https://bugs.webkit.org/show_bug.cgi?id=127111

Patch by Peter Molnar <pmolnar.u-szeged@partner.samsung.com> on 2014-01-16
Reviewed by Anders Carlsson.

Now all compilers support explicit override control, this workaround can be removed.

Source/JavaScriptCore:

* API/JSAPIWrapperObject.mm:
* API/JSCallbackObject.h:
* API/JSManagedValue.mm:
* API/JSScriptRef.cpp:
* bytecode/CodeBlock.h:
* bytecode/CodeBlockJettisoningWatchpoint.h:
* bytecode/ProfiledCodeBlockJettisoningWatchpoint.h:
* bytecode/StructureStubClearingWatchpoint.h:
* dfg/DFGArrayifySlowPathGenerator.h:
* dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
* dfg/DFGFailedFinalizer.h:
* dfg/DFGJITCode.h:
* dfg/DFGJITFinalizer.h:
* dfg/DFGSaneStringGetByValSlowPathGenerator.h:
* dfg/DFGSlowPathGenerator.h:
* dfg/DFGSpeculativeJIT64.cpp:
* heap/Heap.h:
* heap/IncrementalSweeper.h:
* heap/SuperRegion.h:
* inspector/InspectorValues.h:
* inspector/JSGlobalObjectInspectorController.h:
* inspector/agents/InspectorAgent.h:
* inspector/remote/RemoteInspector.h:
* inspector/remote/RemoteInspectorDebuggableConnection.h:
* inspector/scripts/CodeGeneratorInspector.py:
(Generator.go):
* jit/ClosureCallStubRoutine.h:
* jit/ExecutableAllocatorFixedVMPool.cpp:
* jit/GCAwareJITStubRoutine.h:
* jit/JITCode.h:
* jit/JITToDFGDeferredCompilationCallback.h:
* parser/Nodes.h:
* parser/SourceProvider.h:
* runtime/DataView.h:
* runtime/GCActivityCallback.h:
* runtime/GenericTypedArrayView.h:
* runtime/JSGlobalObjectDebuggable.h:
* runtime/JSPromiseReaction.cpp:
* runtime/RegExpCache.h:
* runtime/SimpleTypedArrayController.h:
* runtime/SymbolTable.h:
* runtime/WeakMapData.h:

Source/WebCore:

* Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
* Modules/encryptedmedia/CDMPrivateAVFoundation.h:
* Modules/encryptedmedia/CDMPrivateAVFoundation.mm:
* Modules/encryptedmedia/MediaKeyMessageEvent.h:
* Modules/encryptedmedia/MediaKeyNeededEvent.h:
* Modules/encryptedmedia/MediaKeySession.h:
* Modules/encryptedmedia/MediaKeys.h:
* Modules/geolocation/Geolocation.h:
* Modules/indexeddb/DOMWindowIndexedDatabase.h:
* Modules/indexeddb/IDBCursorBackendOperations.h:
* Modules/indexeddb/IDBCursorWithValue.h:
* Modules/indexeddb/IDBDatabase.h:
* Modules/indexeddb/IDBDatabaseCallbacksImpl.h:
* Modules/indexeddb/IDBOpenDBRequest.h:
* Modules/indexeddb/IDBRequest.h:
* Modules/indexeddb/IDBTransaction.h:
* Modules/indexeddb/IDBTransactionBackendOperations.h:
* Modules/indexeddb/leveldb/IDBBackingStoreLevelDB.cpp:
* Modules/indexeddb/leveldb/IDBFactoryBackendLevelDB.h:
* Modules/indexeddb/leveldb/IDBServerConnectionLevelDB.h:
* Modules/indieui/UIRequestEvent.h:
* Modules/mediasource/MediaSource.h:
* Modules/mediasource/MediaSourceRegistry.h:
* Modules/mediasource/SourceBuffer.h:
* Modules/mediasource/SourceBufferList.h:
* Modules/mediastream/AudioStreamTrack.h:
* Modules/mediastream/MediaConstraintsImpl.h:
* Modules/mediastream/MediaStream.h:
* Modules/mediastream/MediaStreamRegistry.h:
* Modules/mediastream/MediaStreamTrack.h:
* Modules/mediastream/MediaStreamTrackEvent.h:
* Modules/mediastream/MediaStreamTrackSourcesRequest.h:
* Modules/mediastream/RTCDTMFSender.h:
* Modules/mediastream/RTCDataChannel.h:
* Modules/mediastream/RTCPeerConnection.h:
* Modules/mediastream/RTCSessionDescriptionRequestImpl.h:
* Modules/mediastream/RTCStatsRequestImpl.h:
* Modules/mediastream/RTCStatsResponse.h:
* Modules/mediastream/RTCVoidRequestImpl.h:
* Modules/mediastream/UserMediaRequest.h:
* Modules/mediastream/VideoStreamTrack.h:
* Modules/networkinfo/NetworkInfoConnection.h:
* Modules/notifications/DOMWindowNotifications.h:
* Modules/notifications/Notification.h:
* Modules/notifications/NotificationCenter.h:
* Modules/plugins/QuickTimePluginReplacement.h:
* Modules/speech/SpeechRecognition.h:
* Modules/speech/SpeechRecognitionError.h:
* Modules/speech/SpeechRecognitionEvent.h:
* Modules/speech/SpeechSynthesis.h:
* Modules/speech/SpeechSynthesisUtterance.h:
* Modules/webaudio/AnalyserNode.h:
* Modules/webaudio/AudioBasicInspectorNode.h:
* Modules/webaudio/AudioBasicProcessorNode.h:
* Modules/webaudio/AudioBufferSourceNode.h:
* Modules/webaudio/AudioContext.h:
* Modules/webaudio/AudioDestinationNode.h:
* Modules/webaudio/AudioNode.h:
* Modules/webaudio/AudioNodeInput.h:
* Modules/webaudio/AudioParam.h:
* Modules/webaudio/AudioProcessingEvent.h:
* Modules/webaudio/BiquadDSPKernel.h:
* Modules/webaudio/BiquadProcessor.h:
* Modules/webaudio/ChannelMergerNode.h:
* Modules/webaudio/ChannelSplitterNode.h:
* Modules/webaudio/ConvolverNode.h:
* Modules/webaudio/DefaultAudioDestinationNode.h:
* Modules/webaudio/DelayDSPKernel.h:
* Modules/webaudio/DelayProcessor.h:
* Modules/webaudio/DynamicsCompressorNode.h:
* Modules/webaudio/GainNode.h:
* Modules/webaudio/MediaElementAudioSourceNode.h:
* Modules/webaudio/MediaStreamAudioDestinationNode.h:
* Modules/webaudio/MediaStreamAudioSourceNode.h:
* Modules/webaudio/OfflineAudioCompletionEvent.h:
* Modules/webaudio/OfflineAudioDestinationNode.h:
* Modules/webaudio/OscillatorNode.h:
* Modules/webaudio/PannerNode.h:
* Modules/webaudio/ScriptProcessorNode.h:
* Modules/webaudio/WaveShaperDSPKernel.h:
* Modules/webaudio/WaveShaperProcessor.h:
* Modules/webdatabase/DatabaseTask.h:
* Modules/webdatabase/SQLTransaction.h:
* Modules/webdatabase/SQLTransactionBackend.h:
* Modules/websockets/CloseEvent.h:
* Modules/websockets/WebSocket.h:
* Modules/websockets/WebSocketChannel.h:
* Modules/websockets/WebSocketDeflateFramer.cpp:
* Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
* Modules/websockets/WorkerThreadableWebSocketChannel.h:
* accessibility/AccessibilityARIAGrid.h:
* accessibility/AccessibilityARIAGridCell.h:
* accessibility/AccessibilityARIAGridRow.h:
* accessibility/AccessibilityImageMapLink.h:
* accessibility/AccessibilityList.h:
* accessibility/AccessibilityListBox.h:
* accessibility/AccessibilityListBoxOption.h:
* accessibility/AccessibilityMediaControls.h:
* accessibility/AccessibilityMenuList.h:
* accessibility/AccessibilityMenuListOption.h:
* accessibility/AccessibilityMenuListPopup.h:
* accessibility/AccessibilityMockObject.h:
* accessibility/AccessibilityNodeObject.h:
* accessibility/AccessibilityProgressIndicator.h:
* accessibility/AccessibilityRenderObject.h:
* accessibility/AccessibilitySVGRoot.h:
* accessibility/AccessibilityScrollView.h:
* accessibility/AccessibilityScrollbar.h:
* accessibility/AccessibilitySearchFieldButtons.h:
* accessibility/AccessibilitySlider.h:
* accessibility/AccessibilitySpinButton.h:
* accessibility/AccessibilityTable.h:
* accessibility/AccessibilityTableCell.h:
* accessibility/AccessibilityTableColumn.h:
* accessibility/AccessibilityTableHeaderContainer.h:
* accessibility/AccessibilityTableRow.h:
* bindings/js/JSCryptoAlgorithmBuilder.h:
* bindings/js/JSCryptoKeySerializationJWK.h:
* bindings/js/JSDOMGlobalObjectTask.h:
* bindings/js/JSEventListener.h:
* bindings/js/JSLazyEventListener.h:
* bindings/js/JSMutationCallback.h:
* bindings/js/PageScriptDebugServer.h:
* bindings/js/ScriptDebugServer.h:
* bindings/js/WebCoreTypedArrayController.h:
* bindings/js/WorkerScriptDebugServer.h:
* bridge/c/c_class.h:
* bridge/c/c_instance.h:
* bridge/c/c_runtime.h:
* bridge/runtime_root.h:
* crypto/algorithms/CryptoAlgorithmAES_CBC.h:
* crypto/algorithms/CryptoAlgorithmAES_KW.h:
* crypto/algorithms/CryptoAlgorithmHMAC.h:
* crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
* crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
* crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
* crypto/algorithms/CryptoAlgorithmSHA1.h:
* crypto/algorithms/CryptoAlgorithmSHA224.h:
* crypto/algorithms/CryptoAlgorithmSHA256.h:
* crypto/algorithms/CryptoAlgorithmSHA384.h:
* crypto/algorithms/CryptoAlgorithmSHA512.h:
* crypto/keys/CryptoKeyAES.h:
* crypto/keys/CryptoKeyHMAC.h:
* crypto/keys/CryptoKeyRSA.h:
* crypto/keys/CryptoKeySerializationRaw.h:
* crypto/parameters/CryptoAlgorithmAesCbcParams.h:
* crypto/parameters/CryptoAlgorithmAesKeyGenParams.h:
* crypto/parameters/CryptoAlgorithmHmacKeyParams.h:
* crypto/parameters/CryptoAlgorithmHmacParams.h:
* crypto/parameters/CryptoAlgorithmRsaKeyGenParams.h:
* crypto/parameters/CryptoAlgorithmRsaKeyParamsWithHash.h:
* crypto/parameters/CryptoAlgorithmRsaOaepParams.h:
* crypto/parameters/CryptoAlgorithmRsaSsaParams.h:
* css/CSSBasicShapes.h:
* css/CSSCanvasValue.h:
* css/CSSCharsetRule.h:
* css/CSSComputedStyleDeclaration.h:
* css/CSSCrossfadeValue.h:
* css/CSSFilterImageValue.h:
* css/CSSFontFaceRule.h:
* css/CSSFontSelector.h:
* css/CSSGroupingRule.h:
* css/CSSHostRule.h:
* css/CSSImportRule.h:
* css/CSSMediaRule.h:
* css/CSSPageRule.h:
* css/CSSStyleRule.h:
* css/CSSStyleSheet.h:
* css/CSSSupportsRule.h:
* css/CSSUnknownRule.h:
* css/FontLoader.cpp:
* css/FontLoader.h:
* css/PropertySetCSSStyleDeclaration.h:
* css/WebKitCSSFilterRule.h:
* css/WebKitCSSKeyframeRule.h:
* css/WebKitCSSKeyframesRule.h:
* css/WebKitCSSRegionRule.h:
* css/WebKitCSSViewportRule.h:
* dom/Attr.h:
* dom/BeforeTextInsertedEvent.h:
* dom/BeforeUnloadEvent.h:
* dom/CDATASection.h:
* dom/CharacterData.h:
* dom/ChildNodeList.h:
* dom/Clipboard.cpp:
* dom/ClipboardEvent.h:
* dom/ContainerNode.h:
* dom/DOMImplementation.cpp:
* dom/DatasetDOMStringMap.h:
* dom/DeviceMotionController.h:
* dom/DeviceOrientationController.h:
* dom/Document.h:
* dom/DocumentEventQueue.cpp:
* dom/DocumentEventQueue.h:
* dom/DocumentFragment.h:
* dom/Element.h:
* dom/ErrorEvent.h:
* dom/EventContext.h:
* dom/EventTarget.h:
* dom/FocusEvent.h:
* dom/KeyboardEvent.h:
* dom/LiveNodeList.h:
* dom/MessagePort.h:
* dom/MouseEvent.h:
* dom/MutationRecord.cpp:
* dom/Node.h:
* dom/PageTransitionEvent.h:
* dom/ProcessingInstruction.h:
* dom/ProgressEvent.h:
* dom/PseudoElement.h:
* dom/ScriptExecutionContext.h:
* dom/ShadowRoot.h:
* dom/StaticNodeList.h:
* dom/StyledElement.h:
* dom/TagNodeList.h:
* dom/TemplateContentDocumentFragment.h:
* dom/Text.h:
* dom/TextEvent.h:
* dom/TouchEvent.h:
* dom/TransitionEvent.h:
* dom/UIEvent.h:
* dom/WebKitAnimationEvent.h:
* dom/WebKitNamedFlow.h:
* dom/WebKitTransitionEvent.h:
* editing/AppendNodeCommand.h:
* editing/ApplyBlockElementCommand.h:
* editing/ApplyStyleCommand.h:
* editing/BreakBlockquoteCommand.h:
* editing/CompositeEditCommand.h:
* editing/DeleteButton.h:
* editing/DeleteFromTextNodeCommand.h:
* editing/EditCommand.h:
* editing/InsertIntoTextNodeCommand.h:
* editing/InsertNodeBeforeCommand.h:
* editing/InsertTextCommand.h:
* editing/MergeIdenticalElementsCommand.h:
* editing/RemoveCSSPropertyCommand.h:
* editing/RemoveNodeCommand.h:
* editing/ReplaceNodeWithSpanCommand.h:
* editing/SetNodeAttributeCommand.h:
* editing/SetSelectionCommand.h:
* editing/SpellChecker.h:
* editing/SpellingCorrectionCommand.cpp:
* editing/SpellingCorrectionCommand.h:
* editing/SplitElementCommand.h:
* editing/SplitTextNodeCommand.h:
* editing/WrapContentsInDummySpanCommand.h:
* editing/ios/EditorIOS.mm:
* editing/markup.cpp:
* fileapi/Blob.cpp:
* fileapi/Blob.h:
* fileapi/File.h:
* fileapi/FileReader.h:
* fileapi/FileThreadTask.h:
* history/BackForwardList.h:
* html/BaseButtonInputType.h:
* html/BaseCheckableInputType.h:
* html/BaseChooserOnlyDateAndTimeInputType.h:
* html/BaseClickableWithKeyInputType.h:
* html/BaseDateAndTimeInputType.h:
* html/BaseTextInputType.h:
* html/ButtonInputType.h:
* html/CheckboxInputType.h:
* html/ClassList.h:
* html/ColorInputType.h:
* html/DOMSettableTokenList.h:
* html/DateInputType.h:
* html/DateTimeInputType.h:
* html/DateTimeLocalInputType.h:
* html/EmailInputType.h:
* html/FTPDirectoryDocument.cpp:
* html/FileInputType.h:
* html/FormAssociatedElement.cpp:
* html/FormAssociatedElement.h:
* html/HTMLAnchorElement.h:
* html/HTMLAppletElement.h:
* html/HTMLAreaElement.h:
* html/HTMLBRElement.h:
* html/HTMLBaseElement.h:
* html/HTMLBodyElement.h:
* html/HTMLButtonElement.h:
* html/HTMLCanvasElement.h:
* html/HTMLDetailsElement.cpp:
* html/HTMLDetailsElement.h:
* html/HTMLDivElement.h:
* html/HTMLDocument.h:
* html/HTMLElement.h:
* html/HTMLEmbedElement.h:
* html/HTMLFieldSetElement.h:
* html/HTMLFontElement.h:
* html/HTMLFormControlElement.h:
* html/HTMLFormControlElementWithState.h:
* html/HTMLFormControlsCollection.h:
* html/HTMLFormElement.h:
* html/HTMLFrameElement.h:
* html/HTMLFrameElementBase.h:
* html/HTMLFrameOwnerElement.h:
* html/HTMLFrameSetElement.h:
* html/HTMLHRElement.h:
* html/HTMLHtmlElement.h:
* html/HTMLIFrameElement.h:
* html/HTMLImageElement.h:
* html/HTMLImageLoader.h:
* html/HTMLInputElement.cpp:
* html/HTMLInputElement.h:
* html/HTMLKeygenElement.h:
* html/HTMLLIElement.h:
* html/HTMLLabelElement.h:
* html/HTMLLegendElement.h:
* html/HTMLLinkElement.h:
* html/HTMLMapElement.h:
* html/HTMLMarqueeElement.h:
* html/HTMLMediaElement.h:
* html/HTMLMediaSession.h:
* html/HTMLMediaSource.h:
* html/HTMLMetaElement.h:
* html/HTMLMeterElement.h:
* html/HTMLModElement.h:
* html/HTMLOListElement.h:
* html/HTMLObjectElement.h:
* html/HTMLOptGroupElement.h:
* html/HTMLOptionElement.h:
* html/HTMLOutputElement.h:
* html/HTMLParagraphElement.h:
* html/HTMLParamElement.h:
* html/HTMLPlugInElement.h:
* html/HTMLPlugInImageElement.h:
* html/HTMLPreElement.h:
* html/HTMLProgressElement.h:
* html/HTMLQuoteElement.h:
* html/HTMLScriptElement.h:
* html/HTMLSelectElement.h:
* html/HTMLSourceElement.h:
* html/HTMLStyleElement.h:
* html/HTMLSummaryElement.h:
* html/HTMLTableCaptionElement.h:
* html/HTMLTableCellElement.h:
* html/HTMLTableColElement.h:
* html/HTMLTableElement.h:
* html/HTMLTablePartElement.h:
* html/HTMLTableRowsCollection.h:
* html/HTMLTableSectionElement.h:
* html/HTMLTemplateElement.h:
* html/HTMLTextAreaElement.h:
* html/HTMLTextFormControlElement.h:
* html/HTMLTitleElement.h:
* html/HTMLTrackElement.h:
* html/HTMLUListElement.h:
* html/HTMLUnknownElement.h:
* html/HTMLVideoElement.h:
* html/HiddenInputType.h:
* html/ImageDocument.cpp:
* html/ImageInputType.h:
* html/LabelableElement.h:
* html/LabelsNodeList.h:
* html/MediaController.h:
* html/MonthInputType.h:
* html/NumberInputType.h:
* html/PasswordInputType.h:
* html/PluginDocument.h:
* html/RadioInputType.h:
* html/RangeInputType.h:
* html/ResetInputType.h:
* html/SearchInputType.h:
* html/SubmitInputType.h:
* html/TelephoneInputType.h:
* html/TextFieldInputType.h:
* html/TextInputType.h:
* html/TimeInputType.h:
* html/URLInputType.h:
* html/WeekInputType.h:
* html/canvas/CanvasRenderingContext2D.cpp:
* html/canvas/CanvasRenderingContext2D.h:
* html/canvas/WebGLRenderingContext.h:
* html/parser/HTMLDocumentParser.h:
* html/parser/TextDocumentParser.h:
* html/shadow/DetailsMarkerControl.h:
* html/shadow/InsertionPoint.h:
* html/shadow/MediaControlElementTypes.h:
* html/shadow/MediaControlElements.h:
* html/shadow/MediaControls.h:
* html/shadow/MediaControlsApple.h:
* html/shadow/MediaControlsGtk.h:
* html/shadow/MeterShadowElement.h:
* html/shadow/ProgressShadowElement.h:
* html/shadow/SliderThumbElement.cpp:
* html/shadow/SliderThumbElement.h:
* html/shadow/SpinButtonElement.h:
* html/shadow/TextControlInnerElements.h:
* html/shadow/YouTubeEmbedShadowElement.h:
* html/track/AudioTrack.h:
* html/track/AudioTrackList.h:
* html/track/InbandGenericTextTrack.h:
* html/track/InbandTextTrack.h:
* html/track/InbandWebVTTTextTrack.h:
* html/track/LoadableTextTrack.h:
* html/track/TextTrack.h:
* html/track/TextTrackCue.h:
* html/track/TextTrackCueGeneric.cpp:
* html/track/TextTrackCueGeneric.h:
* html/track/TextTrackList.h:
* html/track/TrackListBase.h:
* html/track/VideoTrack.h:
* html/track/VideoTrackList.h:
* html/track/WebVTTElement.h:
* inspector/CommandLineAPIModule.h:
* inspector/InjectedScriptCanvasModule.h:
* inspector/InspectorApplicationCacheAgent.h:
* inspector/InspectorCSSAgent.h:
* inspector/InspectorCanvasAgent.h:
* inspector/InspectorConsoleAgent.cpp:
* inspector/InspectorConsoleAgent.h:
* inspector/InspectorController.h:
* inspector/InspectorDOMAgent.h:
* inspector/InspectorDOMDebuggerAgent.h:
* inspector/InspectorDOMStorageAgent.h:
* inspector/InspectorDatabaseAgent.h:
* inspector/InspectorDebuggerAgent.h:
* inspector/InspectorHeapProfilerAgent.h:
* inspector/InspectorIndexedDBAgent.cpp:
* inspector/InspectorIndexedDBAgent.h:
* inspector/InspectorInputAgent.h:
* inspector/InspectorLayerTreeAgent.h:
* inspector/InspectorMemoryAgent.h:
* inspector/InspectorPageAgent.h:
* inspector/InspectorProfilerAgent.h:
* inspector/InspectorResourceAgent.h:
* inspector/InspectorTimelineAgent.h:
* inspector/InspectorWorkerAgent.h:
* inspector/PageConsoleAgent.cpp:
* inspector/PageConsoleAgent.h:
* inspector/PageInjectedScriptHost.h:
* inspector/PageInjectedScriptManager.h:
* inspector/PageRuntimeAgent.h:
* inspector/WorkerConsoleAgent.h:
* inspector/WorkerDebuggerAgent.h:
* inspector/WorkerInspectorController.h:
* inspector/WorkerRuntimeAgent.h:
* loader/DocumentLoader.h:
* loader/EmptyClients.h:
* loader/FrameNetworkingContext.h:
* loader/ImageLoader.h:
* loader/NavigationScheduler.cpp:
* loader/NetscapePlugInStreamLoader.h:
* loader/PingLoader.h:
* loader/ResourceLoader.h:
* loader/SubresourceLoader.h:
* loader/WorkerThreadableLoader.h:
* loader/appcache/ApplicationCacheGroup.cpp:
* loader/appcache/ApplicationCacheGroup.h:
* loader/appcache/DOMApplicationCache.h:
* loader/archive/cf/LegacyWebArchive.h:
* loader/cache/CachedCSSStyleSheet.h:
* loader/cache/CachedFont.h:
* loader/cache/CachedFontClient.h:
* loader/cache/CachedImage.h:
* loader/cache/CachedImageClient.h:
* loader/cache/CachedRawResource.h:
* loader/cache/CachedRawResourceClient.h:
* loader/cache/CachedSVGDocument.h:
* loader/cache/CachedSVGDocumentClient.h:
* loader/cache/CachedScript.h:
* loader/cache/CachedShader.h:
* loader/cache/CachedStyleSheetClient.h:
* loader/cache/CachedTextTrack.h:
* loader/cache/CachedXSLStyleSheet.h:
* loader/icon/IconLoader.h:
* mathml/MathMLElement.h:
* mathml/MathMLInlineContainerElement.h:
* mathml/MathMLMathElement.h:
* mathml/MathMLSelectElement.h:
* mathml/MathMLTextElement.h:
* page/CaptionUserPreferencesMediaAF.h:
* page/Chrome.h:
* page/DOMTimer.h:
* page/DOMWindow.h:
* page/DOMWindowExtension.h:
* page/EventSource.h:
* page/Frame.h:
* page/FrameView.h:
* page/PageDebuggable.h:
* page/PageSerializer.cpp:
* page/Performance.h:
* page/SuspendableTimer.h:
* page/animation/ImplicitAnimation.h:
* page/animation/KeyframeAnimation.h:
* page/scrolling/AsyncScrollingCoordinator.h:
* page/scrolling/ScrollingConstraints.h:
* page/scrolling/ScrollingStateFixedNode.h:
* page/scrolling/ScrollingStateScrollingNode.h:
* page/scrolling/ScrollingStateStickyNode.h:
* page/scrolling/ScrollingTreeScrollingNode.h:
* page/scrolling/ThreadedScrollingTree.h:
* page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.h:
* page/scrolling/ios/ScrollingCoordinatorIOS.h:
* page/scrolling/ios/ScrollingTreeIOS.h:
* page/scrolling/ios/ScrollingTreeScrollingNodeIOS.h:
* page/scrolling/mac/ScrollingCoordinatorMac.h:
* page/scrolling/mac/ScrollingTreeFixedNode.h:
* page/scrolling/mac/ScrollingTreeScrollingNodeMac.h:
* page/scrolling/mac/ScrollingTreeStickyNode.h:
* pdf/ios/PDFDocument.cpp:
* pdf/ios/PDFDocument.h:
* platform/CalculationValue.h:
* platform/ClockGeneric.h:
* platform/MainThreadTask.h:
* platform/PODIntervalTree.h:
* platform/PODRedBlackTree.h:
* platform/RefCountedSupplement.h:
* platform/ScrollView.h:
* platform/Scrollbar.h:
* platform/Timer.h:
* platform/animation/TimingFunction.h:
* platform/audio/AudioDSPKernelProcessor.h:
* platform/audio/EqualPowerPanner.h:
* platform/audio/HRTFPanner.h:
* platform/audio/ios/AudioDestinationIOS.h:
* platform/audio/mac/AudioDestinationMac.h:
* platform/audio/nix/AudioDestinationNix.h:
* platform/efl/RenderThemeEfl.h:
* platform/efl/ScrollbarEfl.h:
* platform/efl/ScrollbarThemeEfl.h:
* platform/graphics/AudioTrackPrivate.h:
* platform/graphics/BitmapImage.h:
* platform/graphics/CrossfadeGeneratedImage.h:
* platform/graphics/FloatPolygon.h:
* platform/graphics/GeneratedImage.h:
* platform/graphics/GradientImage.h:
* platform/graphics/GraphicsLayer.h:
* platform/graphics/InbandTextTrackPrivate.h:
* platform/graphics/MediaPlayer.cpp:
* platform/graphics/SimpleFontData.h:
* platform/graphics/VideoTrackPrivate.h:
* platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
* platform/graphics/avfoundation/VideoTrackPrivateAVF.h:
* platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.h:
* platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.h:
* platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:
* platform/graphics/avfoundation/objc/AudioTrackPrivateMediaSourceAVFObjC.h:
* platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h:
* platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
* platform/graphics/avfoundation/objc/VideoTrackPrivateAVFObjC.h:
* platform/graphics/avfoundation/objc/VideoTrackPrivateMediaSourceAVFObjC.h:
* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h:
* platform/graphics/ca/GraphicsLayerCA.h:
* platform/graphics/ca/mac/PlatformCALayerMac.h:
* platform/graphics/ca/mac/TileController.h:
* platform/graphics/ca/win/LegacyCACFLayerTreeHost.h:
* platform/graphics/ca/win/PlatformCALayerWin.h:
* platform/graphics/ca/win/WKCACFViewLayerTreeHost.h:
* platform/graphics/cg/PDFDocumentImage.h:
* platform/graphics/efl/GraphicsContext3DPrivate.h:
* platform/graphics/egl/GLContextFromCurrentEGL.h:
* platform/graphics/filters/DistantLightSource.h:
* platform/graphics/filters/FEComposite.h:
* platform/graphics/filters/FEDisplacementMap.h:
* platform/graphics/filters/FEFlood.h:
* platform/graphics/filters/FilterOperation.h:
* platform/graphics/filters/PointLightSource.h:
* platform/graphics/filters/SpotLightSource.h:
* platform/graphics/gstreamer/AudioTrackPrivateGStreamer.h:
* platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
* platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.h:
* platform/graphics/gstreamer/VideoTrackPrivateGStreamer.h:
* platform/graphics/ios/InbandTextTrackPrivateAVFIOS.h:
* platform/graphics/ios/MediaPlayerPrivateIOS.h:
* platform/graphics/ios/TextTrackRepresentationIOS.h:
* platform/graphics/surfaces/GLTransportSurface.h:
* platform/graphics/surfaces/egl/EGLContext.h:
* platform/graphics/surfaces/egl/EGLSurface.h:
* platform/graphics/surfaces/egl/EGLXSurface.h:
* platform/graphics/surfaces/glx/GLXContext.h:
* platform/graphics/surfaces/glx/GLXSurface.h:
* platform/graphics/texmap/GraphicsLayerTextureMapper.h:
* platform/graphics/texmap/TextureMapperGL.h:
* platform/graphics/texmap/TextureMapperImageBuffer.h:
* platform/graphics/texmap/TextureMapperLayer.h:
* platform/graphics/texmap/TextureMapperTiledBackingStore.h:
* platform/graphics/texmap/coordinated/CompositingCoordinator.h:
* platform/graphics/texmap/coordinated/CoordinatedBackingStore.h:
* platform/graphics/texmap/coordinated/CoordinatedCustomFilterProgram.h:
* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
* platform/graphics/texmap/coordinated/CoordinatedImageBacking.cpp:
* platform/graphics/texmap/coordinated/CoordinatedTile.h:
* platform/graphics/texmap/coordinated/UpdateAtlas.cpp:
* platform/gtk/RenderThemeGtk.h:
* platform/ios/DeviceMotionClientIOS.h:
* platform/ios/DeviceOrientationClientIOS.h:
* platform/ios/ScrollAnimatorIOS.h:
* platform/ios/ScrollbarThemeIOS.h:
* platform/ios/WebSafeGCActivityCallbackIOS.h:
* platform/ios/WebSafeIncrementalSweeperIOS.h:
* platform/mac/PlatformClockCA.h:
* platform/mac/PlatformClockCM.h:
* platform/mac/ScrollAnimatorMac.h:
* platform/mac/ScrollbarThemeMac.h:
* platform/mediastream/MediaStreamTrackPrivate.h:
* platform/mediastream/gstreamer/MediaStreamCenterGStreamer.h:
* platform/mediastream/mac/AVAudioCaptureSource.h:
* platform/mediastream/mac/AVMediaCaptureSource.h:
* platform/mediastream/mac/AVVideoCaptureSource.h:
* platform/mediastream/mac/MediaStreamCenterMac.h:
* platform/mock/DeviceMotionClientMock.h:
* platform/mock/DeviceOrientationClientMock.h:
* platform/mock/MockMediaStreamCenter.h:
* platform/mock/RTCDataChannelHandlerMock.h:
* platform/mock/RTCNotifiersMock.h:
* platform/mock/RTCPeerConnectionHandlerMock.h:
* platform/mock/mediasource/MockMediaPlayerMediaSource.h:
* platform/mock/mediasource/MockMediaSourcePrivate.h:
* platform/mock/mediasource/MockSourceBufferPrivate.cpp:
* platform/mock/mediasource/MockSourceBufferPrivate.h:
* platform/network/BlobRegistryImpl.h:
* platform/network/BlobResourceHandle.cpp:
* platform/network/BlobResourceHandle.h:
* platform/network/ResourceHandle.h:
* platform/network/SynchronousLoaderClient.h:
* platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:
* platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.h:
* platform/nix/RenderThemeNix.h:
* platform/nix/ScrollbarThemeNix.h:
* platform/text/LocaleICU.h:
* platform/text/LocaleNone.cpp:
* platform/text/PlatformLocale.cpp:
* platform/text/mac/LocaleMac.h:
* platform/text/win/LocaleWin.h:
* platform/win/PopupMenuWin.h:
* plugins/PluginView.h:
* rendering/AutoTableLayout.h:
* rendering/ClipPathOperation.h:
* rendering/EllipsisBox.h:
* rendering/FilterEffectRenderer.h:
* rendering/FixedTableLayout.h:
* rendering/InlineElementBox.h:
* rendering/InlineFlowBox.h:
* rendering/InlineTextBox.h:
* rendering/RenderBlock.h:
* rendering/RenderBlockFlow.h:
* rendering/RenderBox.h:
* rendering/RenderBoxModelObject.h:
* rendering/RenderButton.h:
* rendering/RenderCombineText.h:
* rendering/RenderCounter.h:
* rendering/RenderDeprecatedFlexibleBox.h:
* rendering/RenderDetailsMarker.h:
* rendering/RenderElement.h:
* rendering/RenderEmbeddedObject.h:
* rendering/RenderFieldset.h:
* rendering/RenderFileUploadControl.h:
* rendering/RenderFlexibleBox.h:
* rendering/RenderFlowThread.h:
* rendering/RenderFrame.h:
* rendering/RenderFrameSet.h:
* rendering/RenderFullScreen.h:
* rendering/RenderGrid.h:
* rendering/RenderHTMLCanvas.h:
* rendering/RenderIFrame.h:
* rendering/RenderImage.h:
* rendering/RenderImageResourceStyleImage.h:
* rendering/RenderInline.h:
* rendering/RenderLayer.h:
* rendering/RenderLayerBacking.h:
* rendering/RenderLayerCompositor.h:
* rendering/RenderLayerFilterInfo.h:
* rendering/RenderLayerModelObject.h:
* rendering/RenderLineBreak.h:
* rendering/RenderListBox.h:
* rendering/RenderListItem.h:
* rendering/RenderListMarker.h:
* rendering/RenderMedia.h:
* rendering/RenderMenuList.h:
* rendering/RenderMeter.h:
* rendering/RenderMultiColumnBlock.h:
* rendering/RenderMultiColumnFlowThread.h:
* rendering/RenderMultiColumnSet.h:
* rendering/RenderNamedFlowFragment.h:
* rendering/RenderNamedFlowThread.h:
* rendering/RenderObject.h:
* rendering/RenderProgress.h:
* rendering/RenderQuote.h:
* rendering/RenderRegion.h:
* rendering/RenderRegionSet.h:
* rendering/RenderReplaced.h:
* rendering/RenderReplica.h:
* rendering/RenderRuby.h:
* rendering/RenderRubyRun.h:
* rendering/RenderRubyText.h:
* rendering/RenderScrollbar.h:
* rendering/RenderScrollbarPart.h:
* rendering/RenderScrollbarTheme.h:
* rendering/RenderSearchField.h:
* rendering/RenderSlider.h:
* rendering/RenderSnapshottedPlugIn.h:
* rendering/RenderTable.h:
* rendering/RenderTableCaption.h:
* rendering/RenderTableCell.h:
* rendering/RenderTableCol.h:
* rendering/RenderTableRow.h:
* rendering/RenderTableSection.h:
* rendering/RenderText.h:
* rendering/RenderTextControl.h:
* rendering/RenderTextControlMultiLine.h:
* rendering/RenderTextControlSingleLine.h:
* rendering/RenderTextFragment.h:
* rendering/RenderTextTrackCue.h:
* rendering/RenderThemeIOS.h:
* rendering/RenderThemeMac.h:
* rendering/RenderThemeSafari.h:
* rendering/RenderThemeWin.h:
* rendering/RenderVideo.h:
* rendering/RenderView.h:
* rendering/RenderWidget.h:
* rendering/RootInlineBox.h:
* rendering/mathml/RenderMathMLBlock.h:
* rendering/mathml/RenderMathMLFenced.h:
* rendering/mathml/RenderMathMLFraction.h:
* rendering/mathml/RenderMathMLMath.h:
* rendering/mathml/RenderMathMLOperator.h:
* rendering/mathml/RenderMathMLRoot.h:
* rendering/mathml/RenderMathMLRow.h:
* rendering/mathml/RenderMathMLScripts.h:
* rendering/mathml/RenderMathMLSpace.h:
* rendering/mathml/RenderMathMLSquareRoot.h:
* rendering/mathml/RenderMathMLUnderOver.h:
* rendering/shapes/BoxShape.h:
* rendering/shapes/PolygonShape.h:
* rendering/shapes/RasterShape.h:
* rendering/shapes/RectangleShape.h:
* rendering/shapes/ShapeInsideInfo.h:
* rendering/shapes/ShapeOutsideInfo.h:
* rendering/style/BasicShapes.h:
* rendering/style/ContentData.h:
* rendering/style/StyleCachedImage.h:
* rendering/style/StyleCachedImageSet.h:
* rendering/style/StyleGeneratedImage.h:
* rendering/style/StylePendingImage.h:
* rendering/svg/RenderSVGBlock.h:
* rendering/svg/RenderSVGContainer.h:
* rendering/svg/RenderSVGForeignObject.h:
* rendering/svg/RenderSVGGradientStop.h:
* rendering/svg/RenderSVGHiddenContainer.h:
* rendering/svg/RenderSVGImage.h:
* rendering/svg/RenderSVGInline.h:
* rendering/svg/RenderSVGInlineText.h:
* rendering/svg/RenderSVGModelObject.h:
* rendering/svg/RenderSVGPath.h:
* rendering/svg/RenderSVGResourceClipper.h:
* rendering/svg/RenderSVGResourceContainer.h:
* rendering/svg/RenderSVGResourceFilter.h:
* rendering/svg/RenderSVGResourceGradient.h:
* rendering/svg/RenderSVGResourceLinearGradient.h:
* rendering/svg/RenderSVGResourceMarker.h:
* rendering/svg/RenderSVGResourceMasker.h:
* rendering/svg/RenderSVGResourcePattern.h:
* rendering/svg/RenderSVGResourceRadialGradient.h:
* rendering/svg/RenderSVGResourceSolidColor.h:
* rendering/svg/RenderSVGRoot.h:
* rendering/svg/RenderSVGShape.cpp:
* rendering/svg/RenderSVGShape.h:
* rendering/svg/RenderSVGText.h:
* rendering/svg/RenderSVGTextPath.h:
* rendering/svg/RenderSVGViewportContainer.h:
* rendering/svg/SVGInlineFlowBox.h:
* rendering/svg/SVGInlineTextBox.h:
* rendering/svg/SVGRootInlineBox.h:
* rendering/svg/SVGTextRunRenderingContext.h:
* storage/StorageAreaImpl.h:
* storage/StorageNamespaceImpl.h:
* svg/SVGAElement.h:
* svg/SVGAltGlyphDefElement.h:
* svg/SVGAltGlyphElement.h:
* svg/SVGAltGlyphItemElement.h:
* svg/SVGAnimateElement.h:
* svg/SVGAnimateMotionElement.h:
* svg/SVGAnimateTransformElement.h:
* svg/SVGAnimatedAngle.h:
* svg/SVGAnimatedBoolean.h:
* svg/SVGAnimatedColor.h:
* svg/SVGAnimatedEnumeration.h:
* svg/SVGAnimatedInteger.h:
* svg/SVGAnimatedIntegerOptionalInteger.h:
* svg/SVGAnimatedLength.h:
* svg/SVGAnimatedLengthList.h:
* svg/SVGAnimatedNumber.h:
* svg/SVGAnimatedNumberList.h:
* svg/SVGAnimatedNumberOptionalNumber.h:
* svg/SVGAnimatedPath.h:
* svg/SVGAnimatedPointList.h:
* svg/SVGAnimatedPreserveAspectRatio.h:
* svg/SVGAnimatedRect.h:
* svg/SVGAnimatedString.h:
* svg/SVGAnimatedTransformList.h:
* svg/SVGAnimationElement.h:
* svg/SVGCircleElement.h:
* svg/SVGClipPathElement.h:
* svg/SVGComponentTransferFunctionElement.h:
* svg/SVGCursorElement.h:
* svg/SVGDefsElement.h:
* svg/SVGDocument.h:
* svg/SVGElement.h:
* svg/SVGElementInstance.h:
* svg/SVGEllipseElement.h:
* svg/SVGFEBlendElement.h:
* svg/SVGFEColorMatrixElement.h:
* svg/SVGFEComponentTransferElement.h:
* svg/SVGFECompositeElement.h:
* svg/SVGFEConvolveMatrixElement.h:
* svg/SVGFEDiffuseLightingElement.h:
* svg/SVGFEDisplacementMapElement.h:
* svg/SVGFEDropShadowElement.h:
* svg/SVGFEGaussianBlurElement.h:
* svg/SVGFEImageElement.h:
* svg/SVGFELightElement.h:
* svg/SVGFEMergeNodeElement.h:
* svg/SVGFEMorphologyElement.h:
* svg/SVGFEOffsetElement.h:
* svg/SVGFESpecularLightingElement.h:
* svg/SVGFETileElement.h:
* svg/SVGFETurbulenceElement.h:
* svg/SVGFilterElement.h:
* svg/SVGFilterPrimitiveStandardAttributes.h:
* svg/SVGFontElement.h:
* svg/SVGFontFaceElement.h:
* svg/SVGFontFaceFormatElement.h:
* svg/SVGFontFaceNameElement.h:
* svg/SVGFontFaceSrcElement.h:
* svg/SVGFontFaceUriElement.h:
* svg/SVGForeignObjectElement.h:
* svg/SVGGElement.h:
* svg/SVGGlyphElement.h:
* svg/SVGGlyphRefElement.h:
* svg/SVGGradientElement.h:
* svg/SVGGraphicsElement.h:
* svg/SVGHKernElement.h:
* svg/SVGImageElement.h:
* svg/SVGLineElement.h:
* svg/SVGLinearGradientElement.h:
* svg/SVGMPathElement.h:
* svg/SVGMarkerElement.h:
* svg/SVGMaskElement.h:
* svg/SVGMetadataElement.h:
* svg/SVGPathElement.h:
* svg/SVGPathStringBuilder.h:
* svg/SVGPatternElement.h:
* svg/SVGPolyElement.h:
* svg/SVGRadialGradientElement.h:
* svg/SVGRectElement.h:
* svg/SVGSVGElement.h:
* svg/SVGScriptElement.h:
* svg/SVGSetElement.h:
* svg/SVGStopElement.h:
* svg/SVGStyleElement.h:
* svg/SVGSwitchElement.h:
* svg/SVGSymbolElement.h:
* svg/SVGTRefElement.cpp:
* svg/SVGTRefElement.h:
* svg/SVGTSpanElement.h:
* svg/SVGTextContentElement.h:
* svg/SVGTextElement.h:
* svg/SVGTextPathElement.h:
* svg/SVGTextPositioningElement.h:
* svg/SVGTitleElement.h:
* svg/SVGTransformable.h:
* svg/SVGUnknownElement.h:
* svg/SVGUseElement.h:
* svg/SVGVKernElement.h:
* svg/SVGViewElement.h:
* svg/animation/SVGSMILElement.h:
* svg/graphics/SVGImage.h:
* svg/graphics/SVGImageForContainer.h:
* svg/graphics/filters/SVGFilter.h:
* svg/properties/SVGAnimatedListPropertyTearOff.h:
* svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
* svg/properties/SVGListPropertyTearOff.h:
* svg/properties/SVGPathSegListPropertyTearOff.h:
* svg/properties/SVGPropertyTearOff.h:
* testing/InternalSettings.cpp:
* testing/Internals.cpp:
* testing/MockCDM.cpp:
* testing/MockCDM.h:
* workers/AbstractWorker.h:
* workers/DedicatedWorkerGlobalScope.h:
* workers/DedicatedWorkerThread.h:
* workers/SharedWorker.h:
* workers/SharedWorkerGlobalScope.h:
* workers/SharedWorkerThread.h:
* workers/Worker.h:
* workers/WorkerEventQueue.cpp:
* workers/WorkerEventQueue.h:
* workers/WorkerGlobalScope.h:
* workers/WorkerMessagingProxy.h:
* workers/WorkerObjectProxy.h:
* workers/WorkerScriptLoader.h:
* workers/WorkerThread.cpp:
* xml/XMLHttpRequest.h:
* xml/XMLHttpRequestUpload.h:
* xml/XPathFunctions.cpp:
* xml/XPathPath.h:
* xml/XPathPredicate.h:
* xml/XSLStyleSheet.h:

Source/WebKit/efl:

* WebCoreSupport/InspectorClientEfl.h:
* WebCoreSupport/ProgressTrackerClientEfl.h:

Source/WebKit/gtk:

* WebCoreSupport/EditorClientGtk.h:
* WebCoreSupport/InspectorClientGtk.h:
* WebCoreSupport/ProgressTrackerClientGtk.h:

Source/WebKit/ios:

* Misc/EmojiFallbackFontSelector.h:
* Storage/WebSQLiteDatabaseTrackerClient.h:
* WebCoreSupport/PopupMenuIOS.h:
* WebCoreSupport/SearchPopupMenuIOS.h:
* WebCoreSupport/WebChromeClientIOS.h:
* WebCoreSupport/WebDiskImageCacheClientIOS.h:

Source/WebKit/mac:

* Storage/WebDatabaseManagerClient.h:
* Storage/WebStorageTrackerClient.h:
* WebCoreSupport/WebAlternativeTextClient.h:
* WebCoreSupport/WebChromeClient.h:
* WebCoreSupport/WebContextMenuClient.h:
* WebCoreSupport/WebDeviceOrientationClient.h:
* WebCoreSupport/WebDragClient.h:
* WebCoreSupport/WebEditorClient.h:
* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameNetworkingContext.h:
* WebCoreSupport/WebGeolocationClient.h:
* WebCoreSupport/WebIconDatabaseClient.h:
* WebCoreSupport/WebInspectorClient.h:
* WebCoreSupport/WebNotificationClient.h:
* WebCoreSupport/WebPlatformStrategies.h:
* WebCoreSupport/WebProgressTrackerClient.h:
* WebCoreSupport/WebUserMediaClient.h:
* WebView/WebScriptDebugger.h:
* WebView/WebViewData.h:

Source/WebKit/win:

* AccessibleDocument.h:
* FullscreenVideoController.cpp:
* WebCoreSupport/WebChromeClient.h:
* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameNetworkingContext.h:
* WebCoreSupport/WebInspectorClient.h:
* WebHistory.h:

Source/WebKit/wince:

* WebCoreSupport/ChromeClientWinCE.h:
* WebCoreSupport/ContextMenuClientWinCE.h:
* WebCoreSupport/DragClientWinCE.h:
* WebCoreSupport/EditorClientWinCE.h:
* WebCoreSupport/FrameLoaderClientWinCE.h:
* WebCoreSupport/FrameNetworkingContextWinCE.h:
* WebCoreSupport/InspectorClientWinCE.h:
* WebCoreSupport/PlatformStrategiesWinCE.h:

Source/WebKit2:

* DatabaseProcess/DatabaseProcess.h:
* DatabaseProcess/DatabaseToWebProcessConnection.h:
* DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h:
* DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.h:
* NetworkProcess/AsynchronousNetworkLoaderClient.h:
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcessPlatformStrategies.h:
* NetworkProcess/NetworkResourceLoader.h:
* NetworkProcess/RemoteNetworkingContext.h:
* NetworkProcess/SynchronousNetworkLoaderClient.h:
* NetworkProcess/mac/DiskCacheMonitor.h:
* PluginProcess/EntryPoint/mac/LegacyProcess/PluginProcessMain.mm:
* PluginProcess/PluginControllerProxy.h:
* PluginProcess/PluginProcess.h:
* PluginProcess/WebProcessConnection.h:
* Shared/API/Cocoa/RemoteObjectRegistry.h:
* Shared/APIObject.h:
* Shared/AsyncRequest.h:
* Shared/AsyncTask.h:
* Shared/Authentication/AuthenticationManager.h:
* Shared/ChildProcess.h:
* Shared/ChildProcessProxy.h:
* Shared/CoordinatedGraphics/WebCoordinatedSurface.h:
* Shared/Downloads/Download.h:
* Shared/Network/CustomProtocols/CustomProtocolManager.h:
* Shared/WebConnection.h:
* Shared/WebResourceBuffer.h:
* Shared/cf/KeyedEncoder.h:
* Shared/mac/SecItemShim.h:
* UIProcess/API/Cocoa/WKBrowsingContextController.mm:
* UIProcess/API/gtk/PageClientImpl.h:
* UIProcess/API/ios/PageClientImplIOS.h:
* UIProcess/API/mac/PageClientImpl.h:
* UIProcess/CoordinatedGraphics/CoordinatedLayerTreeHostProxy.h:
* UIProcess/CoordinatedGraphics/WebView.h:
* UIProcess/Databases/DatabaseProcessProxy.h:
* UIProcess/Downloads/DownloadProxy.h:
* UIProcess/DrawingAreaProxy.h:
* UIProcess/Network/CustomProtocols/CustomProtocolManagerProxy.h:
* UIProcess/Network/NetworkProcessProxy.h:
* UIProcess/Notifications/WebNotificationManagerProxy.h:
* UIProcess/Plugins/PluginProcessProxy.h:
* UIProcess/Scrolling/RemoteScrollingTree.h:
* UIProcess/Storage/StorageManager.h:
* UIProcess/WebApplicationCacheManagerProxy.h:
* UIProcess/WebBatteryManagerProxy.h:
* UIProcess/WebConnectionToWebProcess.h:
* UIProcess/WebContext.h:
* UIProcess/WebCookieManagerProxy.h:
* UIProcess/WebDatabaseManagerProxy.h:
* UIProcess/WebFullScreenManagerProxy.h:
* UIProcess/WebGeolocationManagerProxy.h:
* UIProcess/WebIconDatabase.h:
* UIProcess/WebInspectorProxy.h:
* UIProcess/WebKeyValueStorageManager.h:
* UIProcess/WebMediaCacheManagerProxy.h:
* UIProcess/WebNetworkInfoManagerProxy.h:
* UIProcess/WebOriginDataManagerProxy.h:
* UIProcess/WebPageProxy.h:
* UIProcess/WebProcessProxy.h:
* UIProcess/WebResourceCacheManagerProxy.h:
* UIProcess/WebVibrationProxy.h:
* UIProcess/efl/PageViewportControllerClientEfl.h:
* UIProcess/efl/WebViewEfl.h:
* UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.h:
* UIProcess/mac/SecItemShimProxy.h:
* UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.h:
* UIProcess/mac/ViewGestureController.h:
* UIProcess/mac/WebColorPickerMac.h:
* UIProcess/soup/WebSoupRequestManagerProxy.h:
* WebProcess/ApplicationCache/WebApplicationCacheManager.h:
* WebProcess/Battery/WebBatteryManager.h:
* WebProcess/Cookies/WebCookieManager.h:
* WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.h:
* WebProcess/Databases/IndexedDB/WebIDBServerConnection.h:
* WebProcess/Databases/WebToDatabaseProcessConnection.h:
* WebProcess/EntryPoint/mac/LegacyProcess/WebContentProcessMain.mm:
* WebProcess/FileAPI/BlobRegistryProxy.h:
* WebProcess/Geolocation/WebGeolocationManager.h:
* WebProcess/IconDatabase/WebIconDatabaseProxy.h:
* WebProcess/InjectedBundle/API/c/mac/WKBundlePageBannerMac.mm:
* WebProcess/MediaCache/WebMediaCacheManager.h:
* WebProcess/Network/NetworkProcessConnection.h:
* WebProcess/Network/WebResourceLoadScheduler.h:
* WebProcess/Network/WebResourceLoader.h:
* WebProcess/NetworkInfo/WebNetworkInfoManager.h:
* WebProcess/Notifications/WebNotificationManager.h:
* WebProcess/OriginData/WebOriginDataManager.h:
* WebProcess/Plugins/Netscape/NetscapePlugin.h:
* WebProcess/Plugins/PDF/PDFPlugin.h:
* WebProcess/Plugins/PDF/PDFPluginAnnotation.h:
* WebProcess/Plugins/PDF/PDFPluginChoiceAnnotation.h:
* WebProcess/Plugins/PDF/PDFPluginPasswordField.h:
* WebProcess/Plugins/PDF/PDFPluginTextAnnotation.h:
* WebProcess/Plugins/PluginProcessConnection.h:
* WebProcess/Plugins/PluginProcessConnectionManager.h:
* WebProcess/Plugins/PluginProxy.h:
* WebProcess/Plugins/PluginView.h:
* WebProcess/ResourceCache/WebResourceCacheManager.h:
* WebProcess/Scrolling/RemoteScrollingCoordinator.h:
* WebProcess/Storage/StorageAreaImpl.h:
* WebProcess/Storage/StorageAreaMap.h:
* WebProcess/Storage/StorageNamespaceImpl.h:
* WebProcess/WebConnectionToUIProcess.h:
* WebProcess/WebCoreSupport/WebAlternativeTextClient.h:
* WebProcess/WebCoreSupport/WebBatteryClient.h:
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebCoreSupport/WebColorChooser.h:
* WebProcess/WebCoreSupport/WebContextMenuClient.h:
* WebProcess/WebCoreSupport/WebDatabaseManager.h:
* WebProcess/WebCoreSupport/WebDeviceProximityClient.h:
* WebProcess/WebCoreSupport/WebDragClient.h:
* WebProcess/WebCoreSupport/WebEditorClient.h:
* WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
* WebProcess/WebCoreSupport/WebGeolocationClient.h:
* WebProcess/WebCoreSupport/WebInspectorClient.h:
* WebProcess/WebCoreSupport/WebInspectorFrontendClient.h:
* WebProcess/WebCoreSupport/WebNavigatorContentUtilsClient.h:
* WebProcess/WebCoreSupport/WebNetworkInfoClient.h:
* WebProcess/WebCoreSupport/WebNotificationClient.h:
* WebProcess/WebCoreSupport/WebPlatformStrategies.h:
* WebProcess/WebCoreSupport/WebPopupMenu.h:
* WebProcess/WebCoreSupport/WebProgressTrackerClient.h:
* WebProcess/WebCoreSupport/WebSearchPopupMenu.h:
* WebProcess/WebCoreSupport/WebVibrationClient.h:
* WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.h:
* WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.h:
* WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.h:
* WebProcess/WebPage/DrawingAreaImpl.h:
* WebProcess/WebPage/EventDispatcher.h:
* WebProcess/WebPage/ViewGestureGeometryCollector.h:
* WebProcess/WebPage/WebBackForwardListProxy.h:
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/gtk/LayerTreeHostGtk.h:
* WebProcess/WebPage/mac/GraphicsLayerCARemote.h:
* WebProcess/WebPage/mac/PlatformCALayerRemote.h:
* WebProcess/WebPage/mac/PlatformCALayerRemoteCustom.h:
* WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.h:
* WebProcess/WebPage/mac/RemoteLayerTreeContext.h:
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
* WebProcess/WebProcess.h:
* WebProcess/soup/WebSoupRequestManager.h:

Source/WTF:

* wtf/Compiler.h:
* wtf/FilePrintStream.h:
* wtf/RunLoop.h:
* wtf/StringPrintStream.h:

Tools:

* DumpRenderTree/gtk/fonts/fonts.conf:
* Scripts/do-webcore-rename:
Removed this rename operation from the list of contemplated future renames.
* TestWebKitAPI/Tests/WebKit2/DidAssociateFormControls_Bundle.cpp:
* TestWebKitAPI/Tests/WebKit2/InjectedBundleFrameHitTest_Bundle.cpp:
* TestWebKitAPI/Tests/WebKit2/WillLoad_Bundle.cpp:
* TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp:
* TestWebKitAPI/Tests/mac/PageVisibilityStateWithWindowChanges.mm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@162139 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126552

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

Re-marking the same objects over and over is a waste of effort. This patch implements 
the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
overhead during garbage collection caused by rescanning objects.

There are now two collection modes, EdenCollection and FullCollection. EdenCollections
only visit new objects or objects that were added to the remembered set by a write barrier.
FullCollections are normal collections that visit all objects regardless of their 
generation.

In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
https://bugs.webkit.org/show_bug.cgi?id=126555.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
(JSC::CodeBlockSet::mark):
* dfg/DFGOperations.cpp:
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::add):
(JSC::CodeBlockSet::traceMarked):
(JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
* heap/CodeBlockSet.h:
* heap/CopiedBlockInlines.h:
(JSC::CopiedBlock::reportLiveBytes):
* heap/CopiedSpace.cpp:
(JSC::CopiedSpace::didStartFullCollection):
* heap/CopiedSpace.h:
(JSC::CopiedSpace::heap):
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::didAbandon):
(JSC::Heap::markRoots):
(JSC::Heap::copyBackingStores):
(JSC::Heap::addToRememberedSet):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
(JSC::Heap::didAllocate):
(JSC::Heap::writeBarrier):
* heap/Heap.h:
(JSC::Heap::isInRememberedSet):
(JSC::Heap::operationInProgress):
(JSC::Heap::shouldCollect):
(JSC::Heap::isCollecting):
(JSC::Heap::isWriteBarrierEnabled):
(JSC::Heap::writeBarrier):
* heap/HeapOperation.h:
* heap/MarkStack.cpp:
(JSC::MarkStackArray::~MarkStackArray):
(JSC::MarkStackArray::clear):
(JSC::MarkStackArray::fillVector):
* heap/MarkStack.h:
* heap/MarkedAllocator.cpp:
(JSC::isListPagedOut):
(JSC::MarkedAllocator::isPagedOut):
(JSC::MarkedAllocator::tryAllocateHelper):
(JSC::MarkedAllocator::addBlock):
(JSC::MarkedAllocator::removeBlock):
(JSC::MarkedAllocator::reset):
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::MarkedAllocator):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::clearMarks):
(JSC::MarkedBlock::clearRememberedSet):
(JSC::MarkedBlock::clearMarksWithCollectionType):
(JSC::MarkedBlock::lastChanceToFinalize):
* heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
(JSC::MarkedBlock::didConsumeEmptyFreeList):
(JSC::MarkedBlock::setRemembered):
(JSC::MarkedBlock::clearRemembered):
(JSC::MarkedBlock::atomicClearRemembered):
(JSC::MarkedBlock::isRemembered):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::~MarkedSpace):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
(JSC::VerifyMarked::operator()):
(JSC::MarkedSpace::clearMarks):
* heap/MarkedSpace.h:
(JSC::ClearMarks::operator()):
(JSC::ClearRememberedSet::operator()):
(JSC::MarkedSpace::didAllocateInBlock):
(JSC::MarkedSpace::clearRememberedSet):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::~SlotVisitor):
(JSC::SlotVisitor::clearMarkStack):
* heap/SlotVisitor.h:
(JSC::SlotVisitor::markStack):
(JSC::SlotVisitor::sharedData):
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::internalAppend):
(JSC::SlotVisitor::unconditionallyAppend):
(JSC::SlotVisitor::copyLater):
(JSC::SlotVisitor::reportExtraMemoryUsage):
(JSC::SlotVisitor::heap):
* jit/Repatch.cpp:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
* runtime/JSPropertyNameIterator.h:
(JSC::StructureRareData::setEnumerationCache):
* runtime/JSString.cpp:
(JSC::JSString::visitChildren):
* runtime/StructureRareDataInlines.h:
(JSC::StructureRareData::setPreviousID):
(JSC::StructureRareData::setObjectToStringValue):
* runtime/WeakMapData.cpp:
(JSC::WeakMapData::visitChildren):

Source/WTF: 

* wtf/Bitmap.h:
(WTF::WordType>::count): Added a cast that became necessary when Bitmap
is used with smaller types than int32_t.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161615 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126709

Reviewed by Mark Hahnenberg.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* tests/stress/use-arguments-as-object-pointer.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161574 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/161540
https://bugs.webkit.org/show_bug.cgi?id=126704

Caused assertion failures on multiple tests (Requested by ap
on #webkit).

Source/JavaScriptCore:

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
(JSC::CodeBlockSet::mark):
* dfg/DFGOperations.cpp:
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::add):
(JSC::CodeBlockSet::traceMarked):
* heap/CodeBlockSet.h:
* heap/CopiedBlockInlines.h:
(JSC::CopiedBlock::reportLiveBytes):
* heap/CopiedSpace.cpp:
* heap/CopiedSpace.h:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::didAbandon):
(JSC::Heap::markRoots):
(JSC::Heap::copyBackingStores):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
(JSC::Heap::didAllocate):
* heap/Heap.h:
(JSC::Heap::shouldCollect):
(JSC::Heap::isCollecting):
(JSC::Heap::isWriteBarrierEnabled):
(JSC::Heap::writeBarrier):
* heap/HeapOperation.h:
* heap/MarkStack.cpp:
(JSC::MarkStackArray::~MarkStackArray):
* heap/MarkStack.h:
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::isPagedOut):
(JSC::MarkedAllocator::tryAllocateHelper):
(JSC::MarkedAllocator::addBlock):
(JSC::MarkedAllocator::removeBlock):
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::MarkedAllocator):
(JSC::MarkedAllocator::reset):
* heap/MarkedBlock.cpp:
* heap/MarkedBlock.h:
(JSC::MarkedBlock::lastChanceToFinalize):
(JSC::MarkedBlock::didConsumeEmptyFreeList):
(JSC::MarkedBlock::clearMarks):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::~MarkedSpace):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
* heap/MarkedSpace.h:
(JSC::ClearMarks::operator()):
(JSC::MarkedSpace::clearMarks):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::~SlotVisitor):
* heap/SlotVisitor.h:
(JSC::SlotVisitor::sharedData):
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::internalAppend):
(JSC::SlotVisitor::copyLater):
(JSC::SlotVisitor::reportExtraMemoryUsage):
* jit/Repatch.cpp:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
* runtime/JSPropertyNameIterator.h:
(JSC::StructureRareData::setEnumerationCache):
* runtime/JSString.cpp:
(JSC::JSString::visitChildren):
* runtime/StructureRareDataInlines.h:
(JSC::StructureRareData::setPreviousID):
(JSC::StructureRareData::setObjectToStringValue):
* runtime/WeakMapData.cpp:
(JSC::WeakMapData::visitChildren):

Source/WTF:

* wtf/Bitmap.h:
(WTF::WordType>::count):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126552

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

Re-marking the same objects over and over is a waste of effort. This patch implements 
the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
overhead during garbage collection caused by rescanning objects.

There are now two collection modes, EdenCollection and FullCollection. EdenCollections
only visit new objects or objects that were added to the remembered set by a write barrier.
FullCollections are normal collections that visit all objects regardless of their 
generation.

In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
https://bugs.webkit.org/show_bug.cgi?id=126555.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
(JSC::CodeBlockSet::mark):
* dfg/DFGOperations.cpp:
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::add):
(JSC::CodeBlockSet::traceMarked):
(JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
* heap/CodeBlockSet.h:
* heap/CopiedBlockInlines.h:
(JSC::CopiedBlock::reportLiveBytes):
* heap/CopiedSpace.cpp:
(JSC::CopiedSpace::didStartFullCollection):
* heap/CopiedSpace.h:
(JSC::CopiedSpace::heap):
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::didAbandon):
(JSC::Heap::markRoots):
(JSC::Heap::copyBackingStores):
(JSC::Heap::addToRememberedSet):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
(JSC::Heap::didAllocate):
(JSC::Heap::writeBarrier):
* heap/Heap.h:
(JSC::Heap::isInRememberedSet):
(JSC::Heap::operationInProgress):
(JSC::Heap::shouldCollect):
(JSC::Heap::isCollecting):
(JSC::Heap::isWriteBarrierEnabled):
(JSC::Heap::writeBarrier):
* heap/HeapOperation.h:
* heap/MarkStack.cpp:
(JSC::MarkStackArray::~MarkStackArray):
(JSC::MarkStackArray::clear):
(JSC::MarkStackArray::fillVector):
* heap/MarkStack.h:
* heap/MarkedAllocator.cpp:
(JSC::isListPagedOut):
(JSC::MarkedAllocator::isPagedOut):
(JSC::MarkedAllocator::tryAllocateHelper):
(JSC::MarkedAllocator::addBlock):
(JSC::MarkedAllocator::removeBlock):
(JSC::MarkedAllocator::reset):
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::MarkedAllocator):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::clearMarks):
(JSC::MarkedBlock::clearRememberedSet):
(JSC::MarkedBlock::clearMarksWithCollectionType):
(JSC::MarkedBlock::lastChanceToFinalize):
* heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
(JSC::MarkedBlock::didConsumeEmptyFreeList):
(JSC::MarkedBlock::setRemembered):
(JSC::MarkedBlock::clearRemembered):
(JSC::MarkedBlock::atomicClearRemembered):
(JSC::MarkedBlock::isRemembered):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::~MarkedSpace):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
(JSC::VerifyMarked::operator()):
(JSC::MarkedSpace::clearMarks):
* heap/MarkedSpace.h:
(JSC::ClearMarks::operator()):
(JSC::ClearRememberedSet::operator()):
(JSC::MarkedSpace::didAllocateInBlock):
(JSC::MarkedSpace::clearRememberedSet):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::~SlotVisitor):
(JSC::SlotVisitor::clearMarkStack):
* heap/SlotVisitor.h:
(JSC::SlotVisitor::markStack):
(JSC::SlotVisitor::sharedData):
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::internalAppend):
(JSC::SlotVisitor::unconditionallyAppend):
(JSC::SlotVisitor::copyLater):
(JSC::SlotVisitor::reportExtraMemoryUsage):
(JSC::SlotVisitor::heap):
* jit/Repatch.cpp:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
* runtime/JSPropertyNameIterator.h:
(JSC::StructureRareData::setEnumerationCache):
* runtime/JSString.cpp:
(JSC::JSString::visitChildren):
* runtime/StructureRareDataInlines.h:
(JSC::StructureRareData::setPreviousID):
(JSC::StructureRareData::setObjectToStringValue):
* runtime/WeakMapData.cpp:
(JSC::WeakMapData::visitChildren):

Source/WTF: 

* wtf/Bitmap.h:
(WTF::WordType>::count): Added a cast that became necessary when Bitmap
is used with smaller types than int32_t.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161540 268f45cc-cd09-0410-ab3c-d52691b4dbfc

DFG fixup phase should be responsible for inserting ValueToInt32's as needed and it should use Phantom to keep the original values alive in case of OSR exit
https://bugs.webkit.org/show_bug.cgi?id=126600

Reviewed by Michael Saboff.
        
This fixes an embarrassing OSR exit liveness bug. It also simplifies the code. We were
already using FixupPhase as the place where conversion nodes get inserted. ValueToInt32
was the only exception to that rule, and that was one of the reasons why we had this bug.
        
Henceforth ValueToInt32 is only inserted by FixupPhase, and only when it is necessary:
we have a BitOp that will want a ToInt32 conversion and the operand is not predicted to
already be an int32. If FixupPhase inserts any ValueToInt32's then the BitOp will no
longer appear to use the original operand, which will make OSR exit think that the
original operand is dead. We work around this they way we always do: insert a Phantom on
the original operands right after the BitOp. This ensures that any OSR exit in any of the
ValueToInt32's or in the BitOp itself will have values for the original inputs.

* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixIntEdge):
(JSC::DFG::FixupPhase::fixBinaryIntEdges):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* tests/stress/bit-op-value-to-int32-input-liveness.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161465 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126584

Reviewed by Mark Hahnenberg.
        
Check negative zero when we should check it, not when we shouldn't check it. :-/

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithNegate):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126563

Reviewed by Gavin Barraclough.

This was a rookie arguments simplification mistake: the SetLocal needs to record the fact
that although it set JSValue(), OSR should think it set Arguments. DataFormatArguments
conveys this, and dataFormatFor(FlushFormat) will do the right thing.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* tests/stress/phantom-arguments-set-local-then-exit-in-same-block.js: Added.
(foo):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
https://bugs.webkit.org/show_bug.cgi?id=125519

Reviewed by Geoffrey Garen.
        
Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
checks and overflows the node should do. Previously this would be deduced from
backwards analysis results.
        
This also makes "unchecked" variants really mean that you want the int32 wrapped
result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
constant folder needs to compute exactly the result implied by ArithMode, instead of
just folding the double result.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArithMode.cpp: Added.
(WTF::printInternal):
* dfg/DFGArithMode.h: Added.
(JSC::DFG::doesOverflow):
(JSC::DFG::shouldCheckOverflow):
(JSC::DFG::shouldCheckNegativeZero):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::pureCSE):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasArithMode):
(JSC::DFG::Node::arithMode):
(JSC::DFG::Node::setArithMode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
(JSC::DFG::SpeculativeJIT::compileAdd):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
(JSC::DFG::SpeculativeJIT::compileArithMul):
(JSC::DFG::SpeculativeJIT::compileArithDiv):
(JSC::DFG::SpeculativeJIT::compileArithMod):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileAddSub):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
(JSC::FTL::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126025

Reviewed by Filip Pizlo.

Technically this is creating a pointer between a (potentially) old generation object and a young
generation chunk of memory, thus there needs to be a barrier.

* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGOperations.cpp:
* heap/CopyWriteBarrier.h: Added. This class functions similarly to the WriteBarrier class. It
acts as a proxy for pointers to CopiedSpace. Assignments to the field cause a write barrier to
fire for the object that is the owner of the CopiedSpace memory. This is to ensure during nursery
collections that objects with new backing stores are visited, even if they are old generation objects.
(JSC::CopyWriteBarrier::CopyWriteBarrier):
(JSC::CopyWriteBarrier::operator!):
(JSC::CopyWriteBarrier::operator UnspecifiedBoolType*):
(JSC::CopyWriteBarrier::get):
(JSC::CopyWriteBarrier::operator*):
(JSC::CopyWriteBarrier::operator->):
(JSC::CopyWriteBarrier::set):
(JSC::CopyWriteBarrier::setWithoutWriteBarrier):
(JSC::CopyWriteBarrier::clear):
* heap/Heap.h:
* runtime/JSArray.cpp:
(JSC::JSArray::unshiftCountSlowCase):
(JSC::JSArray::shiftCountWithArrayStorage):
(JSC::JSArray::unshiftCountWithArrayStorage):
* runtime/JSCell.h:
(JSC::JSCell::unvalidatedStructure):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
* runtime/JSObject.cpp:
(JSC::JSObject::copyButterfly):
(JSC::JSObject::getOwnPropertySlotByIndex):
(JSC::JSObject::putByIndex):
(JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::deletePropertyByIndex):
(JSC::JSObject::getOwnPropertyNames):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::countElements):
(JSC::JSObject::increaseVectorLength):
(JSC::JSObject::ensureLengthSlow):
* runtime/JSObject.h:
(JSC::JSObject::butterfly):
(JSC::JSObject::setStructureAndButterfly):
(JSC::JSObject::setButterflyWithoutChangingStructure):
(JSC::JSObject::JSObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):
* runtime/MapData.cpp:
(JSC::MapData::ensureSpaceForAppend):
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161230 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126187

Reviewed by Antti Koivisto.

Source/JavaScriptCore:

Refactor PutPropertySlot, making the constructor take the thisValue
used as a target.  This results in a wide range of boilerplate changes
to pass the new parameter.

* API/JSObjectRef.cpp:
(JSObjectSetProperty):
* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Arguments.cpp:
(JSC::Arguments::putByIndex):
* runtime/ArrayPrototype.cpp:
(JSC::putProperty):
(JSC::arrayProtoFuncPush):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitiveByIndex):
* runtime/JSCell.cpp:
(JSC::JSCell::putByIndex):
* runtime/JSFunction.cpp:
(JSC::JSFunction::put):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::putByIndex):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::deleteProperty):
* runtime/JSObject.h:
(JSC::JSObject::putDirect):
* runtime/Lookup.h:
(JSC::putEntry):
(JSC::lookupPut):
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::setCustomProperty):
(JSC::PutPropertySlot::thisValue):
(JSC::PutPropertySlot::isCacheable):

Source/WebCore:

Update the bindings code generation and custom objects
to the new function signatures

* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::put):
* bindings/objc/WebScriptObject.mm:
(-[WebScriptObject setValue:forKey:]):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::putByIndex):
* bridge/NP_jsobject.cpp:
(_NPN_SetProperty):

Source/WebKit/mac:

Update for new method signatures.

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::setProperty):

Source/WebKit2:

Update for new method signatures.

* WebProcess/Plugins/Netscape/NPJSObject.cpp:
(WebKit::NPJSObject::setProperty):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125523

Reviewed by Mark Hahnenberg.
        
Adds the ability to DCE more things. It's now the case that if a node is completely
pure, we clear NodeMustGenerate and the node becomes a DCE candidate.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::cleanVariables):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::clobbersWorld):
* dfg/DFGNodeType.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileAdd):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileValueAdd):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126215

Reviewed by Sam Weinig.

Source/JavaScriptCore:

* dfg/DFGWorklist.cpp:
(JSC::DFG::globalWorklist):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreading):

Source/WTF:

* GNUmakefile.list.am:
* wtf/CompilationThread.cpp:
(WTF::initializeCompilationThreads):
* wtf/ThreadingOnce.h: Removed.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125531

Reviewed by Oliver Hunt.
        
This finally gets rid of forward exiting. Forward exiting was always a fragile concept
since it involved the compiler trying to figure out how to "roll forward" the
execution from some DFG node to the next bytecode index. It was always easy to find
counterexamples where it broke, and it has always served as an obstacle to adding
compiler improvements - the latest being http://webkit.org/b/125523, which tried to
make DCE work for more things.
        
This change finishes the work of removing forward exiting. A lot of forward exiting
was already removed in some other bugs, but SetLocal still did forward exits. SetLocal
is in many ways the hardest to remove, since the forward exiting of SetLocal also
implied that any conversion nodes inserted before the SetLocal would then also be
marked as forward-exiting. Hence SetLocal's forward-exiting made a bunch of other
things also forward-exiting, and this was always a source of weirdo bugs.
        
SetLocal must be able to exit in case it performs a hoisted type speculation. Nodes
inserted just before SetLocal must also be able to exit - for example type check
hoisting may insert a CheckStructure, or fixup phase may insert something like
Int32ToDouble. But if any of those nodes tried to backward exit, then this could lead
to the reexecution of a side-effecting operation, for example:
        
    a: Call(...)
    b: SetLocal(@a, r1)
        
For a long time it seemed like SetLocal *had* to exit forward because of this. But
this change side-steps the problem by changing the ByteCodeParser to always emit a
kind of "two-phase commit" for stores to local variables. Now when the ByteCodeParser
wishes to store to a local, it first emits a MovHint and then enqueues a SetLocal.
The SetLocal isn't actually emitted until the beginning of the next bytecode
instruction (which the exception of op_enter and op_ret, which emit theirs immediately
since it's always safe to reexecute those bytecode instructions and since deferring
SetLocals would be weird there - op_enter has many SetLocals and op_ret is a set
followed by a jump in case of inlining, so we'd have to emit the SetLocal "after" the
jump and that would be awkward). This means that the above IR snippet would look
something like:
        
    a: Call(..., bc#42)
    b: MovHint(@a, r1, bc#42)
    c: SetLocal(@a, r1, bc#47)
        
Where the SetLocal exits "backwards" but appears at the beginning of the next bytecode
instruction. This means that by the time we get to that SetLocal, the OSR exit
analysis already knows that r1 is associated with @a, and it means that the SetLocal
or anything hoisted above it can exit backwards as normal.
        
This change also means that the "forward rewiring" can be killed. Previously, we might
have inserted a conversion node on SetLocal and then the SetLocal died (i.e. turned
into a MovHint) and the conversion node either died completely or had its lifetime
truncated to be less than the actual value's bytecode lifetime. This no longer happens
since conversion nodes are only inserted at SetLocals.
        
More precisely, this change introduces two laws that we were basically already
following anyway:
        
1) A MovHint's child should never be changed except if all other uses of that child
   are also replaced. Specifically, this prohibits insertion of conversion nodes at
   MovHints.
        
2) Anytime any child is replaced with something else, and all other uses aren't also
   replaced, we must insert a Phantom use of the original child.

This is a slight compile-time regression but has no effect on code-gen. It unlocks a
bunch of optimization opportunities so I think it's worth it.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::instructionCount):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
* dfg/DFGArrayifySlowPathGenerator.h:
(JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::setDirect):
(JSC::DFG::ByteCodeParser::DelayedSetLocal::DelayedSetLocal):
(JSC::DFG::ByteCodeParser::DelayedSetLocal::execute):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::eliminate):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGCommon.h:
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::run):
(JSC::DFG::DCEPhase::fixupBlock):
(JSC::DFG::DCEPhase::cleanVariables):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixEdge):
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
* dfg/DFGLICMPhase.cpp:
(JSC::DFG::LICMPhase::run):
(JSC::DFG::LICMPhase::attemptHoist):
* dfg/DFGMinifiedNode.cpp:
(JSC::DFG::MinifiedNode::fromNode):
* dfg/DFGMinifiedNode.h:
(JSC::DFG::belongsInMinifiedGraph):
(JSC::DFG::MinifiedNode::constantNumber):
(JSC::DFG::MinifiedNode::weakConstant):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::hasVariableAccessData):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToPhantom):
(JSC::DFG::Node::convertToPhantomUnchecked):
(JSC::DFG::Node::convertToIdentity):
(JSC::DFG::Node::containsMovHint):
(JSC::DFG::Node::hasUnlinkedLocal):
(JSC::DFG::Node::willHaveCodeGenOrOSR):
* dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* dfg/DFGNodeFlags.h:
* dfg/DFGNodeType.h:
* dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
(JSC::DFG::OSRAvailabilityAnalysisPhase::run):
* dfg/DFGOSREntrypointCreationPhase.cpp:
(JSC::DFG::OSREntrypointCreationPhase::run):
* dfg/DFGOSRExit.cpp:
* dfg/DFGOSRExit.h:
* dfg/DFGOSRExitBase.cpp:
* dfg/DFGOSRExitBase.h:
(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
(JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::speculationCheck):
(JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
(JSC::DFG::SpeculativeJIT::typeCheck):
(JSC::DFG::SpeculativeJIT::compileMovHint):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
(JSC::DFG::SpeculativeJIT::needsTypeCheck):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::run):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validateCPS):
* dfg/DFGVariableAccessData.h:
(JSC::DFG::VariableAccessData::VariableAccessData):
* dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::reconstruct):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetArgument):
(JSC::FTL::LowerDFGToLLVM::compileSetLocal):
(JSC::FTL::LowerDFGToLLVM::compileMovHint):
(JSC::FTL::LowerDFGToLLVM::compileZombieHint):
(JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::typeCheck):
(JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
* ftl/FTLOSRExit.cpp:
* ftl/FTLOSRExit.h:
* tests/stress/dead-int32-to-double.js: Added.
(foo):
* tests/stress/dead-uint32-to-number.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161126 268f45cc-cd09-0410-ab3c-d52691b4dbfc

http://trac.webkit.org/changeset/161033
http://trac.webkit.org/changeset/161074
https://bugs.webkit.org/show_bug.cgi?id=126240

Oliver says that a rollout would be better (Requested by ap on
#webkit).

Source/JavaScriptCore:

* API/JSObjectRef.cpp:
(JSObjectSetProperty):
* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Arguments.cpp:
(JSC::Arguments::putByIndex):
* runtime/ArrayPrototype.cpp:
(JSC::putProperty):
(JSC::arrayProtoFuncPush):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitiveByIndex):
* runtime/JSCell.cpp:
(JSC::JSCell::putByIndex):
* runtime/JSFunction.cpp:
(JSC::JSFunction::put):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::putByIndex):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::deleteProperty):
* runtime/JSObject.h:
(JSC::JSObject::putDirect):
* runtime/Lookup.h:
(JSC::putEntry):
(JSC::lookupPut):
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::setNewProperty):
(JSC::PutPropertySlot::isCacheable):

Source/WebCore:

* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::put):
* bindings/objc/WebScriptObject.mm:
(-[WebScriptObject setValue:forKey:]):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::putByIndex):
* bridge/NP_jsobject.cpp:
(_NPN_SetProperty):

Source/WebKit/mac:

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::setProperty):

Source/WebKit2:

* WebProcess/Plugins/Netscape/NPJSObject.cpp:
(WebKit::NPJSObject::setProperty):

LayoutTests:

* TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161077 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126218

Source/JavaScriptCore: 

Reviewed by Oliver Hunt.
        
This change dramatically rationalizes our handling of PhantomArguments (i.e.
speculative elision of arguments object allocation).
        
It's now the case that if we decide that we can elide arguments allocation, we just
turn the arguments-creating node into a PhantomArguments and mark all locals that
it's stored to as being arguments aliases. Being an arguments alias and being a
PhantomArguments means basically the same thing: in DFG execution you have the empty
value, on OSR exit an arguments object is allocated in your place, and all operations
that use the value now just refer directly to the actual arguments in the call frame
header (or the arguments we know that we passed to the call, in case of inlining).
        
This means that we no longer have arguments simplification creating a dead Phi graph
that then has to be interpreted by the OSR exit logic. That sort of never made any
sense.
        
This means that PhantomArguments now has a clear story in SSA: basically SSA just
gets rid of the "locals" but everything else is the same.
        
Finally, this means that we can more easily get rid of forward exiting. As I was
working on the code to get rid of forward exiting, I realized that I'd have to
carefully preserve the special meanings of MovHint and SetLocal in the case of
PhantomArguments. It was really bizarre: even the semantics of MovHint were tied to
our specific treatment of PhantomArguments. After this change this is no longer the
case.
        
One of the really cool things about this change is that arguments reification now
just becomes a special kind of FlushFormat. This further unifies things: it means
that a MovHint(PhantomArguments) and a SetLocal(PhantomArguments) both have the same
meaning, since both of them dictate that the way we recover the local on exit is by
reifying arguments. Previously, the SetLocal(PhantomArguments) case needed some
special handling to accomplish this.
        
A downside of this approach is that we will now emit code to store the empty value
into aliased arguments variables, and we will even emit code to load that empty value
as well. As far as I can tell this doesn't cost anything, since PhantomArguments are
most profitable in cases where it allows us to simplify control flow and kill the
arguments locals entirely. Of course, this isn't an issue in SSA form since SSA form
also eliminates the locals.

* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
(JSC::DFG::ArgumentsSimplificationPhase::detypeArgumentsReferencingPhantomChild):
* dfg/DFGFlushFormat.cpp:
(WTF::printInternal):
* dfg/DFGFlushFormat.h:
(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):
(JSC::DFG::dataFormatFor):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGValueSource.h:
(JSC::DFG::ValueSource::ValueSource):
(JSC::DFG::ValueSource::forFlushFormat):
* dfg/DFGVariableAccessData.h:
(JSC::DFG::VariableAccessData::flushFormat):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::buildExitArguments):

LayoutTests: 

Reviewed by Oliver Hunt.
        
Added a test for an obvious case that I don't think we had coverage for in
microbenchmarks. Of course, this case was already covered by more complex tests.

* js/regress/inline-arguments-aliased-access-expected.txt: Added.
* js/regress/inline-arguments-aliased-access.html: Added.
* js/regress/script-tests/inline-arguments-aliased-access.js: Added.
(foo):
(bar):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126187

Reviewed by msaboff.

Source/JavaScriptCore:

Refactor PutPropertySlot, making the constructor take the thisValue
used as a target.  This results in a wide range of boilerplate changes
to pass the new parameter.

* API/JSObjectRef.cpp:
(JSObjectSetProperty):
* dfg/DFGOperations.cpp:
(JSC::DFG::operationPutByValInternal):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Arguments.cpp:
(JSC::Arguments::putByIndex):
* runtime/ArrayPrototype.cpp:
(JSC::putProperty):
(JSC::arrayProtoFuncPush):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitiveByIndex):
* runtime/JSCell.cpp:
(JSC::JSCell::putByIndex):
* runtime/JSFunction.cpp:
(JSC::JSFunction::put):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
* runtime/JSONObject.cpp:
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::putByIndex):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::deleteProperty):
* runtime/JSObject.h:
(JSC::JSObject::putDirect):
* runtime/Lookup.h:
(JSC::putEntry):
(JSC::lookupPut):
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::setCustomProperty):
(JSC::PutPropertySlot::thisValue):
(JSC::PutPropertySlot::isCacheable):

Source/WebCore:

Update the bindings code generation and custom objects
to the new function signatures

* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::put):
* bindings/objc/WebScriptObject.mm:
(-[WebScriptObject setValue:forKey:]):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::putByIndex):
* bridge/NP_jsobject.cpp:
(_NPN_SetProperty):

Source/WebKit/mac:

Update for new method signatures.

* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::setProperty):

Source/WebKit2:

Update for new method signatures.

* WebProcess/Plugins/Netscape/NPJSObject.cpp:
(WebKit::NPJSObject::setProperty):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@161033 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=126047

Reviewed by Filip Pizlo.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Use the register allocator to 
determine which registers need saving instead of saving every single one of them.
(JSC::DFG::SpeculativeJIT::osrWriteBarrier): We don't need to save live register state 
because the write barriers during OSR execute when there are no live registers. Also we  
don't need to use pushes to pad the stack pointer for pokes on x86; we can just use an add.
(JSC::DFG::SpeculativeJIT::writeBarrier):
* dfg/DFGSpeculativeJIT.h:
* jit/Repatch.cpp:
(JSC::emitPutReplaceStub):
(JSC::emitPutTransitionStub):
* runtime/VM.h: Get rid of writeBarrierRegisterBuffer since it's no longer used.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125530

Reviewed by Filip Pizlo.

Source/JavaScriptCore: 

This is in preparation for GenGC. We use a separate StoreBarrier node instead of making them implicitly 
part of other nodes so that it's easier to run analyses on them, e.g. for the StoreBarrierElisionPhase. 
They are inserted during the fixup phase. Initially they do not generate any code.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractHeap.h:
* dfg/DFGAbstractInterpreter.h:
(JSC::DFG::AbstractInterpreter::isKnownNotCell):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberizeForAllocation):
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants): Whenever we insert new nodes that require StoreBarriers,
we have to add those new StoreBarriers too. It's important to note that AllocatePropertyStorage and 
ReallocatePropertyStorage nodes require their StoreBarriers to come after them since they allocate first,
which could cause a GC, and then store the resulting buffer into their JSCell, which requires the barrier.
If we ever require that write barriers occur before stores, we'll have to split these nodes into 
AllocatePropertyStorage + StoreBarrier + PutPropertyStorage.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::insertStoreBarrier):
* dfg/DFGNode.h:
(JSC::DFG::Node::isStoreBarrier):
* dfg/DFGNodeType.h:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileStoreBarrier):
(JSC::DFG::SpeculativeJIT::genericWriteBarrier): The fast path write barrier check. It loads the 
byte that contains the mark bit of the object. 
(JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): If the fast path check fails we try to store the 
cell in the WriteBarrierBuffer so as to avoid frequently flushing all registers in order to make a C call.
(JSC::DFG::SpeculativeJIT::writeBarrier):
(JSC::DFG::SpeculativeJIT::osrWriteBarrier): More barebones version of the write barrier to be executed 
during an OSR exit into baseline code. We must do this so that the baseline JIT object and array profiles 
are properly cleared during GC.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::writeBarrier):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::writeBarrier):
* dfg/DFGStoreBarrierElisionPhase.cpp: Added. New DFG phase that does block-local elision of redundant
StoreBarriers. Every time a StoreBarrier on a particular object is executed, a bit is set indicating that 
that object doesn't need any more StoreBarriers. 
(JSC::DFG::StoreBarrierElisionPhase::StoreBarrierElisionPhase):
(JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Nodes that could cause a GC reset the bits for all of the 
objects known in the current block. 
(JSC::DFG::StoreBarrierElisionPhase::allocatesFreshObject): A node that creates a new object automatically 
sets the bit for that object since if a GC occurred as the result of that object's allocation then that 
object would not need a barrier since it would be guaranteed to be a young generation object until the 
next GC point.
(JSC::DFG::StoreBarrierElisionPhase::noticeFreshObject):
(JSC::DFG::StoreBarrierElisionPhase::getBaseOfStore):
(JSC::DFG::StoreBarrierElisionPhase::shouldBeElided):
(JSC::DFG::StoreBarrierElisionPhase::elideBarrier):
(JSC::DFG::StoreBarrierElisionPhase::handleNode):
(JSC::DFG::StoreBarrierElisionPhase::handleBlock):
(JSC::DFG::StoreBarrierElisionPhase::run):
(JSC::DFG::performStoreBarrierElision):
* dfg/DFGStoreBarrierElisionPhase.h: Added.
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::flushWriteBarrierBuffer):
* heap/Heap.h:
(JSC::Heap::writeBarrier):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::offsetOfMarks):
* heap/WriteBarrierBuffer.cpp: Added. The WriteBarrierBuffer buffers a set of JSCells that are awaiting 
a pending WriteBarrier. This buffer is used by the DFG to avoid the overhead of calling out to C repeatedly
to invoke a write barrier on a single JSCell. Instead the DFG has inline code to fill the WriteBarrier buffer
until its full, and then to call out to C to flush it. The WriteBarrierBuffer will also be flushed prior to 
each EdenCollection.
(JSC::WriteBarrierBuffer::WriteBarrierBuffer):
(JSC::WriteBarrierBuffer::~WriteBarrierBuffer):
(JSC::WriteBarrierBuffer::flush):
(JSC::WriteBarrierBuffer::reset):
(JSC::WriteBarrierBuffer::add):
* heap/WriteBarrierBuffer.h: Added.
(JSC::WriteBarrierBuffer::currentIndexOffset):
(JSC::WriteBarrierBuffer::capacityOffset):
(JSC::WriteBarrierBuffer::bufferOffset):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* runtime/VM.h:

Source/WTF: 

* wtf/Platform.h: Added an #define for ENABLE(GGC) which will be used for landing things related to GenGC.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125747

Reviewed by Sam Weinig.
        
Fix more codegen badness. This makes V8v7's crypto am3() function run faster in the FTL
than in DFG. This means that even if we just compile those functions in V8v7 that don't
make calls, the FTL gives us a 2% speed-up over the DFG. That's pretty good considering
that we have still more optimizations to fix and we can make calls work.

* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160613 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125553

Reviewed by Oliver Hunt.
        
UInt32ToNumber was a super complicated node because it had to do a speculation, but it
would do it after we already had computed the urshift. It couldn't just back to the
beginning of the urshift because the inputs to the urshift weren't necessarily live
anymore. We couldn't jump forward to the beginning of the next instruction because the
result of the urshift was not yet unsigned-converted.
        
For a while we solved this by forward-exiting in UInt32ToNumber. But that's really
gross and I want to get rid of all forward exits. They cause a lot of bugs.
        
We could also have turned UInt32ToNumber to a backwards exit by forcing the inputs to
the urshift to be live. I figure that this might be a bit too extreme.
        
So, I just created a new place that we can exit to: I split op_urshift into op_urshift
followed by op_unsigned. op_unsigned is an "unsigned cast" along the lines of what
UInt32ToNumber does. This allows me to get rid of all of the nastyness in the DFG for
forward exiting in UInt32ToNumber.
        
This patch enables massive code carnage in the DFG and FTL, and brings us closer to
eliminating one of the DFG's most confusing concepts. On the flipside, it does make the
bytecode slightly more complex (one new instruction). This is a profitable trade. We
want the DFG and FTL to trend towards simplicity, since they are both currently too
complicated.

* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecode/ValueRecovery.cpp:
(JSC::ValueRecovery::dumpInContext):
* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::gpr):
* bytecompiler/NodesCodegen.cpp:
(JSC::BinaryOpNode::emitBytecode):
(JSC::emitReadModifyAssignment):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::toInt32):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGNodeType.h:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileMovHint):
(JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
* dfg/DFGSpeculativeJIT64.cpp:
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
(JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild):
(JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild1):
(JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild2):
* ftl/FTLFormattedValue.h:
(JSC::FTL::int32Value):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
* ftl/FTLValueFormat.cpp:
(JSC::FTL::reboxAccordingToFormat):
(WTF::printInternal):
* ftl/FTLValueFormat.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_urshift):
(JSC::JIT::emitSlow_op_urshift):
(JSC::JIT::emit_op_unsigned):
(JSC::JIT::emitSlow_op_unsigned):
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emitRightShift):
(JSC::JIT::emitRightShiftSlowCase):
(JSC::JIT::emit_op_unsigned):
(JSC::JIT::emitSlow_op_unsigned):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160587 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124727
<rdar://problem/15566923>

Reviewed by Michael Saboff.
        
Get rid of In's hackish use of StructureStubInfo. Previously it was using hotPathBegin,
and it was the only IC that used that field, which was wasteful. Moreover, it used it
to store two separate locations: the label for patching the jump and the label right
after the jump. The code was relying on those two being the same label, which is true
on X86 and some other platforms, but it isn't true on ARM64.
        
This gets rid of hotPathBegin and makes In express those two locations as offsets from
the callReturnLocation, which is analogous to what the other IC's do.
        
This fixes a bug where any successful In patching would result in a trivially infinite
loop - and hence a hang - on ARM64.

* bytecode/StructureStubInfo.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGJITCompiler.h:
(JSC::DFG::InRecord::InRecord):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::finalize):
* jit/Repatch.cpp:
(JSC::replaceWithJump):
(JSC::patchJumpToGetByIdStub):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
(JSC::tryRepatchIn):
(JSC::resetGetByID):
(JSC::resetPutByID):
(JSC::resetIn):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160493 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125552

PerformanceTests/SunSpider: 

Reviewed by Oliver Hunt.
        
Use SunSpider as a kind of spot-check for the
no-architecture-specific-optimization paths in the compiler.

* no-architecture-specific-optimizations.yaml: Added.

Source/JavaScriptCore: 

Reviewed by Oliver Hunt.
        
The forward exit was just there so that we wouldn't have to keep the inputs alive up to
the DoubleAsInt32. That's dumb. Forward exits are a complicated piece of machinery and
we shouldn't have it just for a bit of liveness micro-optimization.
        
Also add a bunch of machinery to test this case on X86.

* assembler/AbstractMacroAssembler.h:
(JSC::optimizeForARMv7s):
(JSC::optimizeForARM64):
(JSC::optimizeForX86):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
* runtime/Options.h:
* tests/stress/double-as-int32.js: Added.
(foo):
(test):

Tools: 

Reviewed by Oliver Hunt.
        
Add some support for testing the generic (non-X86) paths on X86 by disabling
architecture-specific optimizations (ASO's).

* Scripts/run-javascriptcore-tests:
* Scripts/run-jsc-stress-tests:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125538

Reviewed by Oliver Hunt.
        
Make the NodeRelevantToOSR thing obvious: if there is any MovHint on a node then the
node is relevant to OSR.

* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::run):
(JSC::DFG::CSEPhase::performNodeCSE):
(JSC::DFG::CSEPhase::performBlockCSE):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160407 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125543

Reviewed by Oliver Hunt.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Impose and enforce some basic rules of sanity for where Phi functions are allowed to occur and where their (optional) corresponding MovHints can be
https://bugs.webkit.org/show_bug.cgi?id=125480

Reviewed by Geoffrey Garen.
        
Previously, if you wanted to insert some speculation right after where a value was
produced, you'd get super confused if that value was produced by a Phi node.  You can't
necessarily insert speculations after a Phi node because Phi nodes appear in this
special sequence of Phis and MovHints that establish the OSR exit state for a block.
So, you'd probably want to search for the next place where it's safe to insert things.
We already do this "search for beginning of next bytecode instruction" search by
looking at the next node that has a different CodeOrigin.  But this would be hard for a
Phi because those Phis and MovHints have basically random CodeOrigins and they can all
have different CodeOrigins.

This change imposes some sanity for this situation:

- Phis must have unset CodeOrigins.

- In each basic block, all nodes that have unset CodeOrigins must come before all nodes
  that have set CodeOrigins.

This all ends up working out just great because prior to this change we didn't have a 
use for unset CodeOrigins.  I think it's appropriate to make "unset CodeOrigin" mean
that we're in the prologue of a basic block.

It's interesting what this means for block merging, which we don't yet do in SSA.
Consider merging the edge A->B.  One possibility is that the block merger is now
required to clean up Phi/Upsilons, and reascribe the MovHints to have the CodeOrigin of
the A's block terminal.  But an answer that might be better is that the originless
nodes at the top of the B are just given the origin of the terminal and we keep the
Phis.  That would require changing the above rules.  We'll see how it goes, and what we
end up picking...

Overall, this special-things-at-the-top rule is analogous to what other SSA-based
compilers do.  For example, LLVM has rules mandating that Phis appear at the top of a
block.

* bytecode/CodeOrigin.cpp:
(JSC::CodeOrigin::dump):
* dfg/DFGOSRExitBase.h:
(JSC::DFG::OSRExitBase::OSRExitBase):
* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
(JSC::DFG::Validate::validateSSA):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160348 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125253

Reviewed by Oliver Hunt and Mark Hahnenberg.
        
In SSA mode, this reveals array bounds checks and the load of array length in DFG IR,
making this a candidate for LICM.

This also fixes a long-standing performance bug where the JSObject slow paths would
always create contiguous storage, rather than type-specialized storage, when doing a
"storage creating" storage, like:
        
    var o = {};
    o[0] = 42;

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/ExitKind.cpp:
(JSC::exitKindToString):
(JSC::exitKindIsCountable):
* bytecode/ExitKind.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::permitsBoundsCheckLowering):
(JSC::DFG::ArrayMode::permitsBoundsCheckLowering):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::lengthNeedsStorage):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSSALoweringPhase.cpp: Added.
(JSC::DFG::SSALoweringPhase::SSALoweringPhase):
(JSC::DFG::SSALoweringPhase::run):
(JSC::DFG::SSALoweringPhase::handleNode):
(JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
(JSC::DFG::performSSALowering):
* dfg/DFGSSALoweringPhase.h: Added.
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCheckInBounds):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::contiguousPutByValOutOfBounds):
* runtime/JSObject.cpp:
(JSC::JSObject::convertUndecidedForValue):
(JSC::JSObject::createInitialForValueAndSet):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectIndexBeyondVectorLength):
* runtime/JSObject.h:
* tests/stress/float32array-out-of-bounds.js: Added.
(make):
(foo):
(test):
* tests/stress/int32-object-out-of-bounds.js: Added.
(make):
(foo):
(test):
* tests/stress/int32-out-of-bounds.js: Added.
(foo):
(test):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125475

Reviewed by Anders Carlsson.

../JavaScriptCore: 

* bytecode/CodeBlockHash.cpp:
(JSC::CodeBlockHash::dump):
* bytecode/Opcode.cpp:
(JSC::OpcodeStats::~OpcodeStats):
* dfg/DFGCSEPhase.cpp:
* ftl/FTLAbstractHeap.h:
* heap/MarkedSpace.h:
* parser/ParserArena.h:
* runtime/CodeCache.h:
* runtime/DateInstanceCache.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSGlobalObject.h:
* runtime/JSString.h:
* runtime/LiteralParser.h:
* runtime/NumericStrings.h:
* runtime/RegExpCache.h:
* runtime/SmallStrings.h:

../WebCore: 

* crypto/parameters/CryptoAlgorithmAesCbcParams.h:
* platform/graphics/GlyphMetricsMap.h:

../WTF: 

* wtf/AVLTree.h:
* wtf/Bitmap.h:
* wtf/SixCharacterHash.cpp:
(WTF::integerToSixCharacterHashString):
* wtf/SixCharacterHash.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160344 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125430

Reviewed by Oliver Hunt and Mark Hahnenberg.

* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::run):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125395

Reviewed by Oliver Hunt.
        
This pushes more typed array folding into StrengthReductionPhase, and enables CSE on
storage pointers. Previously, you might have separate nodes for the same storage
pointer and this would cause some bad register pressure in the DFG. Note that this
was really a theoretical problem and not, to my knowledge a practical one - so this
patch is basically just a clean-up.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::constantStoragePointerCSE):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToConstantStoragePointer):
(JSC::DFG::Node::hasStoragePointer):
(JSC::DFG::Node::storagePointer):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileConstantStoragePointer):
(JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
(JSC::DFG::StrengthReductionPhase::foldTypedArrayPropertyToConstant):
(JSC::DFG::StrengthReductionPhase::prepareToFoldTypedArray):
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileConstantStoragePointer):
(JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125426

Reviewed by Oliver Hunt.
        
This adds UntypedUse versions of all comparisons except CompareStrictEq, which is
sufficiently different that I thought I'd do it in another patch.
        
This also extends our ability to abstract over comparison kind and removes a bunch of
copy-paste code.

* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLIntrinsicRepository.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareLess):
(JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
(JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
(JSC::FTL::LowerDFGToLLVM::compare):
(JSC::FTL::LowerDFGToLLVM::nonSpeculativeCompare):
* ftl/FTLOutput.h:
(JSC::FTL::Output::icmp):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):
(JSC::FTL::Output::above):
(JSC::FTL::Output::aboveOrEqual):
(JSC::FTL::Output::below):
(JSC::FTL::Output::belowOrEqual):
(JSC::FTL::Output::greaterThan):
(JSC::FTL::Output::greaterThanOrEqual):
(JSC::FTL::Output::lessThan):
(JSC::FTL::Output::lessThanOrEqual):
(JSC::FTL::Output::fcmp):
(JSC::FTL::Output::doubleEqual):
(JSC::FTL::Output::doubleNotEqualOrUnordered):
(JSC::FTL::Output::doubleLessThan):
(JSC::FTL::Output::doubleLessThanOrEqual):
(JSC::FTL::Output::doubleGreaterThan):
(JSC::FTL::Output::doubleGreaterThanOrEqual):
(JSC::FTL::Output::doubleEqualOrUnordered):
(JSC::FTL::Output::doubleNotEqual):
(JSC::FTL::Output::doubleLessThanOrUnordered):
(JSC::FTL::Output::doubleLessThanOrEqualOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrEqualOrUnordered):
* tests/stress/untyped-equality.js: Added.
(foo):
* tests/stress/untyped-less-than.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125252

Source/JavaScriptCore: 

Reviewed by Sam Weinig.
        
This was meant to be easy. The problem is that there was no good place for putting
the folding of typedArray.length to a constant. You can't quite do it in the
bytecode parser because at that point you don't yet know if typedArray is really
a typed array. You can't do it as part of constant folding because the folder
assumes that it can opportunistically forward-flow a constant value without changing
the IR; this doesn't work since we need to first change the IR to register a
desired watchpoint and only after that can we introduce that constant. We could have
done it in Fixup but that would have been awkward since Fixup's code for turning a
GetById of "length" into GetArrayLength is already somewhat complex. We could have
done it in CSE but CSE is already fairly gnarly and will probably get rewritten.
        
So I introduced a new phase, called StrengthReduction. This phase should have any
transformations that don't requite CFA or CSE and that it would be weird to put into
those other phases.
        
I also took the opportunity to refactor some of the other folding code.
        
This also adds a test, but the test couldn't quite be a LayoutTests/js/regress so I
introduced the notion of JavaScriptCore/tests/stress.
        
The goal of this patch isn't really to improve performance or anything like that.
It adds an optimization for completeness, and in doing so it unlocks a bunch of new
possibilities. The one that I'm most excited about is revealing array length checks
in DFG IR, which will allow for array bounds check hoisting and elimination.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::tryGetFoldableViewForChild1):
* dfg/DFGGraph.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasTypedArray):
(JSC::DFG::Node::typedArray):
* dfg/DFGNodeType.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp: Added.
(JSC::DFG::StrengthReductionPhase::StrengthReductionPhase):
(JSC::DFG::StrengthReductionPhase::run):
(JSC::DFG::StrengthReductionPhase::handleNode):
(JSC::DFG::StrengthReductionPhase::foldTypedArrayPropertyToConstant):
(JSC::DFG::performStrengthReduction):
* dfg/DFGStrengthReductionPhase.h: Added.
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::typedArrayLength):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionTransferArrayBuffer):
* runtime/ArrayBufferView.h:
* tests/stress: Added.
* tests/stress/fold-typed-array-properties.js: Added.
(foo):

Tools: 

Reviewed by Sam Weinig.
        
Add Source/JavaScriptCore/tests/stress to the set of JS tests. This is where you
should put tests that run just like JSRegress but don't run as part of LayoutTests.
Currently I'm using it for tests that require some surgical support from jsc.cpp.

* Scripts/run-javascriptcore-tests:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125368

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore: 

* dfg/DFGGraph.h:
(JSC::DFG::Graph::isStrictModeFor):
(JSC::DFG::Graph::ecmaModeFor):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLIntrinsicRepository.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):

LayoutTests: 

* js/regress/by-val-generic-expected.txt: Added.
* js/regress/by-val-generic.html: Added.
* js/regress/script-tests/by-val-generic.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160252 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125275

Source/JavaScriptCore: 

Reviewed by Michael Saboff.
        
Wow. This was an ordeal. Using cvttsd2si was actually easy, but I learned, and
sometimes even fixed, some interesting things:
        
- The llvm.x86.sse2.cvttsd2si intrinsic can actually result in LLVM emitting a
  vcvttsd2si. I guess the intrinsic doesn't actually imply the instruction.
        
- That whole thing about branchTruncateDoubleToUint32? Yeah we don't need that. It's
  better to use branchTruncateDoubleToInt32 instead. It has the right semantics for
  all of its callers (err, its one-and-only caller), and it's more likely to take
  fast path. This patch kills branchTruncateDoubleToUint32.
        
- "a[i] = v; v = a[i]". Does this change v? OK, assume that 'a[i]' is a pure-ish
  operation - like an array access with 'i' being an integer index and we're not
  having a bad time. Now does this change v? CSE assumes that it doesn't. That's
  wrong. If 'a' is a typed array - the most sensible and pure kind of array - then
  this can be a truncating cast. For example 'v' could be a double and 'a' could be
  an integer array.
        
- "v1 = a[i]; v2 = a[i]". Is v1 === v2 assuming that 'a[i]' is pure-ish? The answer
  is no. You could have a different arrayMode in each access. I know this sounds
  weird, but with concurrent JIT that might happen.
        
This patch adds tests for all of this stuff, except for the first issue (it's weird
but probably doesn't matter) and the last issue (it's too much of a freakshow).

* assembler/MacroAssemblerARM64.h:
* assembler/MacroAssemblerARMv7.h:
* assembler/MacroAssemblerX86Common.h:
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::getByValLoadElimination):
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
* ftl/FTLAbbreviations.h:
(JSC::FTL::vectorType):
(JSC::FTL::getUndef):
(JSC::FTL::buildInsertElement):
* ftl/FTLIntrinsicRepository.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::doubleToInt32):
(JSC::FTL::LowerDFGToLLVM::doubleToUInt32):
(JSC::FTL::LowerDFGToLLVM::sensibleDoubleToInt32):
* ftl/FTLOutput.h:
(JSC::FTL::Output::insertElement):
(JSC::FTL::Output::hasSensibleDoubleToInt):
(JSC::FTL::Output::sensibleDoubleToInt):

LayoutTests: 

Reviewed by Michael Saboff.

* js/regress/double-to-int32-typed-array-expected.txt: Added.
* js/regress/double-to-int32-typed-array-no-inline-expected.txt: Added.
* js/regress/double-to-int32-typed-array-no-inline.html: Added.
* js/regress/double-to-int32-typed-array.html: Added.
* js/regress/double-to-uint32-typed-array-expected.txt: Added.
* js/regress/double-to-uint32-typed-array-no-inline-expected.txt: Added.
* js/regress/double-to-uint32-typed-array-no-inline.html: Added.
* js/regress/double-to-uint32-typed-array.html: Added.
* js/regress/script-tests/double-to-int32-typed-array-no-inline.js: Added.
(foo):
(test):
* js/regress/script-tests/double-to-int32-typed-array.js: Added.
(foo):
(test):
* js/regress/script-tests/double-to-uint32-typed-array-no-inline.js: Added.
(foo):
(test):
* js/regress/script-tests/double-to-uint32-typed-array.js: Added.
(foo):
(test):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160205 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125205

Source/JavaScriptCore: 

Reviewed by Oliver Hunt and Mark Hahnenberg.
        
If by some other mechanism we have a typed array access on a compile-time constant
typed array pointer, then fold:
        
- Array bounds checks. Specifically, fold the load of length.
        
- Loading the vector.
        
This needs to install a watchpoint on the array itself because of the possibility of
neutering. Neutering is ridiculous. We do this without bloating the size of
ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you
allocated an array that didn't end up becoming a compile-time constant). To install
the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to
the ArrayBuffer, where that incoming reference is from a watchpoint object. The
ArrayBuffer already knows about such incoming references and can fire the
watchpoints that way.
        
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGDesiredWatchpoints.cpp:
(JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
(JSC::DFG::DesiredWatchpoints::addLazily):
* dfg/DFGDesiredWatchpoints.h:
(JSC::DFG::GenericSetAdaptor::add):
(JSC::DFG::GenericSetAdaptor::hasBeenInvalidated):
(JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
(JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
(JSC::DFG::GenericDesiredWatchpoints::areStillValid):
(JSC::DFG::GenericDesiredWatchpoints::isStillValid):
(JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState):
(JSC::DFG::DesiredWatchpoints::isStillValid):
(JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState):
(JSC::DFG::DesiredWatchpoints::isValidOrMixed):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetFoldableView):
* dfg/DFGGraph.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
(JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
(JSC::DFG::WatchpointCollectionPhase::addLazily):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::typedArrayLength):
* runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::transfer):
* runtime/ArrayBufferNeuteringWatchpoint.cpp: Added.
(JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint):
(JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint):
(JSC::ArrayBufferNeuteringWatchpoint::finishCreation):
(JSC::ArrayBufferNeuteringWatchpoint::destroy):
(JSC::ArrayBufferNeuteringWatchpoint::create):
(JSC::ArrayBufferNeuteringWatchpoint::createStructure):
* runtime/ArrayBufferNeuteringWatchpoint.h: Added.
(JSC::ArrayBufferNeuteringWatchpoint::set):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

LayoutTests: 

Reviewed by Oliver Hunt and Mark Hahnenberg.

* js/regress/fixed-typed-array-storage-expected.txt: Added.
* js/regress/fixed-typed-array-storage-var-index-expected.txt: Added.
* js/regress/fixed-typed-array-storage-var-index.html: Added.
* js/regress/fixed-typed-array-storage.html: Added.
* js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added.
(foo):
* js/regress/script-tests/fixed-typed-array-storage.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124630

Source/JavaScriptCore: 

Reviewed by Geoffrey Garen.
        
Captured variables that are assigned once (not counting op_enter's Undefined
initialization) and that are contained within a function that has thus far only been
entered once are now constant folded. It's pretty awesome.
        
This involves a watchpoint on the assignment to variables and a watchpoint on entry
into the function. The former is reused from global variable constant inference and the
latter is reused from one-time closure inference.

* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
* bytecode/Instruction.h:
(JSC::Instruction::Instruction):
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedInstruction::UnlinkedInstruction):
* bytecode/VariableWatchpointSet.h:
(JSC::VariableWatchpointSet::invalidate):
* bytecode/Watchpoint.h:
(JSC::WatchpointSet::invalidate):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addVar):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitInitLazyRegister):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::emitNewFunctionInternal):
(JSC::BytecodeGenerator::createArgumentsIfNecessary):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::addVar):
(JSC::BytecodeGenerator::watchableVariable):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::inferredConstant):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetActivation):
(JSC::DFG::Graph::tryGetRegisters):
* dfg/DFGGraph.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_mov):
(JSC::JIT::emit_op_captured_mov):
(JSC::JIT::emit_op_new_captured_func):
(JSC::JIT::emitSlow_op_captured_mov):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_mov):
(JSC::JIT::emit_op_captured_mov):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
* runtime/ConstantMode.h: Added.
* runtime/JSGlobalObject.h:
* runtime/JSScope.cpp:
(JSC::abstractAccess):
* runtime/SymbolTable.cpp:
(JSC::SymbolTableEntry::prepareToWatch):

LayoutTests: 

Reviewed by Geoffrey Garen.
        
This adds both correctness and performance tests for constant closure variable
inference.

* js/regress/infer-closure-const-then-mov-expected.txt: Added.
* js/regress/infer-closure-const-then-mov-no-inline-expected.txt: Added.
* js/regress/infer-closure-const-then-mov-no-inline.html: Added.
* js/regress/infer-closure-const-then-mov.html: Added.
* js/regress/infer-closure-const-then-put-to-scope-expected.txt: Added.
* js/regress/infer-closure-const-then-put-to-scope-no-inline-expected.txt: Added.
* js/regress/infer-closure-const-then-put-to-scope-no-inline.html: Added.
* js/regress/infer-closure-const-then-put-to-scope.html: Added.
* js/regress/infer-closure-const-then-reenter-expected.txt: Added.
* js/regress/infer-closure-const-then-reenter-no-inline-expected.txt: Added.
* js/regress/infer-closure-const-then-reenter-no-inline.html: Added.
* js/regress/infer-closure-const-then-reenter.html: Added.
* js/regress/script-tests/infer-closure-const-then-mov-no-inline.js: Added.
* js/regress/script-tests/infer-closure-const-then-mov.js: Added.
* js/regress/script-tests/infer-closure-const-then-put-to-scope-no-inline.js: Added.
(thingy.):
(thingy):
* js/regress/script-tests/infer-closure-const-then-put-to-scope.js: Added.
(thingy.):
(thingy):
* js/regress/script-tests/infer-closure-const-then-reenter-no-inline.js: Added.
(.return.foo):
(foo):
* js/regress/script-tests/infer-closure-const-then-reenter.js: Added.
(.return.foo):
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160109 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=125172
<rdar://problem/15233487>

Reviewed by Mark Hahnenberg.
        
We would previously sometimes get a null Structure because checking if the profile is non-null and loading
the structure from it were two separate operations.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::setFuturePossibleStructure):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* runtime/JSFunction.h:
(JSC::JSFunction::allocationProfile):
(JSC::JSFunction::allocationStructure):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160038 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=123809.

Reviewed by Geoffrey Garen.

Source/JavaScriptCore: 

Also fixed build when disabling the DISASSEMBLER.
Added some needed #if's and some comments.

* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::finalizeCodeWithDisassembly):
* dfg/DFGDisassembler.cpp:
* dfg/DFGDisassembler.h:
(JSC::DFG::Disassembler::Disassembler):
(JSC::DFG::Disassembler::setStartOfCode):
(JSC::DFG::Disassembler::setForBlockIndex):
(JSC::DFG::Disassembler::setForNode):
(JSC::DFG::Disassembler::setEndOfMainPath):
(JSC::DFG::Disassembler::setEndOfCode):
(JSC::DFG::Disassembler::dump):
(JSC::DFG::Disassembler::reportToProfiler):
* disassembler/Disassembler.cpp:
* disassembler/X86Disassembler.cpp:
* jit/FPRInfo.h:
* jit/GPRInfo.h:
* jit/JITDisassembler.cpp:
* jit/JITDisassembler.h:
(JSC::JITDisassembler::JITDisassembler):
(JSC::JITDisassembler::setStartOfCode):
(JSC::JITDisassembler::setForBytecodeMainPath):
(JSC::JITDisassembler::setForBytecodeSlowPath):
(JSC::JITDisassembler::setEndOfSlowPath):
(JSC::JITDisassembler::setEndOfCode):
(JSC::JITDisassembler::dump):
(JSC::JITDisassembler::reportToProfiler):

Source/WTF: 

* wtf/Platform.h:
- Ensure that the ASSEMBLER is enabled when the DISASSEMBLER is enabled.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159987 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=124883

Source/JavaScriptCore: 

Reviewed by Mark Hahnenberg.
        
Previously, in bytecode, you could assign to a captured variable just as you would
assign to any other kind of variable. This complicates closure variable constant
inference because we don't have any place where we can intercept stores to captured
variables in the LLInt.
        
This patch institutes a policy that only certain instructions can store to captured
variables. If you interpret those instructions and you are required to notifyWrite()
then you need to check if the relevant variable is captured. Those instructions are
tracked in CodeBlock.cpp's VerifyCapturedDef. The main one is simply op_captured_mov.
In the future, we'll probably modify those instructions to have a pointer directly to
the VariableWatchpointSet; but for now we just introduce the captured instructions as
placeholders.
        
In order to validate that the placeholders are inserted correctly, this patch improves
the CodeBlock validation to be able to inspect every def in the bytecode. To do that,
this patch refactors the liveness analysis' use/def calculator to be reusable; it now
takes a functor for each use or def.
        
In the process of refactoring the liveness analysis, I noticed that op_enter was
claiming to def all callee registers. That's wrong; it only defs the non-temporary
variables. Making that change revealed preexisting bugs in the liveness analysis, since
now the validator would pick up cases where the bytecode claimed to use a temporary and
the def calculator never noticed the definition (or the converse - where the bytecode
was actually not using a temporary but the liveness analysis thought that it was a
use). This patch fixes a few of those bugs.

* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeLivenessAnalysis.cpp:
(JSC::stepOverInstruction):
* bytecode/BytecodeUseDef.h: Added.
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::isCaptured):
(JSC::CodeBlock::validate):
* bytecode/CodeBlock.h:
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::resolveCallee):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::isCaptured):
(JSC::BytecodeGenerator::local):
(JSC::BytecodeGenerator::constLocal):
(JSC::BytecodeGenerator::emitNewFunction):
(JSC::BytecodeGenerator::emitLazyNewFunction):
(JSC::BytecodeGenerator::emitNewFunctionInternal):
* bytecompiler/BytecodeGenerator.h:
(JSC::Local::Local):
(JSC::Local::isCaptured):
(JSC::Local::captureMode):
(JSC::BytecodeGenerator::captureMode):
(JSC::BytecodeGenerator::emitNode):
(JSC::BytecodeGenerator::pushOptimisedForIn):
* bytecompiler/NodesCodegen.cpp:
(JSC::PostfixNode::emitResolve):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::ForInNode::emitBytecode):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/SymbolTable.h:
(JSC::SymbolTable::isCaptured):

LayoutTests: 

Reviewed by Mark Hahnenberg.

* js/regress/captured-assignments-expected.txt: Added.
* js/regress/captured-assignments.html: Added.
* js/regress/script-tests/captured-assignments.js: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159943 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Instead of watchpointing activation allocation, we should watchpoint entry into functions that have captured variables
https://bugs.webkit.org/show_bug.cgi?id=125052

Reviewed by Mark Hahnenberg.
        
This makes us watch function entry rather than activation creation. We only incur the
costs of doing so for functions that have captured variables, and only on the first two
entries into the function. This means that closure variable constant inference will
naturally work even for local uses of the captured variable, like:
        
    (function(){
        var blah = 42;
        ... // stuff
        function () { ... blah /* we can fold this to 42 */ }
        ... blah // we can also fold this to 42.
    })();
        
Previously, only the nested use would have been foldable.

* bytecode/BytecodeLivenessAnalysis.cpp:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecode/Watchpoint.h:
(JSC::WatchpointSet::touch):
(JSC::InlineWatchpointSet::touch):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasSymbolTable):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_touch_entry):
* llint/LowLevelInterpreter.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::SymbolTable):
* runtime/SymbolTable.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159942 268f45cc-cd09-0410-ab3c-d52691b4dbfc