.exp:
      * runtime/CachedTranscendentalFunction.h:
      (JSC::CachedTranscendentalFunction::initialize):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateInstanceCache.h:
      (JSC::DateInstanceData::DateInstanceData):
      (JSC::DateInstanceCache::reset):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSValue::getPrimitiveNumber):
      (JSC::JSCell::JSValue::toNumber):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::resetDateCache):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::globalFuncParseInt):
      (JSC::globalFuncIsFinite):
      * runtime/JSNotAnObject.cpp:
      (JSC::JSNotAnObject::toNumber):
      * runtime/JSValue.cpp:
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::jsNaN):
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax):
      (JSC::mathProtoFuncMin):
      * runtime/NumberConstructor.cpp:
      (JSC::numberConstructorNegInfinity):
      (JSC::numberConstructorPosInfinity):
      * runtime/NumberPrototype.cpp:
      (JSC::numberProtoFuncToExponential):
      (JSC::numberProtoFuncToFixed):
      (JSC::numberProtoFuncToPrecision):
      (JSC::numberProtoFuncToString):
      * runtime/UString.cpp:
      * wtf/DecimalNumber.h:
      (WTF::DecimalNumber::DecimalNumber):
      * wtf/dtoa.cpp:
      (WTF::dtoa):
      
      Source/WebCore: 
      
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f1fa579d
  24. 11 Apr, 2011 2 commits
    • barraclough@apple.com's avatar
      Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64 · 560dde7c
      barraclough@apple.com authored
      Reviewed by Sam Weinig.
      
      The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload
      separately on JSVALUE64, even though EncodedValueDescriptor is not used in
      JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr
      on X86_64. Using the union allows us to remove a layer of makeImmediate()/
      immedaiteValue() methods.
      
      * dfg/DFGNonSpeculativeJIT.cpp:
      (JSC::DFG::NonSpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitTagAsBoolImmediate):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_not):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      (JSC::JIT::emitSlow_op_not):
      * runtime/JSCell.h:
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::encode):
      (JSC::JSValue::decode):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::asInt32):
      (JSC::JSValue::isUndefinedOrNull):
      (JSC::JSValue::isBoolean):
      (JSC::JSValue::isCell):
      (JSC::JSValue::isInt32):
      (JSC::JSValue::asDouble):
      (JSC::JSValue::isNumber):
      (JSC::JSValue::asCell):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83517 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      560dde7c
    • barraclough@apple.com's avatar
      Bug 58198 - Clean up JSValue implementation for JSVALUE64 · c6441e68
      barraclough@apple.com authored
      Reviewed by Sam Weinig.
      
      Source/JavaScriptCore: 
      
      Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64
      
      JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64,
      which should not have been here.  JSImmediate mostly contained uncalled methods,
      along with the internal implementation of the JSValue constructors split unnecessarily
      across a number of layers of function calls. These could largely be merged back
      together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified.
      
      The .cpp files were empty.
      
      Moving all these methods into JSValue.h seems to be a repro measurable regression, so
      I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag
      values as static const members of JSValue also measures as a repro regression, so I
      have made these #defines.
      
      * Android.mk:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.gypi:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
          - Removed JSImmediate.h, JSNumberCell.h.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitLoad):
          - Removed class JSImmediate.
      * dfg/DFGNonSpeculativeJIT.cpp:
      (JSC::DFG::NonSpeculativeJIT::compile):
          - Removed class JSImmediate.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
          - Removed class JSImmediate.
      * jit/JITArithmetic.cpp:
      (JSC::JIT::compileBinaryArithOpSlowCase):
          - Removed class JSImmediate.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitJumpIfJSCell):
      (JSC::JIT::emitJumpIfNotJSCell):
      (JSC::JIT::emitJumpIfImmediateInteger):
      (JSC::JIT::emitJumpIfNotImmediateInteger):
      (JSC::JIT::emitFastArithDeTagImmediate):
      (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
      (JSC::JIT::emitFastArithReTagImmediate):
      (JSC::JIT::emitTagAsBoolImmediate):
          - Removed class JSImmediate.
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_not):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      (JSC::JIT::emitSlow_op_not):
          - Removed class JSImmediate.
      * jit/JSInterfaceJIT.h:
          - Removed class JSImmediate.
      * runtime/JSCell.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * runtime/JSImmediate.cpp: Removed.
      * runtime/JSImmediate.h: Removed.
      * runtime/JSNumberCell.cpp: Removed.
      * runtime/JSNumberCell.h: Removed.
          - Removed.
      * runtime/JSObject.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * runtime/JSString.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * runtime/JSValue.h:
          - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64.
      * runtime/JSValueInlineMethods.h: Added.
      (JSC::JSValue::toInt32):
      (JSC::JSValue::toUInt32):
      (JSC::JSValue::isUInt32):
      (JSC::JSValue::asUInt32):
      (JSC::JSValue::uncheckedGetNumber):
      (JSC::JSValue::toJSNumber):
      (JSC::jsNaN):
      (JSC::JSValue::getNumber):
      (JSC::JSValue::getBoolean):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::encode):
      (JSC::JSValue::decode):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::JSValue::isUndefined):
      (JSC::JSValue::isNull):
      (JSC::JSValue::isUndefinedOrNull):
      (JSC::JSValue::isCell):
      (JSC::JSValue::isInt32):
      (JSC::JSValue::isDouble):
      (JSC::JSValue::isTrue):
      (JSC::JSValue::isFalse):
      (JSC::JSValue::tag):
      (JSC::JSValue::payload):
      (JSC::JSValue::asInt32):
      (JSC::JSValue::asDouble):
      (JSC::JSValue::asCell):
      (JSC::JSValue::isNumber):
      (JSC::JSValue::isBoolean):
      (JSC::JSValue::makeImmediate):
      (JSC::JSValue::immediateValue):
      (JSC::reinterpretDoubleToIntptr):
      (JSC::reinterpretIntptrToDouble):
          - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h.
      * runtime/Operations.h:
          - Removed JSImmediate.h, JSNumberCell.h.
      * wtf/StdLibExtras.h:
          - Export bitwise_cast.
      
      Source/WebCore: 
      
      JSNumberCell.h has been deprecated.
      
      * ForwardingHeaders/runtime/JSNumberCell.h: Removed.
      * bindings/scripts/CodeGeneratorJS.pm:
      * bridge/c/c_instance.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83459 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6441e68